Your browser is obsolete!

The page may not load correctly.

Unmasking the criminals

Кредит недоверия

Other issues in this category (2)
  • add to favourites
    Add to Bookmarks

Your card is not as secure as you may think

Read: 622 Comments: 13 Rating: 36

Nowadays, bank cards that feature a chip (in effect, a small computer on a card) in addition to a magnetic strip are particularly popular. According to Visa, cards equipped with such chips can store 80 times more data than cards that have magnetic strips only.

Security is an undeniable advantage of chip cards. All account information is stored on the magnetic strip as well as on the chip. Furthermore, a card microprocessor encrypts data using a multitude of sophisticated digital codes, which a simple skimmer can't read.

With cards that use magnetic strips, transactions always contain the same information, which is transmitted to a bank. Meanwhile, transactions carried out with chip cards are always confirmed with unique codes. And even if a fraudster manages to forge a chip, it will do them no good.

If encrypted information is stored on the magnetic strip, attackers can easily copy it and duplicate the card. Chip cards are virtually impossible to read, and even if attackers could read them, the information would be useless. And here’s why. If scammers obtain information from your card's magnetic strip and use it to carry out a transaction via a terminal that can't read chip cards, you may be able to appeal to your bank and get the transaction cancelled. Of course, you will be recompensed only if your bank's investigation proves that you really are a victim, rather than a cheater who is attempting to defraud the bank.

https://habrahabr.ru/company/smpbank/blog/130648

“Impossible” is a good word. But, hackers aren’t so intimidated by it that it has them quaking in their boots!

The Contactless Infusion X5 skimmer made by the criminal group CC Buddies can read information from 15 contactless cards in one second.

X5 is able to read the card number, expiry date, and the name of the owner and their home address (if this information is stored on the card). The data is encrypted and stored in the device's internal storage. X5 can be connected to a PC via USB. The device's specifications indicate that it can operate for 10 hours without charging and read information from any bank card within 8 centimetres at a speed of 1024 Kbit/s.

The CC claim that an attacker won’t even have to get really close to anyone—simply passing through a crowd, for example, in the subway or at a concert, is near enough. Once the device is close enough to a radio chip, it will copy all the data from it and write it into its storage.

The device is available for $800 (1.2 bitcoin). X5 is shipped with 20 blank plastic cards, a USB cable, and a driver.

https://xakep.ru/2016/06/14/contactless-infusion-x5

https://geektimes.ru/post/277238/

So someone can lean against you when you are riding in a subway car for more than just the reason that it’s crowded.

Card data gathered by the device can be used in online stores that do not use CVC/CVV verification.

#bank_card #skimming #security #cyber-crime #terminology

Dr.Web recommends

  • Criminals won't be able to read all the information stored on your card. However, the data they manage to gather will be enough to pay for goods in some online stores.

Stuffers use stolen card information to buy goods in online stores and then resell those goods on the black market. They work in close cooperation with criminals who specialise in purchasing stolen goods. Stuffers play the central role in the entire criminal group, which is why they may receive a cut of the stolen goods rather than a fixed salary.

  • No matter how reliable a technology is, our yearning to make life easier creates loopholes within it. Please don't think we’re paranoid when we advise you to store your bank cards as far away as possible from places where they can be scanned.

An investigation conducted by Russian law enforcement agencies showed that criminals have set themselves up as waiters in cafes and restaurants to gain access to patron bank cards. When paying their checks, unsuspecting Muscovites willingly handed their cards over to scammers who managed to copy all the information they needed from them.

http://www.aif.ru/money/mymoney/33274

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments