Announcement

Collapse
No announcement yet.

Chase Manhattan Bank... are you fucking kidding me?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Chase Manhattan Bank... are you fucking kidding me?

    Well, I believe that I may have expressed my ire for Chase in the past on this board, and this latest bit of shenanigans is enough for me to totally cancel my account with them. My Chase card is a very rarely touched backup card since i use the USAA plastic for everything... i'm gonna likely ditch them for good over this unless I can get someone to listen and understand their horrid policies.

    In the mail today i received and envelope from Chase. There was no notification to me that anything was coming (other than my regular statement, and this was clearly not a statement) and this envelope was marked with the merchant banker's name and return address.

    It was a new credit card. There was nothing wrong with my old credit card. My old card wasn't damaged, expired, or in any way unsuitable.

    The new card had the exact same numbers (including the CVV code) as the existing card. In spite of this, there were instructions to destroy my old card immediately and replace it with this card.

    There was one bit of change, however... this new card is equipped with "blink" technology for contactless RFID communication with point of sale terminals. (i am not nearly as solid on this point as some articles are... is this prox or RFID? i do not know if these circuits are magnetically coupled, etc)

    This "new" card did have the requisite sticker on there saying "call this number and your card will be activated" but i wanted to try (given that it was the exact same numbers as before) to see if it would work without calling.

    It did.

    I just bought lunch at my local WaWa using the blink checkout system. It was goddamn scary, really. The web site "howstuffworks.com" (the first Google hit that i looked at when trying to see what technology this actually is) reports that...
    Originally posted by howstuffworks.com
    when the process operates properly, it's actually more secure than using a magnetic-strip credit card. The information on a magnetic strip can be read, altered or duplicated using a variety of devices that have been available for years. The encryption built into a blink card make this particular form of theft impossible.
    Yeah, unless someone takes the entire unopened envelope to a store before you've even gotten it and spends whatever they wish, leaving you with the mail a day later... totally in the dark about the charges that have accrued.

    As Major Malfunction has shown time and time again (and demonstrated this year at Black Hat using this same technology) these sorts of security-related promises from the industry always fail to execute properly in practice.

    When i called Chase to complain, a gentleman named Milton informed me of a variety of reasons why they may have sent a new card without my asking, all of which were not valid. (old card expiring, loss of card, new account opened, etc)

    In the end, he admitted that Chase is simply sending these cards out to customers because they (the comapny) are just keen on the new "Blink" technology.

    Indeed, Chase is pumped up about the whole affair, issuing statements publicly that would typically make the hairs raise on the back of the necks of people who truly understand security...

    Originally posted by Tom O'Donnell, senior vice president of marketing at Chase
    the benefit to the consumer will be increased ease of use. You need only to wave the card or tap the card on the reader. In some cases, you might just need to wave a purse or wallet carrying the card within a few centimeters of the reader.
    But then again, maybe there is more to the story. As with all things... when you're curious, just follow the money. There's the matter of a national press release issued by the mega-bank which stated the following...

    Originally posted by Chase press release
    Research has shown that customers who use blink cards often spend more per transaction. (citation)
    Bloody pitiful. Will these companies ever learn to stop jamming the latest and greatest new idea down consumers' throats? I suppose they won't, not as long as consumers continue to swallow and smile each time. Well, this is one citizen who won't be taking his newfangled financial toy off to the local trendy shopping plaza to breeze through purchases of overpriced caffè lattes and slave labor Wal-Mart trash.
    Last edited by Deviant Ollam; August 29, 2008, 12:31.
    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
    - Trent Reznor

  • #2
    Re: Chase Manhattan Bank... are you fucking kidding me?

    Actually.. I had a rant somewhere a while back as Washington Mutual does similar with Debit or ATM cards.. they'll send 'replacement' cards by pretty much random request, as well as when they decide to change the color scheme or logo design.

    The catch with WaMu was that they did change one of the check values slightly.. worked against the same account, but the old card invalidated itself. I discovered this one day when my card stopped working. I had never received the 'replacement card'. This is actually an effective way for screwing out-of-country customers from accessing their money, as there is nothing that the banks will do until the person is back US-side and they won't ship new cards outside the borders..
    if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

    Comment


    • #3
      Re: Chase Manhattan Bank... are you fucking kidding me?

