Stolen Credit Card Data Concealed through Fake Club Membership Cards
February 20, 2020
Stolen credit card data were disguised through counterfeit club membership cards, as revealed by the U.S. Secret Service and reported by Brian Krebs. The cards, purportedly for exclusive use at name-brand retailers, had a barcode that contains the credit card information. The expiration date and card verification value (CVV) were also printed in the card.
The cards had instructions for cashiers to press “card payment” in their Point of Sale (PoS) machines, scan the barcode, and enter the expiration date and CVV. The payment is recorded as a card-not-present purchase.
The report also mentions that besides being printed on cards, the barcodes can be printed on stickers or stored in cellphone memory, deviating from the usual re-encoded fake credit cards and making the stolen details easier to hide.
Currently, there are over 2.8 billion credit cards in use worldwide. There are several ways cybercriminals can steal credit card details, including unsecure mobile banking apps. Many threat actors make these stolen information available for sale on the dark web.
Preventing fraudulent credit card transactions
Credit card fraud affects not just the owners of the cards but the merchants as well. Chargeback fees, which can vary from US$20-US$100 per transaction, serve as a hefty expense for merchants that serve as conduits for fraud, even when they do so unknowingly.
To avoid unintentionally allowing fraudulent transactions, merchants are advised to enforce strict rules for the staff about the accepted payment methods. If unable to verify anything the customer presented, the staff should be trained to check with management before proceeding with the transaction. The staff should also be updated on current fake credit card schemes, and should be aware of the protocols on what to do once they detect a fraudulent transaction.
Securing credit card details
The theft of credit card data can be done across different platforms, including mobile and web. For mobile, credit card details can be stolen through unsecure or fake banking apps (sometimes, even apps for non-banking purposes). To prevent this from happening, users should only download apps from official sources, deploy the latest patches, and enable the built-in security features of bank apps to ensure maximum security. Security solutions for mobile (Android and iOS) can also help bolster the protection of mobile transactions.
Phishing is also a commonly used to harvest sensitive personal information such as credit card details from unsuspecting victims. To combat phishing, verify the sender’s identity before revealing important information. This can be done by contacting the person or institution that sent the email to confirm if it really came from them. Adding multiple layers of protection can also help thwart phishing attacks.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
Posted in Cybercrime & Digital Threats
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases