Seize a Competitive Advantage – Or Don't Compete!

Card Cloning – How To Protect Your Credit and Debit Cards

What Is Credit Card Cloning?

Card CloningCredit card cloning refers to making an illicit copy of a credit card by skimming its electronic data and transferring the details to a new card. The majority of credit card cloning fraud is committed with skimmers. Skimmers scan credit card information such as numbers, full names, and CVV data from the magnetic stripe.  They can be added to hardware such as POS terminals or ATMs.  Once in place, they can skim and store the information of whoever uses that hardware.  With the credit card data, the thief can create an actual credit card connected to the account of the victim. The original cardholder may be unaware that this has even occurred. However, there can be telltale signs when looking at financial statements, bank accounts, or changes in credit scores.

Unfortunately, incidents of cloning and other forms of theft are on the rise in recent years. However, security advancements offer some means to mitigate these types of assaults.  For example, the use of personal identification numbers (PINs) and chip cards offer some additional protection.

What Is Card Skimming?

Credit card skimming occurs when thieves attach devices to petrol pumps, ATMs, and other machines that read and collect your card information. Skimmers read the magnetic strip on the card.  This provides criminals with the cardholders’ complete name, credit card number, and expiration date. Some fraudsters even conceal small cameras to acquire PIN numbers from debit card users. They can then sell your information on the dark web or use it to steal your identity.  With this information, they can charge your existing credit card account, or even gain access to your bank account. Skimmers could once be detected if you knew where to look. When you put the card in, the scanner often looked tampered with. Skimmers are now engineered to fit snugly over scanners, making it very difficult to detect anything amiss.

How Credit Card Cloning Works

Skimming data and card cloning can be a particularly successful approach for thieves.  Skimming data allows them to access credit card information without the physical credit card being stolen. Instead, they can scan the card’s information and copy it into the memory of an electronic device. Once criminals retrieve the information, they can download it onto a new or separate credit card in their possession. The skimmed data can be transferred to the magnetic strip of a new card.  Or, it can be used to replace data on a different stolen credit card. Newer cards use a personal identification number (PIN) number in addition to a magnetic strip.  This additional security feature requires the PIN to be observed and recorded.  While not foolproof, additional security features provide further protection against your card being hacked.

Security upgrades make cloning more difficult for would-be crooks.  For example, chip cards include implanted microchips that hold critical information.  These are significantly more difficult to breach because the data contained within the chip itself is encrypted. Even if the thieves gain access to the chip card, they will be unable to use the information they have stolen. However, even this form of technology is not without flaws. Nevertheless, earlier credit card versions with simple magnetic stripes are significantly easier to target.

Chip Card Cloning – What is Shimming?

Chip-enabled credit cards can not be skimmed the same way simple magnetic stripes can.  As a result, they were meant to help eliminate vulnerability to identity theft and fraud. However, thieves are successfully targeting chip cards using a technique known as shimming. Fraudsters slip a paper-thin device known as a shim into a card reader slot that accepts chip-enabled credit cards.  The shim has a microchip and flash-storage capability to duplicate and store the information on a chip card.

The shim then copies and saves the information from the victim’s credit card or debit card. The information from the chip cannot be used to clone another chip card.  However, it can still produce a version of the card with a magnetic strip. Magnetic stripe technology is still accepted by many businesses, particularly online.

Shimming is an update on skimming, a common scam in which thieves attach a device to credit card readers at places like gas stations. The device reads and copies information from the magnetic swipe, allowing scammers to clone the credit card for later use or sell the card number on the dark web. Unlike skimming devices which can often be bulky, shimming devices are small and unobtrusive. They can easily be inserted into card readers at in-store terminals, according to PCMag. And what’s worse, scammers can collect the data by inserting a special card into card reader—so it just looks like the scammer is paying for something or using the ATM. (Source: experian.com)

Example of Credit Card Cloning

A frequent approach used by thieves is installing covert scanners on legitimate card-reading devices.  For example, gas station pumps, automated teller machines (ATMs), or point-of-sale (POS) machines in most retail businesses. These attacks are particularly devious because they do not require the assistance of the store employees. Instead, people coordinating the attack can simply collect data from the covert scanners on an ongoing basis.  There are no consumers, employees, or business owners aware of the source of the intrusion.