      Alright, alright, I'll get on creating a debacle. No rest for the wicked I guess
      Never drink anything larger than your head!





      Comment


      • #4
        Re: Chase Manhattan Bank... are you fucking kidding me?

        Originally posted by howstuffworks.com
        when the process operates properly, it's actually more secure than using a magnetic-strip credit card. The information on a magnetic strip can be read, altered or duplicated using a variety of devices that have been available for years. The encryption built into a blink card make this particular form of theft impossible.
        Riiiiiiight. Nice to see that howstuffworks.com has swallowed that gallon of kool-aid.

        Originally posted by Deviant Ollam View Post
        As Major Malfunction has shown time and time again (and demonstrated this year at Black Hat using this same technology) these sorts of security-related promises from the industry always fail to execute properly in practice.
        I missed that Major had another RFID exploit, but it's hardly surprising.

        Originally posted by Tom O'Donnell, senior vice president of marketing at Chase
        the benefit to the consumer will be increased ease of use. You need only to wave the card or tap the card on the reader. In some cases, you might just need to wave a purse or wallet carrying the card within a few centimeters of the reader.
        And someone walking through a crowd with a reader isn't a problem? That is NOT a feature, and most decidedly is a BUG in my mind. People bitch about identity theft, but are so freaking lazy that they'll carry a card that can be read remotely so that they don't have to take it out of they're wallet? I've been carrying all my cards in an RF-shielded wallet for over two years now, precisely because of this issue. People call me paranoid about this, but it's not exactly unfounded.

        First, consider the case of the Johns Hopkins researchers who were able to break the encoding of the Texas Instruments' RFID chips used in the Mobil SpeedPass and the Ford ignition keys.

        Now add to that what Adam Savage said at the Last HOPE (And I'm paraphrasing here...) in response to Rendermans' question about another RFID segment on MythBusters and you begin to see exacly why I'm paranoid about it.

        Originally posted by Adam Savage {paraphrased}
        Forget it, man, it's not going to happen. We looked at it doing it ... Tory (Bellecci) and and a producer did a telephone conference call with some people from Texas Instruments about it. The T.I. people brought in a bunch of lawyers from American Express, Citibank, and some other credit card companies to the call. The lawyers gave some not so veiled threats about suing us and Discovery if we did anything about RFID. I've never seen Tory so shook as when he got off that phone call."
        (If there is anything inaccurate/missing about this statement, it's my omission, and if anyone has the recording of Adam Savage and would care to transcribe that portion, please feel free to correct what I've written here.)

        The bottom line on this is that there are some real and potential issues about these cards that the credit card companies are worried about, yet they are pushing this technology out to the public who is unaware of the potential problems.
        Thorn
        "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

        Comment


        • #5
          Re: Chase Manhattan Bank... are you fucking kidding me?

          http://www.youtube.com/watch?v=X034R3yzDhw

          The above youtube clip has his response to my question.
          Never drink anything larger than your head!





          Comment


          • #6
            Re: Chase Manhattan Bank... are you fucking kidding me?

            Originally posted by renderman View Post
            http://www.youtube.com/watch?v=X034R3yzDhw

            The above youtube clip has his response to my question.
            So I didn't do too bad for a paraphrase...
            Last edited by Thorn; August 30, 2008, 11:41. Reason: Typo
            Thorn
            "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

            Comment


            • #7
              Re: Chase Manhattan Bank... are you fucking kidding me?

              The technology IMHO sucks.

              Point: you still have to take the card out and touch it to a reader and then actually hold it there for a few seconds. Whether by design or just crap technology it doesn't deliver on the easy of use promise at all. It's much easier & faster to just swipe.

              Don't like Blink, that's what microwaves are for. 5 seconds in the microwave and you can mail the burnt dead chip back to the credit card companies. Maybe even send it in a little zippered rubber bag :-) (I think I just created a new product). For further details talk to Barry; I think he even has pictures.

              I was under the impression sending new cards out without first notifying people was illegal even for current subscribers. I guess the additional tax burden of these reckless and desperate credit card companies will be placed once again on us, the tax payers via greater fraud tax write offs by the companies.

              xor
              Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

              Comment


              • #8
                Re: Chase Manhattan Bank... are you fucking kidding me?

                What I find frightful is that the card came in the mail ready to use; armed for spending.

