Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[JGO]

http://www.bbc.co.uk/news/technology-21058994

This sounds like a problem for people with desktops AND laptops. New one on me.

[roseway]

It sounds like another of those security ideas which sound good initially, but just end up causing honest people more trouble.

[kitz]

Well Ive come across problems with how swapping out a mobo can cause problems with Windows wanting revalidating, but not with credit cards.

If this is the case then it wouldnt only apply to swap out of motherboards, but also purchasing a new PC or even using a different PC than usual from within your own LAN.

That MAC address has been communicated somewhere along the line to your ISP,"

Hmmmm...  wouldnt it require a packet sniffer to get the MAC address of the remote machine?   
I could be wrong but I would have thought that any remote server requesting a MAC address via IP would hit the gateway/router first and that it would be the routers WAN port MAC would be returned.

I certainly was not aware of credit card companies recording MAC addresses each time you make a purchase!  I certainly dont see how its anything to do with the ISP?

[sevenlayermuddle]

That MAC address has been communicated somewhere along the line to your ISP,"

Hmmmm...  wouldnt it require a packet sniffer to get the MAC address of the remote machine?   
I could be wrong but I would have thought that any remote server requesting a MAC address via IP would hit the gateway/router first and that it would be the routers WAN port MAC would be

I'm doubtful too. 

So far as I recall, from the days when I worked for a living, the only MAC address is normally that in the packet header.  It identifies the device that sent the packet so, for example, a home PC would  see the MAC address of the home router.  I know of no way to see the MAC address of the remote computer.

But I may be missing something, always happy to stand corrected

[CluelessInNotts]

No need for correction.  I think the reporter need a better security pundit.

Even if device fingerprinting or the ISP (ISP doing credit checks?) was able to get the MAC address it is not a very good fraud check.  I would not be a happy bunny if my card was blocked after using my credit card on my work machine during the day and then using it later at home on a different machine.

A fraudster is either going to use a number of different cards in a short interval of time from the same machine or make a lot of puchases using the same card in a very short space of time - the velocity rules.  This is likely what triggered the hold not changing the motherboard.

[sevenlayermuddle]

A fraudster is either going to use a number of different cards in a short interval of time from the same machine or make a lot of puchases using the same card in a very short space of time - the velocity rules.  This is likely what triggered the hold not changing the motherboard.

Strikes a chord.  When booking some flights to USA last year I chose a particular airline package (Delta), as they offered a decent price and also a modest upgrade - few inches more legroom, for just $50 more.  But first I had to book the flights, then as a separate transaction, purchase the upgrade.   At that second transaction, my card got blocked, flagged as a suspicious activity. 

It seems that this scenario is the sort of thing they catch... a card that hasn't  been recently used for booking international airline tickets, then suddenly used twice in five minutes for apparently same purpose.  Took an awful lot of phone calls to get that all sorted.   

[kitz]

Ive did a bit some digging and despite numerous people asking if its possible to get a remote MAC on a separate LAN and the answer is that as we suspected that its not possible.

Even attempting to script something using say php, if that machine is behind a router then there is no way you can get the PC MAC only the router.  Packet sniffing is about the only way the MAC address could be disclosed.

Therefore the statement about being passed on by the ISP is a total red herring.

short interval of time from the same machine or make a lot of purchases using the same card in a very short space of time - the velocity rules.  This is likely what triggered the hold not changing the motherboard.

Agreed.  Ive had similar happen to me in the past during a weekend break when I purchased quite a lot of clothing etc at Cheshire Oaks.  Normally I only used my Egg card for online transactions or petrol locally.   At the end of the evening we filled up with Petrol and my card was declined without any reason given.  Most embarrassing and most inconvenient because I couldnt get through to Egg to find out why.  Luckily my b/f was able to use his card, but it cut short my spending spree for the rest of the w/e because when I did get through to Egg they werent able to immediately re-enable the card - it took them a week to do so.     

I wasnt a happy bunny, what if Id been away for longer than a few days and had been solely reliant on the use of my Egg card?  I wouldnt have been able to pay for petrol home, nor pay my hotel bill.

[sevenlayermuddle]

Looking back at the article, he probably did get one thing right and that is the connection between the motherboard and license issues on the PC, affecting both Windows itself and perhaps some gaming software he may have installed.

I have worked on software licensing at a few times in my ill-spent career, and one of the challenges is how to identify the licensed computer, yet still allow hardware upgrades and repairs?  Often, the licensed software will monitor a number of items, generally the installed CPU, the HDD serial number, the NIC's mac address, and maybe RAM configuration and serial numbers of any internal cards, etc.  If any one item changes it is probably allowed, but if too many change then metaphorical alarm bells ring, leading to fresh requests for authentication from the software vendors.

Since the PC was used for gaming, I would hazard a guess it may already have had other upgrades, such as maybe a new graphics card, or extra RAM?  The motherboard may just have been the final straw.

However, all of that only applies to software that runs on the PC. Even if it were possible (and I think we've established it isn't), it is the last thing credit card companies would want to do, as it is generally seen as a good thing that once you have (say) an amazon account you can then use it at home, at work, on your mobile etc.   And of course, you expect your credit cards to work seamlessly on your brand new PC when next you buy one.