haryou chauncie hardwinn
Milba Vanpatten
After a bit of research with an iOS8 browser and Chrome emulation I figured it out partially. I know of some solutions, but I don't know for sure if there are other ways to do it. You'll have to thank Apple for the amazing lack of documentation around this.
Currently Netflix/Amazon have credit card scanning working properly. So I emulated an iOS8 user agent in my Chrome browser and inspected the markup of their credit card number field. Here's Netflix's:
At that point I played around with a form served over HTTPS that I had control over and started setting attributes to see what would happen. Below, "works" means "successfully triggered card scan" and "doesn't work" means "did not trigger card scan":
Stick to the credit card related types, and most modern browsers will auto recognize these fields for you, including Mobile Safari and the "Scan Credit Card" feature. Bonus is that you'll always get the correct keyboard on mobile devices too.
Can't quite see (with this nave approach) any references to which attributes (id, name, placeholder...) or other metadata (label maybe?) are actually compared against this list. Also, with the exception of "name des karteninhabers", this is really very english-oriented, that's quite unusual for Apple IMHO.
This is now all broken after upgrading to iOS 8.1.3 this morning. When on iOS 8.1.2 all of the above worked just fine - now the keyboard option to scan credit card simply does not appear. Here's my code, which did work yesterday on iOS 8.1.2 and does not work today on iOS 8.1.3:
Even after using the autocomplete and ID methods described above, I had a label at the top of my page with the value Credit / Debit / Gift Card that prevented iOS from offering the Scan CC option. I ended up adding this label above my CC number field to trick iOS into offering the Scan CC option:
We are not Netflix members, and I don't remember signing up for a membership, so I called my CC folks and retrieved a phone number associated with that transaction, then called up Netflix at that number.
I asked her what a Netflix transaction normally appears as on a member's CC statement, because "NETFLIX NONE" seemed like a strange phrase. I googled "NETFLIX NONE" and couldn't find anything relevant.
Never seen a specific city listed in ours - yours does seem weird. What did Netflix say when you told them what the transaction said? (I mean, did they say, ours wouldn't say that, or ours might say that?)
We had a similar thing with "Apple iTunes". I kept yelling (figuratively) at the kids for buying songs without asking and they swore up and down they didn't. Frankly, it was too much effort to try and figure out who was telling the truth for a few $.99 charges here and there. With the occasional $2.99 charge thrown in it added up to $92 over the course of 15 months or so. I finally got fed up and called the CC company and determined that it was fraud.
I have heard somewhere, that the identity thieves will usually start off with smaller amounts as stated above to make sure the info they have is valid and the card works. Eventually, they try to get larger amounts.
Definitely sounds fishy. I would do what you already planned. Everytime I have something weird happen with my card I cancel and order a new one with different number. Its worth the 30min of updating varias things with a new card number versus taking the chance of having a large number of bogus charges popping up.
Absolutely, shut down that cc # and get a new one. Best to keep the bank liable for all fraud charges and keep yourself in the clear. Low charges are a way to test a card and then WHAM, you get a $1000 phone bill from London. Happened to me.
I have a credit card that I only use for internet purchases. Today, I got the email/call from my bank telling me that they are sending me a new one. Seems someone tested it at a hotel in PA for $8.75 this morning. This is why I have a dedicated cc for use on-line.
That is exactly how it worked on our cc. We had a couple netflix charges, we called and had them taken off, but a month or two later we had a bill for a hotel in Spain. I would call and cancel ASAP. Within a year of that happening, our checking account was hacked. Someone was able to electronically cash a check from our account. That really sucked, so keep an eye on everything. Not sure if the 2 were connected, but I would keep a close eye on everything.
As it happens, my credit card was in fact compromised back in January; there were a few fraudulent charges, but AmEx reversed them and overnighted me a new card, and the whole matter was over and done with. the new credit card number is only about a month old.
My bill on my credit card statement reads "Netflix None" Los Gatos, and has for a long time. In Quicken it downloads as "Netflix" but under the memo each month is a series of numbers followed by the word "NONE." I have not noticed any odd charges on any of my accounts...I check them two or three times a week after having various cards compromised over the years. I dunno what the "NONE" means, but I don't think it's a problem.
