Credit card dump

Credit card dump
Primary topic
Related topics
Methods and techniques

Credit card dump refers to data illegally copied from and active credit card. The data can be copied to another card and used by fraudster. Dump of credit card data was much easier when the magnetic strips were in use. It is more difficult to dump data from the chip. However, new proximity cards are easier to dump, even without touching them. The fraudsters can get data necessary to make transactions in real world or in the internet. The stolen credit card dumps are sold in the underground economy.

Credit card dump methods[edit]

The most popular methods are:

  • Skimming - putting card into illegal card reader (e.g. added to ATM),
  • Hacking vendor network and dealing with data from original card reader,
  • Using prepared radio receiver with amplifier to read proximity card.
  • Phishing that are being used in order to lure victim to give the card data.

Skimming[edit]

  • Skimming stands for illegal getting the private information of credit card and then creating clones of the credit card in order to use them to make unauthorized transactions or sell the data on the black market. One of the methods of steeling the data is using the specially constructed electronic device, called skimmer. Skimmer is small and thin device and can be installed for example on the ATM (cash machine). The average ATM's user is not able to notice it and when using the affected ATM and swiping the card, all credit card data are being captured. This gives the thief the possibility of stealing data from huge number of ATM users. Additionally, on the ATM may be installed small undetectable camera and/or another device (fake keypad that matches the original one). This is to capture PIN number, which is not saved on the magnetic stripe.
  • This type of skimming is quite old tactic and used to be more popular at the times when all the information, such as credit card number, cardholder's name, expiration date, were saved only on the magnetic stripe. Actually we use a new type of credit cards which have a small computer chip installed. This kind of cards are called EMV chip credit cards and are much safer because the data which were previously stored on magnetic stripe are now also held on chip. When using the ATP enabled to reading chip, hacking chip and stealing information is much tougher. Citing LaToya Irby, the chip “creates a unique code for each transaction and sends that code through the credit card processing system to authorize the transaction. After the code has been used, it can’t be used again. So, if a hacker gets access to this code and attempts to use the data for credit card purchases, the transaction would be declined since the code has already been used”. The card users should still be careful, because EMV card also has the active magnetic stripe and if they use the card in the non-EMV-enabled terminal can be exposed to the risk of skimming.
  • It's worth to mention that the card design has already changed. Two biggest payments organization are about to launch or provide the testing on a new type of a card with a biometric fingerprint scanner. This new technology will allow the card user to accept the transaction with their fingerprint (PIN option will be also available). Cardholder won’t need to remember PIN number any more, but just enroll the fingerprint which will be stored on the card. During the transaction should place the finger on the sensor, which will scan the print and compare with the one saved in the card.
  • Another type of skimming can be taking over the data in the restaurants or bars. These are the places where stealing the credit card data takes place quite frequently. The scenario is quite simple and unfortunately often engage the restaurant service (waiter, waiters) who are in the cooperation with the criminals and scan the magnetic stripes to hand it on to the unauthorized individuals.

References[edit]

Author: Magdalena Rewers