Credit card dump

Credit card dump refers to data illegally copied from and active credit card. The data can be copied to another card and used by fraudster. Dump of credit card data was much easier when the magnetic strips were in use. It is more difficult to dump data from the chip. However, new proximity cards are easier to dump, even without touching them. The fraudsters can get data necessary to make transactions in real world or in the internet. The stolen credit card dumps are sold in the underground economy.

Credit card dump methods

The most popular methods are:

• Skimming - putting card into illegal card reader (e.g. added to ATM),
• Hacking vendor network and dealing with data from original card reader,
• Using prepared radio receiver with amplifier to read proximity card.
• Phishing that are being used in order to lure victim to give the card data.

Skimming

• Skimming stands for illegal getting the private information of credit card and then creating clones of the credit card in order to use them to make unauthorized transactions or sell the data on the black market. One of the methods of steeling the data is using the specially constructed electronic device, called skimmer. Skimmer is small and thin device and can be installed for example on the ATM (cash machine). The average ATM's user is not able to notice it and when using the affected ATM and swiping the card, all credit card data are being captured. This gives the thief the possibility of stealing data from huge number of ATM users. Additionally, on the ATM may be installed small undetectable camera and/or another device (fake keypad that matches the original one). This is to capture PIN number, which is not saved on the magnetic stripe.
• This type of skimming is quite old tactic and used to be more popular at the times when all the information, such as credit card number, cardholder's name, expiration date, were saved only on the magnetic stripe. Actually we use a new type of credit cards which have a small computer chip installed. This kind of cards are called EMV chip credit cards and are much safer because the data which were previously stored on magnetic stripe are now also held on chip. When using the ATP enabled to reading chip, hacking chip and stealing information is much tougher. Citing LaToya Irby, the chip "creates a unique code for each transaction and sends that code through the credit card processing system to authorize the transaction. After the code has been used, it can’t be used again. So, if a hacker gets access to this code and attempts to use the data for credit card purchases, the transaction would be declined since the code has already been used". The card users should still be careful, because EMV card also has the active magnetic stripe and if they use the card in the non-EMV-enabled terminal can be exposed to the risk of skimming.
• It's worth to mention that the card design has already changed. Two biggest payments organization are about to launch or provide the testing on a new type of a card with a biometric fingerprint scanner. This new technology will allow the card user to accept the transaction with their fingerprint (PIN option will be also available). Cardholder won't need to remember PIN number any more, but just enroll the fingerprint which will be stored on the card. During the transaction should place the finger on the sensor, which will scan the print and compare with the one saved in the card.
• Another type of skimming can be taking over the data in the restaurants or bars. These are the places where stealing the credit card data takes place quite frequently. The scenario is quite simple and unfortunately often engage the restaurant service (waiter, waiters) who are in the cooperation with the criminals and scan the magnetic stripes to hand it on to the unauthorized individuals.

Examples of Credit card dump

• Track data: Track data is the data stored on the magnetic strip of a credit card. It includes the cardholder's name, credit card number, expiration date, and service code. Fraudsters can use this data to create a cloned card and make unauthorized purchases.
• PIN and CVV number: This is the primary data that fraudsters use to make unauthorized purchases online. The PIN is the personal identification number used to authenticate the cardholder's identity. The CVV is the three-digit number on the back of the card used to verify the cardholder's identity.
• Cardholder's address: The address associated with the credit card can be used by fraudsters to make purchases online or at a physical store. The address can also be used to create fake identities or to send fraudulent emails.
• Cardholder's date of birth: The date of birth associated with the credit card can be used to create fake identities or to send fraudulent emails. It is also used to make unauthorized purchases online.

Limitations of Credit card dump

Credit card dump is a process of illegally copying data from an active credit card and using it for fraudulent purposes. While it is possible to dump data from magnetic strips, chip cards, and proximity cards, there are several limitations to consider:

• The process of dumping a credit card’s information is time consuming and difficult. It takes skill and technology to be able to extract the information.
• The stolen credit card information is only valid for a certain amount of time, as credit card companies regularly update their security measures.
• The stolen information is only valid for transactions in the same country as the credit card’s origin. Most credit card companies do not allow international transactions with stolen information.
• Fraudsters are often limited in the amount of money they can withdraw or spend using the stolen information. Credit card companies have security measures in place to limit the potential damage of stolen information.
• It is difficult to find buyers for stolen credit card information as it is illegal to purchase or use the information. The buyers are often limited to underground networks and dark web markets.

Other approaches related to Credit card dump

• Skimming: Skimming involves using a device to steal the credit card information stored on the magnetic strip when the card is being used by the legitimate cardholder.
• Phishing: Phishing involves sending fraudulent emails or creating fake websites that look like the real thing in order to steal the cardholder’s personal information.
• Shoulder surfing: Shoulder surfing involves someone looking over the shoulder of the cardholder as they enter their PIN or other information.
• Pretexting: Pretexting involves a fraudster posing as a legitimate person or company in order to gain access to personal information.

In conclusion, credit card dump is one of many approaches to stealing personal and financial information. Other approaches include skimming, phishing, shoulder surfing, and pretexting. All of these approaches involve stealing the cardholder’s information in order to commit fraud.

References

• Biometric Card (2017) MasterCard, 5
• Fossi, M., Johnson, E., Turner, D., Mack, T., Blackbird, J., McKinney, D.,... & Gough, J. (2008). Symantec report on the underground economy. Symantec Corporation, 51.
• Irby, L. (2018) What is a Credit Card Dump? The Balance
• Kumar, M. (2017) MasterCard launches Credit Card with Built-In Fingerprint Scanner The Hacker News Logo

Author: Magdalena Rewers