Last February I gave my uncle a year's subscription to Netflix as a birthday present and I paid it in full. Today he called me and said his Netflix wouldn't work because there was a problem with the credit card on file. About a month ago I had my cc company reissue the card because of a suspected fraud issue. I found out today that you need a valid cc # on file with Netflix because they test it every month - even if the account is prepaid. That doesn't seem right that they can force you to do that but I'm sure at some point in signing up I clicked "accept" to three pages of terms and conditions.
Reviewing my bank statements, I noticed that I several months earlier had been charged about 13 GBP by Netflix on my credit card, but only for one single payment (not recurring). I knew that the payment could not have been made by me, so I contacted Netflix who suspended the account it was connected to, as well as reimbursed me the money. What keeps bugging me though is how this actually happened.
Secondly, this particular credit card I only use for purchases in offline stores and I have never used it in any dodgy places or countries. I therefore do not see how my information could even have been stolen in the first place.
What I am wondering is if it is practically possible that someone could have used my credit card by accident, due to similar numbers? Given that the first part of the credit card number is not random, the number of different card numbers are significantly less than one could assume, given the full 16 digits. There are still hundreds of millions of combination, and on top of this there are different validity dates as well, but, on the other hand, there's a vast amount of credit card purchases being done all the time, making it probable that an improbable event actually happens every now and then...
Let's start with the check digit, the last digit in your credit card number. It is calculated on a public formula, and many web pages have simple Javascripts to check (locally, no need for network) whether the card number checksums. It would be easy enough to increment the rest of the number and come up with any number of valid 16-digit credit card numbers, many associated with real accounts.
And the charge will be refused unless all of these reasonably match up. CVV2 is used for exactly what it says on the tin, proof you do have the card in your hand. But so are the other figures.
Could they accidentally exchange two digits 2 spaces apart on the card, giving the same check digit? Sure. Could they accidentally have the same expiry? Maybe. Could they also fatfinger their CVV instead of yours? No. Could they also fatfinger their ZIP code? No. Could they also fatfinger their last name? Not without a Ouija board.
Now, Netflix may have a deal where they don't need to ask for ZIP. In which case, a $9/hr clerk who handled your card physically could sign up with info they cribbed off the card. Or, you could be in a small town where the ZIP is pretty guessable. That is most likely how this happened, a simple, F2F petty crime.
Credit Card numbers are not used consecutively, but have check-sum style protection built in.
What that means is that a random number has a very small chance to constitute a valid number, and a simple digit-switching will result in an invalid number.
It's not really enough grounds to accuse anyone, but such transactions (completely valid, small but unexplainable) sometimes are made with the legitimate card by someone other than the cardowner, often someone the cardowner knows - for example, a child, or a buddy during consumption of drinking/pot/whatever. It may be "oh, I really want this, I need to borrow a bit from Bjorn - he's busy but he probably won't mind", or it may be more sinister, e.g. I've seen people disputing chip-present ATM withdrawals (so very unlikely to have a cloned card), claiming that the card was always with them, but recognizing a family member when shown the ATM video.
Offline use doesn't necessarily add to safety, there's always a chance for your numbers to be lifted by anyone handling your card. This seems more likely than someone generating card numbers or an accidental typo, but either of those are also possible.
A typo would be quite rare because they'd have to typo at least two of the numbers and have them still pass the checksum (Luhn algorithm or other) and the security code (CVV) would still have to match (pretty sure Netflix uses CVV code).
Generating numbers is also possible, the rules aren't too complex, but there are many possibilities as you mention. It could be that they used Netflix as their validity check for generated numbers before trying them on profitable purchases, but I'd imagine there are easier options as you can only try so many numbers before websites will get fussy, especially major websites like Netflix. From my brief research it sounds like it's much easier to obtain actual card numbers than to generate them, so I'd likely put this one in the plausible but not probable category.
90f70e40cf