Yes? And that is a common technique to do it. Hide a small camera behind the counter, make sure quickly hold a customers card in view of it and you are done.

NFC though has the advantage to be read from a distance, easily through a pocket and wallet (if the wallet doesn't have an rfid shield). Surely open up that attack vector isn't helping?

If you are paying attention you can detect someone trying to photograph your card (they shouldn't even be handling it in the first place). But through your pocket? Practically impossible to detect.

edit: The fact that we still print everything needed to make a purchase on the card itself isn't particularly flattering for our species.

>And that is a common technique to do it. Hide a small camera behind the counter, make sure quickly hold a customers card in view of it and you are done.

Nobody actually does this. Name+card#+cvv+expiry just isn’t worth the hassle, easier to get 1000s at a time via phishing or hacking web shops.

Stripe dumps are an entirely different market, with ATM pins increasing the value of a single dump up to 100x.

Yet people still get caught doing it? I'd say it is very much worth the hassle, hadn't it been for the high risk of getting caught.

I bet there is zero overlap between those that does it and those that have the slightest clue how to perform a phishing or web shop attack.

Oh, I can totally see why someone with zero understanding of how credit card fraud works would attempt and get caught doing this.

They simply wouldn't achieve anything. They wouldn't get enough cards to be able to sell them, nor would they be able to cash out this information.

I'm sure there is zero overlap between people doing this and people actually profiting from (or causing losses with) credit card fraud.

If they actually knew what to do with such information, they'd just be buying it for a couple of dollars a piece.