Risks of sending debit/credit cards via conventional mail
If a bank mails a credit/debit card in an envelope isn't there a risk that somewhere on its way the envelope will be scanned and the card number, expiration date and CVV code will be extracted?
As far as I can tell there is no protection against scanning an envelope without opening it.
By scanning I mean using light sources in order to read the numbers, the date and the CVV. I do not mean NFC scanning since that probably won't make any sense given that the cards are not activated, although it's not clear if there is an NFC attack vector here.
Even though the extracted data cannot be used immediately, once the owner activates the card there is a possibility that the data might be used fraudulently, provided that internet purchases are enabled for the card. Or am I missing something?
(2)2 Comments
Sorted by latest first Latest Oldest Best
As far as I can tell there is no protection against scanning an
envelope without opening it.
This would only be true of very thin envelopes. Credit cards are delivered in "business stock" envelopes which are quite opaque. In addition the card is typically attached to a piece of light cardboard stock, which is folded with the card on the inside. Plus, the credit card itself is opaque, which means you can't shine an intense light through the card to try and project the information out the other side.
A more likely attack would be to simply steal the card, learn the victims phone number, and then to activate the card while impersonating a call from that number. Impersonating phone number is unfortunately a pretty common trick for phone hackers.
The whole credit card system is primarily protected by quickly detecting and deactivating cards that are used fraudulently. There is no need to think of elaborate technical hacks to steal cards. Every time you pay with a card at a restaurant you hand over your physical card, and it's whisked out of your sight. There is nothing to stop them from duplicating the card and selling it on the black market. Nothing that is except the fact that the card company will quickly spot the fraudulent usage, and deactivate the card. In fact, this type of theft does happen all the time, and the credit card companies simply charge enough for their services that they can cover the costs of fraud.
Near Field Communication (NFC) isn't supported on most credit cards in the US.
once the owner activates the card there is a possibility that the data might be used fraudulently, provided that internet purchases are enabled for the card. Or am I missing something?
Above and beyond Charles E. Grant's excellent answer... you'd quickly notice the fraudulent charges (because you regularly check your account balances, right??) and instantly call the bank, which would then cancel the card.
Terms of Use Privacy policy Contact About Cancellation policy © freshhoot.com2025 All Rights reserved.