                Obviously seems ripe for abuse in several ways. The ethically challenged person who gets the card, doesn't activate using the 800#, runs up a bill buying things that they've wanted but clearly out of the normal spending pattern, then contests all charges by claiming that they never received the card. Would be more convincing if charges using the old card and new card were made at brick and mortar stores that are not located near each other, with nearly identical timestamps. More likely the local scrap scavenger who hits the mailboxes buys goods on your credit.

                In either case the charges would end up on the cardholders bill. This is as bad as sending cash thru snail mail... except that the available spend and potential abuse is only bound by your credit limit. ... and Joe Tweeker can do it from a mailbox grab.

                I do not currently use Chase, but thanks for the heads up on their cards. I will be watching for any such things from my providers.
                If a chicken and a half, can lay an egg and a half, in a day and a half... how long would it take a monkey, with a wooden leg, to kick the seeds out of a dill pickle?

                Comment


                • #9
                  Re: Chase Manhattan Bank... are you fucking kidding me?

                  Originally posted by xor View Post

                  I was under the impression sending new cards out without first notifying people was illegal even for current subscribers.

                  xor
                  Then my Visa company has been doing that wrong all these years. I get a new card every two years and have never been notified in advance it was coming. The cards delivered to neighbors by mistake could have been expoited for some time before I ever knew what hit me.

                  Comment


                  • #10
                    Re: Chase Manhattan Bank... are you fucking kidding me?

                    Microwave them. The mag stripe is still good to use, and the credit card will have a burn hole in it, but the card is still good.

                    Think my friend did 10 seconds in the microwave. Took care of the RFID stuff real fast.

                    I on the other hand spent almost 2 hours on the phone with Bank of America to get a new credit card from them without the RFID stuff on it.

                    Comment


                    • #11
                      Re: Chase Manhattan Bank... are you fucking kidding me?

                      So if you fight with them long enough they can issue you a card without RFID in it? That means that somewhere they have a contingency plan for customers that know whats up (or are really, really, resistant to change). The trick now is to find out if its more than BofA that is set up for that.

                      I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me

                      Comment


                      • #12
                        Re: Chase Manhattan Bank... are you fucking kidding me?

                        Originally posted by noid View Post
                        So if you fight with them long enough they can issue you a card without RFID in it? That means that somewhere they have a contingency plan for customers that know whats up (or are really, really, resistant to change). The trick now is to find out if its more than BofA that is set up for that.
                        It is a standard Visa credit card, so somewhere these people have to know that people don't want this new fancy system. I just hope that they don't start adding it to debit cards as well, as that is even worse than just credit cards, since it is a lot harder to get money back from your bank for fraudulent charges on your debit card.

                        Comment


                        • #13
                          Re: Chase Manhattan Bank... are you fucking kidding me?

                          In 1999 I received a new credit card in the mail out of the blue and thought nothing of it. A month later I got a bill, and it was maxxed out.

                          Apparently the bad guys found a statement of somehow got my cred card number and address. Not that hard really. In order to know my card expiration date they called in and requested replacement cards. Bingo, now the expiry date is three years from that date.Then they shopped online.

                          Be careful.

                          Comment


                          • #14
                            Re: Chase Manhattan Bank... are you fucking kidding me?

                            Crud, I forgot all about RFID when I signed up for the JetBlue amex (bastards have won me over as a nice little consumer with their promises of free transcontinental flights on an airline that doesn't suck). Not sure if this particular card is RFID equipped, but being American Express I wouldn't doubt it for a second.

                            Nice to know about the microwave trick - as soon as my card gets here it's taking a ride in the good old non-food microwave.

                            Comment


                            • #15
                              Re: Chase Manhattan Bank... are you fucking kidding me?

                              Originally posted by Wing View Post
                              Crud, I forgot all about RFID when I signed up for the JetBlue amex (bastards have won me over as a nice little consumer with their promises of free transcontinental flights on an airline that doesn't suck). Not sure if this particular card is RFID equipped, but being American Express I wouldn't doubt it for a second.

                              Nice to know about the microwave trick - as soon as my card gets here it's taking a ride in the good old non-food microwave.
                              Yes, the Amex JetBlue cards have RFID. You can actually see both the RFID chip and the antenna in those cards, since they are made from clear plastic.
                              Thorn
                              "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                              Comment

                              Working...
                              X