Criminals Have Found a Way to Replace the Chips on Credit Cards
Over the past few years, credit card terminals and users across the US have been transitioning from the old style of credit and debit cards to the newer EMV standard, also sometimes called chip-and-pin. The point of chip-and-pin is to create a newer banking standard that’s more resistant to fraud and abuse, particularly cloning. But the standard was never going to comprehensively protect against everything, a point jammed home now that credit card thieves are going after major corporations with a rather clever attack.
Here’s how PCMag describes the process: First, the thieves intercept a large run of cards, which companies typically order in bulk for many users at a time. Then, they remove the chips from the cards using a heat source and solder bad, dummy chips on. The new cards look legitimate, and can be activated, but they won’t actually work, since the chips don’t match the cards they’re attached to.
But you know what does work? The original chips that have now been activated by the account holder. The associated accounts can now be drained. Replacing the original chips opens up a much larger window before anyone realizes that the card has been stolen, particularly if the recipient activates the card but doesn’t necessarily use it very often. It could take days before the actual bait-and-switch is discovered. The image below is intended to help users spot counterfeit cards and was provided by the US Secret Service:
The scheme relies on the end user actually activating the credit card, because without that activation, the interceptors/thieves can’t pull off the scheme. It’s not clear how thieves are intercepting the parcels in the first place. This could mean that US Postal Service employees or a delivery service are helping with the theft.
The Secret Service, for those of you who did not know, is the federal law enforcement agency tasked with tracking down and preventing counterfeiting. In fact, it was on these grounds, rather than the protection of the President, that the Secret Service was created in 1865. Up to one-third of American currency in circulation following the Civil War was believed to be counterfeit, which puts some concrete size to the problem. It was only after President McKinley’s death that Congress made protection of the president one of the USSS primary responsibilities.
So far everything we’ve heard suggests corporations, not individuals, are the targets here, but be careful with your card activations. It might be wise to activate the card in an ATM and, if it cannot successfully complete transactions, warn your bank immediately. Waiting gives criminals the opportunity to empty your account.
(Top image credit: Hloom via Flickr, CC BY-SA, 401(K) 2013)
Continue reading
In Massive Shift, Apple Announces New Macs With ARM-Based M1 Chip
Apple saw huge success the last time it switched architectures to Intel, but this time? The jury's still out, but one thing is certain: Apple is about to make a lot more money.
Microsoft: Pluton Chip Will Bring Xbox-Like Security to Windows PCs
Intel, AMD, and Qualcomm are working to make Pluton part of their upcoming designs, which should make PCs more difficult to hack, but it also bakes Microsoft technology into your hardware.
Why Apple’s M1 Chip Threatens Intel and AMD
Intel's own history suggests it and AMD should take Apple's new M1 SoC very seriously.
How L1 and L2 CPU Caches Work, and Why They’re an Essential Part of Modern Chips
Ever been curious how L1 and L2 cache work? We're glad you asked. Here, we deep dive into the structure and nature of one of computing's most fundamental designs and innovations.