
MagSpoof – “wireless” credit card/magstripe spoofer - cx42net
http://samy.pl/magspoof/
======
cx42net
This is absolutely genius. What surprise me the most is the attitude from
American Express (well, not so surprised) to say they won't fix the issue
because they have other security systems in place ... without taking into
consideration the fact that Samy Kamkar successfully paid with his system
(spoofing his own credit card, so no harm).

(Note: I usually submit links suspecting I'm not the first one, that way I'll
join the discussion, but I was surprised to not find the link, and even more
surprised to see that it was not submitted yet).

~~~
brudgers
My impression based on years of using credit cards is that the primary
defenses against fraud are pattern matching of transactions rather than
security built into the card...i.e. I get phone calls from my credit card
providers when something weird happens.

My gut is that physical card features are analogous to client side validation
on a web application. They solve user interface problems and reduce latency
but everything still needs to be validated on the backend.

