Credit card skimming has become a serious problem all over the world. The huge loss of millions of dollars per year is too big for the industry to ignore. Unless we take preventive steps to stop this deadly fraud, skimming continues to exist. This article helps readers understand skimming and prevent you from falling prey to these scams.
Most of us would have heard about the online scams based on phishing or vishing, but very few of us are aware of card skimming where a cloned card or a fake credit card is created from a genuine one. The number of such cases is rising at a shocking rate so much that skimming now represents the one of the biggest frauds worldwide. What is alarming is that even highly educated persons fall prey to these scams, in the process losing their money. So what's this all about, and how can you be safe from skimming or credit card cloning? Let's find out.
In August 2008, West Chester police in U.S recovered seven counterfeit credit cards during an investigation and arrested Darnell Allen Greene for credit card fraud. An American Express special agent told investigators he believed the counterfeit American Express cards and other bank cards seized had originated at the Plymouth Meeting restaurant. In July and August 2008, another accused Jasmine Crowder allegedly skimmed all types of credit cards and debit cards belonging to customers who used the eatery’s take-out window, including American Express, Visa and MasterCard customer accounts.
Credit card skimming has been around for years and is a growing problem that seems to be getting worse. Many of us take for granted that inserting your credit card into an ATM (Personal Identification Number) or swiping it at the grocery store or petroleum station is a safe practice. Most of the time you might be right. However, skimmers are increasingly being retrofitted to legitimate ATMs, malls grocery/department stores, restaurants, etc.
A fraudster anywhere in the world could be using a cloned credit card with your name and account number on it. Amazing, but it is true. A waiter or a person at petroleum station could have swiped an extra swipe of your credit card to whom you have handed over your credit card for payments. This can be done with the help of a small hand-held device known as a skimmer machine. It is said that the credit card skimming devices are very cheap and are available in many western countries.
What is Skimming?
In simple term credit card skimming machine simply copies the information from your credit card, which is later used by a fraudster to make a cloned credit card.
In general term, skimming is a method used by fraudsters to capture your personal or account information from your credit card. Your card is swiped through the skimmer device and the information contained in the magnetic stripe on the card is then read into and stored on the skimmer or an attached computer. A single credit card skimming machine has the capacity to hold data from hundreds of different credit cards.
As soon as the crooks have their needed information on you and make fake card, they will start their shopping sprees using your credit card number. They purchase all types of merchandise and charge it to your credit card. The crooks will also use the internet to verify the card information is valid.
Skimming is a tactic used predominantly to perpetrate credit-card fraud, but it is also a tactic that is gaining in popularity among identity thieves. This kind of credit card fraud often goes undetected for quite some time, making it very difficult to track it back to the original thief. Most credit card skimming appears to be the work of organized crime, though there are individual thieves as well.
How Skimmers operate?
Credit card skimming is most common in restaurants, bars, or other locations where you physically give control of your card to somebody who can then disappear. This lets the data thief run the card through their credit card skimming machine in relative privacy. The latest versions of credit card skimming machines are about the size of a small mobile phone so it's quite easy to hide one in a back room or even in a pocket.
More recently, some thieves have put miniature credit card skimming machines in ATM's. The transaction appears to go through without any interruption (unlike the devices that physically capture and do not return cards). In some cases, the data thieves have even installed miniature cameras on the ATM in order to record PIN numbers. The cardholder has no reason to suspect that anything has gone wrong until the first fraudulent transactions appear.
Common Locations
1. At ATM machines: Fraudsters insert a skimming device to the ATM's card slot. This device scans the card and stores its associated information. While a customer keys in his PIN, the wireless skimming device transfers the data to the fraudsters. This information is then used by the fraudsters to make counterfeit credit cards and later misused for shopping.
2. At restaurants/shopping outlets: At restaurants and shopping outlets, the credit card is swiped twice, once for the regular transaction and the other in the skimmer that captures the personal information which is retrieved later by the fraudsters.
Technicalities
The first part the thief buys is a card skimmer that matches the device type he wants to attack. For example, if the attacker wants to steal the information of card from a petroleum station, he fits the micro skimmer device neatly inside of the petrol/diesel pump and connects to the circuitry of the real card reader. These types of frauds are common across U.S where a skimming ring was uncovered in Arizona. A typical card skimmer has a magnetic stripe reader and local flash memory to store all the card data. Newer advanced skimmers are now being fitted with 3G radios so they can transmit skimmed card data back real time over the cellular network. This eliminates the need for the thief to return later and collect his card skimmer with all of the data on it. This also reduces the chance that law enforcement can catch the thief by staking out a skimmed reader waiting for the thief’s return.
In most cases, the attacker collecting the critical information from the magnetic stripe of credit card could either start using it online or, as happens more frequently, make a duplicate card using the stolen information. This is done using the last piece of gear called an MSR (Magnetic Stripe reader-writer). An MSR allows you to make your own cards. It writes the stolen data onto the magnetic stripe of a new card.