Credit Card Cloning – How To Protect Yourself

You can minimize the chances of credit card cloning by adopting the following precautions:

  • Examine card readers before you use them. Briefly inspect any card reader before inserting your card. Don’t utilize anything that appears suspicious. Some skimming devices, for example, can be quite large. Others may not fit precisely and jiggle or shake when inserting your card.    
  • Monitor credit card accounts. Carefully review your monthly statements keeping an eye on your accounts for signs of fraud. Check your balance and previous transactions online on a regular basis.  Even daily if you suspect any questionable transactions.
  • Register for notifications. Sign up for alerts from your bank or credit card company when certain activity occurs on your accounts.  For example, when a withdrawal or charge exceeds a particular amount.  Your bank can notify you through email or a text message.
  • Use bank ATMs only. Only utilize ATMs that are linked to a bank. Avoid common “skimming” venues like gas stations and deli kiosks.
  • Make use of a chip card and reader. Chip cards are frequently referred to as EMV cards, which stand for Europay, MasterCard, and Visa. These three companies work together to create a global framework for credit card security that is now widely utilized. Instead of swiping your card, always use a chip reader. Cloning is still possible with a chip card, but it is less likely.
  • Choose contactless payment. Use the contactless payment feature on your credit or debit card if available.  No-touch payment methods use a credit, debit, or gift card on a point-of-sale system equipped with RFID readers. This is more secure than placing your card into a terminal.

Credit Card Cloning – What To Do If Your Card is Cloned

Check your credit card bill on a regular basis for any fraudulent charges. If you see anything strange or unexpected, contact your credit card company.  Immediately notify them and if necessary, cancel your card. If you use a debit card, contact your bank immediately and ask what steps you need to take.  Quick action will help protect your account and your funds. If your card has been compromised, you may consider freezing your credit report.  This is to guarantee that no new accounts are opened in your name. Finally, keep an eye on all of your accounts and your credit report for any strange activity.

If you suspect your card has been cloned, contact your credit card company or bank at once. Canceling the card quickly gives fraudsters less opportunity to build up charges. The good news is that in most incidents of credit card theft, consumers are not held liable for the amounts lost. If the theft is reported, the Fair Credit Billing Act limits the responsibility to $50.

This Act, amending the Truth in Lending Act, requires prompt written acknowledgment of consumer billing complaints and investigation of billing errors by creditors. The amendment prohibits creditors from taking actions that adversely affect the consumer’s credit standing until an investigation is completed, and affords other protection during disputes. The amendment also requires that creditors promptly post payments to the consumer’s account, and either refund overpayments or credit them to the consumer’s account. (Source: ftc.gov)

Up Next: TPG Products SBTPG LLC and Tax Refunds 

TPG Products SBTPG LLCTPG Products SBTPG LLC refers to Santa Barbara Tax Products Group which offers B2B pay-by-refund services for tax preparation providers. Many taxpayers, whether individuals or small enterprises rely on tax filing software. The tax software simplifies and expedites tax return filing for Federal and State taxes. TurboTax, H&R Block, TaxSlayer, and other similar tax software and services make filing taxes straightforward. However, some tax software and tax preparation services interface with other service providers to deliver additional business services. TPG Products SBTPG LLC, for example, is a corporation that offers taxpayer services to tax software and preparation providers. Santa Barbara Tax Products Group (SBTPG) offers business-to-business services to companies like TurboTax and TaxSlayer.  For example, refund transfers and auto collections to collect payments from clients who choose to “pay-by-refund”.

On the one hand, this collaboration can benefit the clients who are tax preparers and tax software providers.  However, this alliance can occasionally cause problems for the ultimate taxpayers. Problems can occur when taxpayers do not thoroughly read the terms and conditions.  Or, they may not grasp the impact when they check a simple option labeled “pay-by-refund”. For example, a common complaint from TurboTax and TaxSlayer consumers is that their return deposit is less than what it should be.

Leave a comment

Your email address will not be published.