Credit card fraud


(Tommy Clark) #1

I’ve seen a lot of posts recently with people getting there money stolen or cards cloned, Monzo customers!

It may be just that im part of this forum, that I notice it more with Monzo account holders than other bank or is it just me?

I’m just interested in know how they get hold of your details, is it as simple as somebody cloning the card chip and numbers?


#2

That is indeed most likely the case. Cloning cards is so easy and cheap that it happens all the time,…


(Dan) #3

My other half has it done 3 days ago and shes with Lloyds…

I would suspect with Christmas spending card use has increased, thus higher chance of cloning… then the people doing fraud wait until January to hit…


(Allie) #4

It’s common, it’s probably just that there’s an active community here!

No, cloning the card chip is virtually impossible. The card will not, under any circumstances, reveal the keys that would be needed to make a working clone.

There’s a few things that can happen however:

  • The magnetic stripe can be cloned and fallback can be forced.
  • The magnetic stripe can be cloned and used at a non-EMV merchant.
  • A pre-play attack contactless magstripe transaction can be performed and replayed.
  • The details from the card can be used in a CNP (card not present) environment, which may occasionally not even require the CVC2 and thus details from the magstripe or chip can be used (the point of the CVC2 is that it isn’t on the magstripe or chip).
  • Authorisation system weaknesses can be exploited if the issuer doesn’t do proper checks of the EMV data.
  • The chips can be stolen out of the card.
  • The magnetic stripe may be presented to a terminal as a contactless magstripe transaction, which might get approved due to poor formatting and tolerance for such of authorisation messages. I’ve seen this demoed and don’t know how feasible it still is, but I suspect it would work in at least some cases.

So no, don’t worry, the chip isn’t being copied, doing so is essentially impossible.

No, it just doesn’t… there has never been one proven case of an EMV card being cloned. The magstripe is easily cloned, but that alone shouldn’t get a thief far post-EMV migration (notes above what it can accomplish - fallback fraud and fraud at non-EMV merchants).


#5

No. When you get card details you’ll want to use them ASAP, as they get blocked so quickly!


#6

You are correct of course. I didn’t read the question properly, omitting the word “chip”. Cloning the Mag stripe is trivial, and in both cases were I had fraud on my card in the past, that’s what happened (with the cloned card then being used in America where EMV isn’t common.)


(Allie) #7

Definitely, though thankfully we’re at over 50% EMV in the US now. These last few weak areas are getting closed. Merchants worldwide are now liable for the cost of fraud if they use the magnetic stripe and it proves later to have been cloned (with some exceptions for things like pay at the pump fuel in the US and the like).

I think the next major fraud path we’ll see is contactless magstripe fraud in the US. Not quite as trivial as actual magstripe, but usable at far more shops (many shops use EMV for contact and magstripe mode for contactless still, in the US).


#8

Well, that’s something I hadn’t heard of before. Thanks! :slight_smile: But how blind do you have to be, to not immediately call your bank and cancel the card?!


(Allie) #9

My first question, too!


(Dan) #10

Surely, if you don’t know it’s been cloned, and you have no reason to get a new card… they can sit on it as long as they want? It will always work unless the card is cancelled or expires?


(Andre Borie) #11

Cards are mostly stolen in huge batches at merchants with malware on point of sale systems. This will eventually get noticed by banks (by noticing higher levels of fraud only on cards used at this merchant) or by the merchant discovering the malware, at which point banks will cancel all the cards suspected to be breached, even if that particular card hasn’t been used for fraud yet. As a fraudster you want to cash out the card ASAP.


#12

Additionally cards tend to be sold multiple times, so the one who uses them first profits


(Dan) #13

Interesting :slightly_smiling_face: thanks for the information… I find fraud so interesting but there again I’m a geek :nerd_face:


(system) #14

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.