There has been a LOT of news lately on the staggering number of malware (5 million new ones between July and September) and banking trojans. (Clampi, Zeus and URLZone)
Meanwhile, let's not forget about the potential for fraud caused by low level scammers.
The PIN Payments News Blog has posted a couple times on the subject of stealing and replacing PIN Pads at retail locations or tampering with the PIN Pads in order to enable them to steal card information and PINs.
- Terminal Disease Boosts Fraud
- Ghosts in the Machine: Future Threat
- Operation Tuna Puts Four in the Can
One of side benefits of shopping at home with your very own personal HomeATM device, is the assurance that the device has not been tampered with. In fact, part of the PCI 2.1 Certification process is to make sure the PIN Entry Device is Tamper Proof. Therefore, in the unlikely event someone were to break into your home and pass by your big screen LCD TV and instead try and tamper with your HomeATM (in order to get your credit/debit card numbers) it would immediately shutdown.
Unfortunately, MOST PIN Entry Devices in the brick and mortar world are NOT PCI 2.x certified, which is why I thought I'd bring you some excerpts from "Anatomy of a Debit Card Fraud Group" at Kelowna.com...
"The three crooks busted in July trying to swipe a PIN pad from a local Boston Pizza were a perfect match for the description of a debit card fraud ring: a small cell from out of province that swooped into town and tried to replace legitimate equipment with a modified version.
Fortunately, a sharp-eyed staff member spotted the guys in action and called police. Police later said the three males were from Quebec, but only one of them was an adult.
Sgt. Tim Kreiter from the RCMP E Division’s Commercial Crimes Units, said debit card fraud rings can range in size from just two or three people who do all the work, to more sophisticated networks that divide the work of stealing PIN pads, doing the technical modifications and using the cloned debit cards to get cash.
Kreiter noted that while they are organized crime rings, debit card fraudsters are not alway associated with the traditional crime groups frequently in the news. He has, though, seen some cases where groups have gone so far as to buy a corner store or gas bar in order to run a scam. The appeal of such fraud, he said, is the relatively low risk of getting caught and the fact the reward is usually cash. As well, it’s “attractive to a lot of people who have a criminal bent but are not violent.”
Generally speaking, the groups will have a technician who modifies stolen PIN pads to enable them to capture data from bank cards and their accompanying PIN numbers. The units are then swapped for a similar model at another – or even the same – retailer, and the data collection begins. The necessary parts are available online and the requisite electronics and computer skills are usually passed down in the style of an apprenticeship.
Modifying the PIN pads “really isn’t a particularly difficult skill to learn,” Kreiter said. “It’s usually simply a matter of soldering on a couple of wires.”
The card data is either then transmitted wirelessly or kept on the PIN pad, which is later stolen back by the crooks, who quickly produce cloned cards, withdraw money from ATMs and then hit the road. That’s what makes catching them so difficult.
Read the Article in it's Entirety