Call them high-tech pick pockets with the potential to wipe out bank accounts in seconds. Credit card cloning is big business, very sophisticated and very high tech.
The time it takes to count to three, the 16 digits on several credit cards are compromised during a demonstration on West Madison Street in Downtown Chicago.
“So now there's the data that I stole - there's a credit card number there,” Rob Havelt said. He’s the director of penetration testing at Trustwave’s Spider Labs.
Hiding in household items are home-made hand-held stealing machines.
“This is a payment terminal that you see in any store,” Havelt said. “We just bought one and took it apart so like you can get it for $15 on EBay and it's hooked up to some wires. Basically it's a keyboard input into the iPad and there's a battery pack in here just to power it.”
Radio Frequency Identifiers, known as RFIDs and illegal skimmer devices, can snatch, lift, rip and swipe credit card numbers from unsuspecting, innocent consumers.
Consumers should use extra precaution at restaurants, public and unsecured ATMs, hotels and gas stations – that’s where consumers are most susceptible to having their credit card information compromised.
Trustwave is a global provider of on-demand data security. Joel Dubin has been tracking the troublesome technology for nearly a decade. Dubin is a Security Consultant at Trustwave.
“The people that are making them are making them from scratch or they're taking components from card readers,” Dubin said. “Assembling them and then adding antennas that can capture card numbers.”
"How-To" guides online offer advice on "a stand alone RFID skimmer" by which "an attacker can make purchases using a victim's RFID-enhanced credit card." FBI Supervisory Special Agent Todd Carroll said it is illegal to possess one of these devices.
“In terms of a cloned credit card, I have here a test card,” Dubin said. “This is a magnetic stripe that's on the back of the card and then what they do is they take the information which is called track data from that card and there's machines that they can purchase for $300-$400 that can recreate card.”
In a controlled setting on West Madison Street, Trustwave employees walked by as FOX Chicago witnessed a doctored device transfer credit card data to an iPad.
In an interview, Carroll explained the three things consumers can do to protect themselves.
“One, pay attention to your credit card bills - just don't blindly pay them. Look at all the charges and make sure you had made all those charges and there isn’t an extra charge put on to your account,” Carroll said.
“Two, protect yourself when you go to use your card and when you're making a purchase. Use your credit card, probably more than you use your ATM,” Carroll continued. “Especially if you need to put your PIN in and it’s directly taken out of your checking account, you might want to use your credit card instead.”
“Another thing as always, you need to run a credit report and find out what's out there, what accounts you have open still,” Carroll concluded.
All of the credit card numbers scanned in the demonstration belong to Trustwave employees who agreed to participate.
So how do you know if there is an RFID chip in your credit card? Pull the card out and feel around for a raised spot on the card above the numbers. Once found, consumers can deactivate the RFID without getting a new card. Simply use a hole-puncher to pop the chip out.
Additional advice from the FBI to avoid becoming a victim:
Homemade Devices Can Clone Credit Cards | Originally reported by: myFOXChicago.com