HOW DO CRIMINALS COPY AND DUPLICATE CREDIT CARDS?
What is credit card cloning? How does it work?
Card cloning is essentially the duplication of a card through the physical or digital copying of the information from the original card onto a new card, effectively producing an identical card that can perform all the functions of the original card.
The associated bank account can then be accessed with the illegal card to make purchases or withdrawals.
The two most common credit card fraud methods are card cloning and skimming.
How cloning happens
Skimming
A skimmer is an electronic device that can be concealed within a legitimate card reader, usually without the merchant’s knowledge. When a card user transacts using the card at the payment terminal, the skimmer reads and copies the information on the card’s magnetic strip.
Skimmers are often found in ATMs, restaurants, service stations, and any other place where a card might be used to complete transactions. Skimmers can also include faux keyboards or covert cameras to record the PIN as it is entered.
Scenario: In a case where an employee is an accomplice, the cashier or waiter, for instance, takes the card from the customer and swipes the card through the POS machine and discreetly through the skimmer. Sometimes the skimmer is embedded into the payment terminal, so there’s no need to do a double swipe. When the card is handed back to the customer, the information captured via the skimmer can be used to duplicate the card.
Card cloning
Once a skimmer captures the data on the card, cloning happens. The captured data is transferred or copied onto a blank card, or overwritten onto an existing card. The duplicated card can now be used in transactions without the original card being involved.
Skimming and cloning often go hand in hand. An individual can obtain data from an individual with a card skimmer and use it to clone cards, or in turn, sell it to another party with card cloning equipment who writes the data onto another card.
This can easily be achieved with magnetic strip cards, which have a magnetic strip running at the back that stores and transmits analog transaction information. This makes them vulnerable, as they have no encoding protection, and most establishments are phasing them out.
While magnetic stripe cards can easily be copied and cloned, it can be difficult but not impossible with EMV (Europay, Visa, and Mastercard) chip cards since the chips encrypt the data stored on them. Information on a chip can still be copied by inserting a paper-thin device into the card reader, a process called shimming, and then working to decrypt the data.
A shimmer has the same working concept as a skimmer but is used for cards with EMV chips. This information can even be transferred to magnetic strip cards, thus cloning the card while bypassing the security features of an EMV chip card.
Other credit card fraud methods include:
Card-present fraud
This occurs when an individual uses a stolen or cloned credit card to effect unauthorized physical transactions at card terminals.
Card-not-present fraud
This occurs when an individual uses alternative methods, like installing malware on computers to record keystrokes and spy on the device, with the intent to obtain card information without physically obtaining the card. They can use the information themselves or sell it to third parties to make fraudulent transactions.
Most of these attacks begin at card terminals like ATMs, POS machine terminals, and fuel stations. The scanners inserted into these terminals can be done without the knowledge of owners and employees, although a lot of times, employees and staff can be used as conduits as they have unfettered access to these terminals.
The data can be collected insidiously over a period of time.
Protective measures against credit card cloning and related card fraud
Inspecting card terminals at ATMs and service stations
One precaution is to inspect card terminals. If the card readers at ATMs and other terminals, like at service stations, appear loose, bulky, or damaged, it would be wise not to use them since skimmers typically fit over the original card reader.
Additionally, a user can inspect the keypad for signs of tampering or spy cameras that might signal an attempt to capture PIN credentials.
Due to more lax security measures and easy accessibility, skimmers are commonly found in fuel stations. In that regard, it would be advisable to avoid non-bank ATM machines altogether, as banks have stricter security measures at ATM terminals.
Digital vigilance
Ensuring a computer’s or mobile device’s digital security applications are up-to-date is another protective measure to be taken seriously. Particularly when these devices are used for online financial transactions, installing high-quality anti-virus and anti-malware software is advisable.
Other digital vigilance methods include using password encryption software and not storing credit card information on web browsers or online accounts.
EMV microchip cards
EMV, which stands for Europay, Mastercard, and Visa, microchip chip cards are more secure than magnetic strip cards because the chip, in addition to storing the data, encrypts it, making the card a little less susceptible to skimming.
Microchip cards contain more advanced iCVV (integrated Chip Verification Value) values compared to CVV values on magnetic strip cards.
Transaction alerts
Most card companies always present the option of receiving instant alerts and notifications whenever card activity takes place. This can be the fastest way to detect when third-party individuals have access to a card or card information when unauthorized transactions are noticed.
Regularly checking account balances and transactions is also another way of ensuring a card hasn’t been cloned. Clever fraudsters can transact unnoticeably small, sporadic transactions over time to avoid triggering suspicion.
Contactless payment
While this can be susceptible to other forms of hacking, at least it ensures that the card doesn’t get inserted into a card reader that might have a skimmer.
With the advent of radio frequency identification, RFID-enabled cloning devices can now be used by criminals to steal card information just by being in close proximity to the card and are small enough to be concealed on the body or in luggage placed close by.
Once dubious activity has been noticed regarding a credit card or there’s suspicion that a card might have been cloned, the best action to take would be to promptly inform the credit card issuing institution and have the card immediately deactivated before further damage is done.
Slim Bz Techsystems : Nairobi, Kenya
Comments