About paying our purchases in physical stores there are two issues or open debates: the possible elimination or limitation of the use of cash and the introduction of new payment methods, such as the mobile payments. But while both are closed and are not likely to short, we will continue to expose a problem when we go to an ATM : the possibility that our card cloned.
Today we will focus on the technological side of clone card. How does that technology that keeps all the data of our card to leave us without balance in our accounts or with important debts in a matter of seconds? Let’s get to know how it works and what precautions we can take to avoid falling into the trap.
Skimming, your card is no longer secure
Card cloning and theft of the data contained in their magnetic stripe skimming in its English term, occurs often at ATMs, although they have also come to light cases of workers of establishments had a second reader of cards in addition to the store’s own date to perform said data theft.
ATMs preferred by criminals are those not located in the banking offices themselves, since these are usually the most watched. The ATMs street, the less frequented better to put in the card reader a second reader camouflaged under the same appearance as the original, which will be subsequently recovered to obtain all the information from the cards that he has passed.
Also, if you want the offender is to clone the card, create one in the likeness of the original but with another name for shopping in physical stores, they also need the card PIN, information not contained in it. For this the most used method is to place a hidden camera that records as the user types their PIN at the cashier.
How to get card data
Everything reported so far is relatively simple; just enter the depths of internet to start doing evil. In the deep web, and in webs of easy access, you can get readers who resemble the employees by numerous banks in their ATMs, also very similar keyboards or cameras to record as the user enters their PIN number.
Once the user’s card has passed by reader the skimmer already has much of the misdeed completed, since the information on the card is there, with no encryption to overcome. The magnetic stripe, present in all types of bankcards despite the advent of chip and contact less cards, has three runways in which ISO 7811 all necessary information is recorded.
It’s the first track where is concentrated all the information that a skimmer craves. The first characters are the ones that contain the card number. After a first separator is the full name of the holder of the same and followed is the date of expiration and the last relevant data to make purchases online with any card, security code or CVV.
With that information, the skimmer already has everything to do evil, whether manufactured their own physical card with the data (although need the PIN to – face purchases) using the data obtained to make purchases online or what many Of these delinquents, selling the data to other users interested in the deep web.
And if anyone thinks that transfer data from a credit card to a new card is a blank complicated step is confused. On the internet, it is easy to buy the necessary device for it, since the same device can be required for totally licit purposes like creating access cards. Going with a blank card to a trade and buying with it, however much it contains data, would be strange, but neither is it difficult to stamp a card so that it appears to be a bank card more and not raise suspicion.
Similarly, if the skimmer wants to use the card for purchases in physical stores will need the PIN. For this they are able to hide tiny cameras in different elements that seem to belong to the own cashier to go unnoticed. Again, to find a camera for this function that can record video to a microSD card, with a range of up to 10 hours, is simple, no cameras being dedicated exclusively for this purpose. There are also even with WiFi connectivity, not to mention those offenders who used an iPod Nano.
Currently, in many countries, it is difficult to find bank cards that do not have both magnetic stripe and chip, when they are not also contactless. The problem to leave behind the magnetic stripe, as we have seen is a totally unsafe element is that for this everyone has to adapt their ATMs, on the side of the banks, their cards and dataphones, on the side of the To read the chips.
And as much as the banks, cards and shops around us can be adapted, if we travel we could find banks and / or stores not adapted or users with cards without a chip, so that as long as the chip is not accepted globally we cannot leave behind The magnetic stripe. But the question is, is it safer than the magnetic stripe chip? The answer is a clear yes.
EMV is the name with which is known to the cards with integrated circuit, although these acronyms only respond to the companies that established this standard (Mastercard and Visa) although later to them have joined other companies. All information contained in the chips of the new cards is protected using encryption algorithms such as Triple-DES, SHA or RSA, at least so far have proved to be impassable, making access to the contents of the chip and Duplicating it is impossible, for now.
Can we do something to avoid cloning our cards?
100% security does not exist, and is that each time the skimmers more accurately conceal, for our evil, the necessary elements to get the data of a card, although if there are certain precautions we can take to make it more complicated. The first one is to distrust ATMs that we do not know or that are accessible from the street. Those who are away or out of bank branches in low traffic areas, are most easily be manipulated.
Once we are in front of the cashier it is advisable to check if the reader in which we are going to enter the card or if the keyboard seem to be the originals of the cashier. Each time the simulated readers or keyboards are more realistic, but to the slightest suspicion, we should look for another cashier. One of the most common recommendations is to cover with one hand the time when you type the PIN, if we engrave a camera, and a more modern is using contactless readers of the most modern ATMs, if possible, since that it will be impossible for us to duplicate the card.