Cyber criminals “skimming” bank card details with increasing regularity

Cyber criminals “skimming” bank card details with increasing regularity

With the total number of contactless bank cards in circulation rising from 59 million to 119 million from 2015 to 2017 in the UK, experts are now warning card users to guard against cyber criminals looking to steal bank card details by using specialised software that can clone cards from a limited distance.

The practice of using stolen bank card details to clone cards has become so widespread that, for the first time in history, contactless fraud has overtaken check fraud which stood at £9.8 million last year.

Almost three years ago, consumer group Which? warned contactless bank card users in the UK that thieves could easily exploit a security flaw to steal key data from debit and credit cards using equipment readily available online.

Researchers tested six debit cards and four credit cards and managed to steal card details from all of them, and even managing to purchase a £3,000 television set by cloning one of the cards.

“Contactless bank cards are coded to ‘mask’ personal data, but using an easily obtainable reader and free software to decode data, we were able to read the card number and expiry date from all 10 cards. We were also able to read limited details of the last 10 transactions, although no cards revealed the CVV security code (the number on the back).

“We doubted we’d be able to make purchases without the cardholder’s name or CVV code – but we were wrong. We ordered two items – one a £3,000 TV – from a mainstream online shop using ‘stolen’ card details, combined with a false name and address,” said a Which? spokesman.

Considering that such technology was available three years ago, it is no surprise that contactless fraud in the UK surpassed £10 million last year. While Richard Koch, the then head of policy at the UK Cards Association had said that while only obtaining the card number and expiry data wasn’t enough to perform transactions, Katy Worobec, managing director of economic crime at UK Finance, now says that a lot of retailers still do not require CVV to perform transactions and therefore, stolen card details can still be used to perform unauthorised purchases.

“As contactless cards become more popular globally, it is critical for online companies to actually identify true customers from imposters to approve transactions. Just having credit card numbers, passcodes and credentials can be easily subverted by cyber criminals,” says Lisa Baergen, director at NuData Security.

“It is imperative that authentication frameworks now include passive biometrics and behavioural analytics, along with a full stack of security solutions so that customers are identified by their behaviour such as how they hold a device, how hard they hit the keys and hundreds of other identifiers.

“This approach allows online companies to block fraudulent transactions even if the cyber criminal has skimmed or cloned credit card information, has credentials or even stolen a device,” she adds.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]