Credit card 'cloning' is a growing form of identity theft

Reply Tue 26 Jun, 2012 09:02 am
Jun. 25, 2012
Credit card 'cloning' is a growing form of identity theft
Josh Kegley | Lexington Herald-Leader

last updated: June 25, 2012 01:50:23 PM

Lexington, Kentucky, financial crimes detective Gene Haynes swiped a credit card through an innocuous black card reader known as a "skimmer." Less than a second later, two lines of illuminating text showed up in a Microsoft Word document on his computer screen. The mishmash of numbers and symbols was the visual representation of all the information stored on the card's magnetic strip.

"That's all it takes" for a credit card to be compromised, he said.

The information then can be emailed or downloaded over the Internet and rewritten onto any card with a magnetic strip, such as gift cards or hotel keys. While the victim's credit card is still in his or her possession, someone could be using a perfect replica hundreds of miles away.

"Suddenly they've got a physical asset that they can use to shop in stores," said John Sileo, a Denver-based author and speaker on identity theft and financial crimes. "There's not much you can do. They can spend on it until you figure it out or until the credit card company catches it."

The process, called "cloning," accounts for much of the growth in credit card fraud during the past few years, officials said. According to a Javelin Strategy and Research report, credit card fraud has increased 87 percent since 2010, culminating in aggregate losses of $6 billion nationwide.

Credit card cloning is easy and lucrative, accounting for its popularity, said Sileo, who founded the Web site Thinklikeaspy.com. For example, an unscrupulous restaurant waiter with a pocket skimmer might be able to steal information from hundreds of customers a week, selling that information to those with the means to encode fake credit cards. Battery-powered skimmers can be carried in a pocket or hung inconspicuously over card slots at gas pumps and ATMs, copying information as customers swipe cards to pay for gas or withdraw cash.

People whose cards are skimmed might not know for weeks or months that their information has been stolen. Once someone realizes it, the account usually is closed quickly. Savvy crooks know to rack up major bills just as fast. Two financial crimes detectives in Lexington primarily investigate credit card fraud. Detectives Mike Helsby and Larry Kinard each take about 50 reports of credit card fraud a month, they said. Among those, cases involving cloned credit cards are most troublesome because there is little Lexington police can do, Helsby said. If a cloned card is used outside Lexington, police do not have the authority to investigate it. "We don't like to take reports here for people whose cards have been used outside of our jurisdiction, because all it does is inflate our numbers," he said. "There is nothing we can do. We can't call California and request (surveillance) video, and even if we got it, we can't place charges."

Instead, interstate credit card fraud should be reported to the Internet Crime Complaint Center, or IC3, a partnership between the FBI and National White Collar Crime Center. Most, if not all, banks and lending institutions accept reports from the IC3 in lieu of a police report when victims are disputing fraudulent charges, Haynes said.Online reports may be submitted at IC3.gov, by clicking on "file a complaint" on the home page. When following the prompts, victims should select "identity theft" as the type of incident they are reporting. (Many states consider credit card fraud a form of identity theft, though Kentucky doesn't, detectives said.)

IC3 aggregates data submitted and can cross-check it to find a point of compromise. For example, they might discover 500 fraudulent credit cards were used at the same gas station in Lexington, and they can forward that information to Lexington police, who then can investigate further.However, given the lengthy paper trails that can complicate fraud investigations, the best defense is never to have your credit or debit card compromised.

Detectives offered the following tips:

¡ Don't carry more credit cards than you need.

¡ Check card readers at self-serve gas pumps, ATMs or other machines for obvious card skimmers.

¡ Don't let your credit card out of your sight for any longer than necessary when paying for items or meals.

¡ Check your bank history often. Most banks allow you to check your account online or through apps on smartphones.

¡ Take advantage of security measures offered by your bank. For example, some banks allow you to set spending limits that require authorization over certain dollar amounts.

¡ Never give anyone the PIN number for your debit card (and don't write it on or near your card).

¡ Pick a random PIN number rather than obvious numbers like your address or phone number.

¡ As soon as you notice your wallet or credit card is missing, cancel all your cards.

¡ If your card has been stolen or compromised, secure copies of bank statements to provide to police or federal authorities.Such tips might seem like common sense, but investigators say they're invaluable to combat a type of crime that affects thousands of people daily and siphons billions of dollars from individuals and financial institutions every year.
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 2 • Views: 2,750 • Replies: 3
No top replies

Reply Tue 26 Jun, 2012 10:53 am
¡ Never give anyone the PIN number for your debit card (and don't write it on or near your card).

I'd add another caveat--do not make purchases with your debit card that require entering your PIN. If you purchase with a debit card, use it as a credit card, without a PIN.

I was the victim of identity theft because I had made a purchase at T.J. Maxx using my debit card and PIN. The card number and the PIN were stored in the data base for T.J. Maxx, Marshalls, and A.J. Wright, which were all owned by the same company, and hackers were subsequently able to obtain this information and use it.

In my case, armed with both my debit card number and my PIN, they were able to use a dummy card and my PIN to withdraw money from my checking account by using an ATM machine in Capetown, South Africa. Fortunately, in my case, only three withdrawals, totaling a little over a $1000, were made before my bank's computer recognized possible fraud and blocked access to the account. The fraud was detectable only because I had used my card near my home in the U.S. the day before, so the withdrawals in Capetown signaled suspicious activity. I was unaware of any of this until I tried to withdraw some money from the ATM at my bank and found my account blocked.

