Criminals Have Found a Way to Replace the Chips on Credit Cards

Over the past few years, credit card terminals and users across the US have been transitioning from the old style of credit and debit cards to the newer EMV standard, also sometimes called chip-and-pin. The point of chip-and-pin is to create a newer banking standard that’s more resistant to fraud and abuse, particularly cloning. But the standard was never going to comprehensively protect against everything, a point jammed home now that credit card thieves are going after major corporations with a rather clever attack.

Here’s how PCMag describes the process: First, the thieves intercept a large run of cards, which companies typically order in bulk for many users at a time. Then, they remove the chips from the cards using a heat source and solder bad, dummy chips on. The new cards look legitimate, and can be activated, but they won’t actually work, since the chips don’t match the cards they’re attached to.

But you know what does work? The original chips that have now been activated by the account holder. The associated accounts can now be drained. Replacing the original chips opens up a much larger window before anyone realizes that the card has been stolen, particularly if the recipient activates the card but doesn’t necessarily use it very often. It could take days before the actual bait-and-switch is discovered. The image below is intended to help users spot counterfeit cards and was provided by the US Secret Service:

The scheme relies on the end user actually activating the credit card, because without that activation, the interceptors/thieves can’t pull off the scheme. It’s not clear how thieves are intercepting the parcels in the first place. This could mean that US Postal Service employees or a delivery service are helping with the theft.

The Secret Service, for those of you who did not know, is the federal law enforcement agency tasked with tracking down and preventing counterfeiting. In fact, it was on these grounds, rather than the protection of the President, that the Secret Service was created in 1865. Up to one-third of American currency in circulation following the Civil War was believed to be counterfeit, which puts some concrete size to the problem. It was only after President McKinley’s death that Congress made protection of the president one of the USSS primary responsibilities.

So far everything we’ve heard suggests corporations, not individuals, are the targets here, but be careful with your card activations. It might be wise to activate the card in an ATM and, if it cannot successfully complete transactions, warn your bank immediately. Waiting gives criminals the opportunity to empty your account.

(Top image credit: Hloom via Flickr, CC BY-SA, 401(K) 2013)

Continue reading

Sony May Let Users Move Games Off PS5, Xbox Series X SSD Is User-Replaceable

Microsoft is using a user-replaceable SSD for the Xbox Series X, while Sony is researching PS5 game transfers.

Google Promises Not to Replace Third-Party Trackers With Something Worse

Last year, Google announced it would phase out third-party tracking cookies in Chrome. That's hardly the only way to track people around the web, though. Now, Google confirms it won't invest in any of those alternatives to track individual people.

Will Microsoft Mesh Replace Video Calls?

In the latest attempt to jumpstart the somewhat moribund market for a VR future, Microsoft has un-veiled an ambitious new mixed-reality platform, Microsoft Mesh. Running on its Azure services platform, it initially supports the company's own Hololens devices, and its Altspace VR application, but the plan is to make it work with other VR, AR, and MR devices as well.

Nvidia RTX 3080 Ti Replaces 3090 for Many Gamers, 3070 Ti Coming Soon

Nvidia has announced the RTX 3080 Ti with 12GB of VRAM and more GPU cores, with theoretical availability starting June 3. An updated RTX 3070 Ti will follow, with theoretical availability on June 10.