Tips to protect from Skimming
Keep a close eye on your transactions made by credit card when paying in a mall, restaurant or petroleum station. If possible follow a waiter back to the payment terminal in a restaurant. It may look awkward and silly but it's essential to avoid your credit card to be cloned and misused.
-
Sign on the reverse of your credit card as soon as you receive it.
-
Collect your receipts / charge slips at ATM's, restaurants and shopping outlets.
-
Use your card with merchants that you know and can trust. Never allow a shopkeeper to take your card to a different shop/room for swiping.
-
Check your bank account and credit card statements when you get them. If you see a transaction you cannot explain, report it to your bank.
Prevent Skimming
Just like there are two major ways of using credit card skimming machines to steal your data, there are two major ways of protecting yourself. First, don't let your card out of your physical control or make sure to watch when somebody else has control of it. Second, use only ATMs in protected areas, such as inside a bank or store, where people would have to present authorisation to make changes to the machine. Of course, these cautionary steps won't guarantee your card's safety, but they will definitely increase the odds in your favour.
Some of the thieves who use credit card skimming machines however make only small charges every now and again, hoping that the card owner might not even notice. For this reason, when you get your credit card statement, read it line by line, including transactions at familiar stores, especially if they are national chains. If you have a credit card from a particular retailer, a thief might well count on your not noticing an additional charge or two on your VISA, Master Card or other specialised card.
Many companies, especially in Asia and Europe where credit card skimming machines first became common, are introducing “smart card” technology. These smart cards use small computer chips instead of magnetic stripes to record data and the chips have built-in security devices such as encryption, a system that requires the chip to be read during the transactions, or even fingerprint identification.
How to fight skimming?
Credit card skimming incidents can be difficult to detect since the credit cards are never lost or stolen. The best way to detect a skimmed credit card is to watch your accounts frequently. Monitor your checking and credit card accounts online daily and immediately report any suspicious activity.
If you become a victim of skimming or any kind of credit card fraud, then you can immediately contact the customer care division of the credit card company by mobile or telephone. They will help you to place a fraud alert on your credit report, to avoid further misuse of your credit card. Also report to the nearest police station as early as possible. Fill out a police report and file a First Investigation Report (FIR), and make a written affidavit verifying that unauthorized transactions on your account are fraudulent. Send copies to creditors and credit card companies as proof of the fraud. The most important thing here is the credit card number. You must take care to keep your credit card number with you only.
The bottom line is don't become a victim of "credit card cleaning" scams, where thieves claim to clean the magnetic strip on your credit card. These thieves simply swipe your credit card through a credit card skimmer and take your credit card information.
Challenges
Victims of credit card skimming are completely blindsided by the theft. They notice fraudulent charges on their accounts or money withdrawn from their accounts, but their credit cards never left their possession. This leaves them wondering, how did the theft occur?
Skimming is difficult for the typical cardholder to detect, but given a large enough sample, it is fairly easy for the card issuer to detect. The issuer collects a list of all the cardholders who have complained about fraudulent transactions, and then uses data mining to discover relationships among them and the merchants they use. For example, if many of the cardholders use a particular merchant, that merchant can be directly investigated. Sophisticated algorithms can also search for patterns of fraud. Merchants must ensure the physical security of their terminals, and penalties for merchants can be severe if they are compromised, ranging from large fines by the issuer to complete expulsion from the system, which can be a death blow to businesses such as restaurants where credit card transactions are the norm.
Conclusion
Few years ago, skimming was less common as skimmer machines were too bulky to carry and also it was difficult to hide under counters. But the latest trend of smaller skimmers, roughly the size of a pager has hit the market four or five years ago. Payment card counterfeiters are now using the latest computer devices (embossers, encoders, and decoders often supported by computers) to read, modify, and implant magnetic stripe information on counterfeit payment cards. These skimmers are easily available and easy to carry, hide and easy to handle. In past you had to make a skimmer yourself. Now a days anybody can buy it on internet. A skimmer machine approximately costs about $200, and the equipment to make a counterfeit credit card costs about $3,000 to $8,000.
Another form of this scam is done by actually pulling information directly from the credit card terminals. A skimmer bug is placed into the terminal and later retrieved with credit card information on it. Only the older terminals can be violated in this way and with the onset of new credit card terminals, this has alleviated much of this bugging.
Instances of skimming have been reported in U.S where the perpetrator has put a device over the card slot of a banks debit card ATM (Automated Teller Machine), which reads the magnetic stripe as the user unknowingly passes their card through it. These devices are often used in conjunction with a pinhole camera to read the user's PIN at the same time.
Card skimming fraud cases are more in United States and European countries. Such cases are comparatively less in India when compared to western countries. Given the amount of money involved in such crimes, it is only a matter of time that such frauds tend to increase in India also.
—By: R. Manoj. The author is an Assistant Editor at Fanatic Media, Bangalore. He is also an Independent Researcher, specializing in Software Security. He has an active interest in designing security algorithms for securing softwares. He can reached at infosecurity@fanaticmedia.com |