The bank replaced my funds, something they are not legally obligated to do with a debit card, but it was a few weeks before I could use my account or access my money. And I was just lucky that the fraud and identity theft was so easy to establish in my case.

But, since debit cards can also be used as credit cards, if they are cloned they can be used to rack up purchases, so people who use debit cards should be sure to check their daily checking account balances to be sure there is no unauthorized use.

0 Replies
Reply Tue 26 Jun, 2012 11:33 am

This is what one of the fake devices looks like. It can be attached to DVD rental machines, gas station pumps, ATM's...anywhere one might swipe.
0 Replies
Reply Tue 26 Jun, 2012 11:24 pm
The New York Times
June 26, 2012
F.B.I. Says 24 Are Arrested in Credit Card Theft Plan

For hackers in search of information like credit card numbers and software to spy on computers, the site called Carder Profit appeared to be a veritable eBay for thieves.

Instead, it was a creation of the Federal Bureau of Investigation.

On Tuesday, after a two-year undercover operation, authorities in 13 countries arrested two dozen people who are accused of fraud involving computer crime.

Federal officials said Operation Card Shop, as the sting is being called, was unusually broad and represented a significant step in combating credit card fraud, which has grown notably more sophisticated recently.

“These guys represent the complete ecosystem of Internet fraud,” said one senior law enforcement official who requested anonymity because of the confidentiality of the investigation. “We drew them out of the shadows with the Web site as bait.”

Hackers have become increasingly successful recently in obtaining credit card information and other personal data, sharing it on secure Web sites, often on overseas servers. Last year, hackers in Eastern Europe obtained the names, account numbers, e-mail addresses and transaction histories of more than 200,000 Citibank customers.

The online forum, one law enforcement official said, was “like a restricted eBay,” open only to people who had a reputation and who had been vouched for by someone on the site. Besides the financial data, hacking tips, malware, spyware and access to stolen goods, like iPads and iPhones, were also possible on the site, the official said.

Federal officials maintained that the sting operation prevented potential losses of more than $200 million. Credit card providers were notified of more than 400,000 compromised credit and debit cards, the officials said.

Many of the 11 individuals arrested in the United States offered specialized skills and products on the sting site. One, who used the screen name xVisceral, offered remote access tools known as RATS that would spy on computers and Web cameras; the programs sold for $50 a copy.

Another, Mir Islam, known as JoshTheGod, sold stolen credit card information and had data on 50,000 credit card accounts, according to the United States attorney for the Southern District. He was arrested after buying cards from an undercover agent and trying to use one at an A.T.M. on Eighth Avenue in Midtown Manhattan.

Mr. Islam is accused of helping to operate additional forums, UGNazi.com and Carders.org, both of which were seized by the F.B.I. A lawyer for Mr. Islam declined to comment.

Other people arrested offered to ship stolen merchandise and arrange drop services so items like sunglasses, air purifiers and synthetic marijuana could be picked up.

Two individuals were arrested in New York, nine elsewhere in the United States and 13 in a dozen other countries, according to an F.B.I. spokeswoman.

In addition to arresting purveyors of stolen credit card information, authorities also aimed to trap people who created fake credit cards. The information included credit card numbers, addresses, Social Security numbers, mothers’ maiden names and details of bank accounts.

Some people who bought software and other items on the sting site purchased products from retailers like Apple and Walmart.

“The coordinated law enforcement actions taken by an unprecedented number of countries around the world today demonstrate that hackers and fraudsters cannot count on being able to prowl the Internet in anonymity and with impunity, even across national boundaries,” said Preet Bharara, United States attorney for the Southern District of New York.

In addition to luring hackers onto the site, federal authorities also monitored the discussion threads that sprang up, as specialized hackers sold their wares. The site was created in June 2010 and shut last month.

“From New York to Norway and Japan to Australia, Operation Card Shop targeted sophisticated, highly organized cybercriminals involved in buying and selling stolen identities, exploited credit cards, counterfeit documents and sophisticated hacking tools,” Janice K. Fedarcyk, assistant director for the F.B.I., said in a statement.

She said the arrests would cause “significant disruption to the underground economy.”

The overall number of arrests had been reported earlier as 26.

Credit card fraud has exploded in recent years, with increasingly sophisticated hackers teaming up with criminal organizations overseas. In the case of Operation Card Shop, the arrests took place in nations like Britain, Bosnia, Bulgaria, Norway and Germany. Search warrants and interviews were obtained in Australia, Canada, Macedonia and Denmark.

“They didn’t just take down one kid and a Web site,” said Dave Marcus, director of advanced research and threat intelligence at McAfee, a major provider of computer security software. “They took down a very organized group of people.”

While the international reach of the operation was notable, the number of stolen cards pales in comparison with some earlier breaches. This year, Global Payments, an Atlanta-based transaction processor, reported a breach affecting 1.5 million credit cards. And in 2008, the underground market for the data was flooded with more than 360 million stolen personal records, mainly credit and debit files.
0 Replies

Related Topics

California Child Support - Question by xtinadigi87
How concerned should I be? - Question by boomerang
what is identity theft? - Question by jhonbari
Online exposure increases risk of identity theft - Discussion by BumbleBeeBoogie
Idiot CEO Gets Identity Stolen 13 Times - Discussion by engineer
  1. Forums
  2. » Credit card 'cloning' is a growing form of identity theft
Copyright © 2023 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 12/06/2023 at 05:02:31