How Criminals are Getting Your Debit Card Data in 2015

Copyright 2015 Verafin Inc. Privacy Policy Verafin is an industry-leading, cloud based fraud detection and BSA/AML compliance software provider

Criminals are more organized and sophisticated than ever before. Attacks on ATMs and POS terminals can range from the rudimentary to the highly organized, involving thousands of fraudulent cards and criminal enterprises that span the globe. So how do the criminals get your debit card data? Here are 8 different ways.

  1. Data Breaches – According to the United States Secret Service, 1000 U.S. businesses have been affected by Malware. Capable hackers are able to crack the security on merchants and other card data holders, and access large volumes of card data. With the heightened awareness of cybercrime, the industry has made strides in using more secure techniques for storing data (or in many cases, ensuring that they don’t store it). This has made it harder for criminals, but there are still many opportunities for attacks.
  2. Buying the Data – With so many means of attack, there is a glut of card information for sale on underground carding websites. Lazy criminals can simply buy card data starting at $2 or less. Quality costs extra, but in the underground marketplace there are products for everyone.
  3. Internal Skimming Devices – More capable criminals could place a skimming device inside a terminal that intercepts messages on data lines.
  4. Separate Skimming Devices – In just a few seconds, a criminal can swipe a card through a reader and get its data.
  5. Overlaid Skimming Devices – In this case, the criminal places a card reader over the machine’s intrinsic reader. They might also attach a video camera or a pin-pad overlay to capture the PIN.
  6. Hijacked Terminals – A terminal can be hijacked by replacing the operating system with a compromised one. An avenue of attack might be available for those ATMs with remote control capabilities that are left in the default (and insecure) settings.
  7. Steal Cards – The simplest way for a criminal to get card data is to steal someone’s card. To get the PIN, the thief might shoulder surf or guess a weak password, such as a birthdate.
  8. Steal Machines – A criminal might decide to steal either an ATM or POS terminal. Cash can be pulled from the ATMs, but both types of machines could store card numbers if misconfigured. A stolen machine is also valuable in order to learn about weaknesses or ways to physically attack it.

If you feel you have been a victim of fraud, contact your local First Trust Credit Union Branch immediately. We can help!