Scammers replace credit card readers in Irish stores
Fraudsters in northeast Ireland posing as authorized bank service personnel replaced credit card readers in retailers' stores with their own, capturing data that can be used to empty bank accounts and make purchases.
As many as 10,000 credit and debit cards may have been compromised by the time authorities became aware of the scam late last week, said Jennie Chamberlaine, marketing manager for the Irish Payment Services Organization, on Monday.
Those whose details have been stolen will be notified by banks, and it is possible card details have already been used for fraud Chamberlaine said.
Financial institutions such as the Bank of Ireland reacted by shutting down some cards while also limiting overseas withdrawals to as little as €100 (US$146). An investigation is under way by Ireland's National Police Service. Few other details were immediately available.
Overseas withdrawals are limited because the scammers can take the data they've captured from the magnetic stripe on the back of the card and encode it on a dummy card. That card can then be used to withdraw cash overseas.
The scammers can't take out cash at ATMs in Europe that use the "chip-and-pin" system. European credit and debit cards have an embedded microchip that is checked at the ATM; cards that should have the chip but don't are rejected. Criminals have yet to successfully replicate those microchips.
The chip-and-pin system also requires a PIN (personal identification number) to be entered during a purchase rather a customer signature as is accepted in the U.S. and many other countries.
The European system has caused a marked dropped in fraudulent transactions from lost and stolen cards, but resulted in an interesting change in fraud.
Chip-and-pin's greatest weakness is the lack of its worldwide use. Criminals now clone cards and go to countries that don't have ATMs that verify the presence of the microchip, fueling a transnational trade in credit and debit card details.
Chip-and-pin also doesn't affect "card not present" fraud, where data is used to make online purchases. That data is often captured through phishing, or frauds where a fake Web site is built in order to trick people into divulging sensitive information.
"Card fraud has tended to move to the weakest link," Chamberlaine said.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
data breach
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
