Over the past few years, credit card terminals and users across the US have been transitioning from the old style of credit and debit cards to the newer EMV standard, also sometimes called chip-and-pin. The point of chip-and-pin is to create a newer banking standard that’s more resistant to fraud and abuse, particularly cloning. But the standard was never going to comprehensively protect against everything, a point jammed home now that credit card thieves are going after major corporations with a rather clever attack.
Here’s how PCMag describes the process: First, the thieves intercept a large run of cards, which companies typically order in bulk for many users at a time. Then, they remove the chips from the cards using a heat source and solder bad, dummy chips on. The new cards look legitimate, and can be activated, but they won’t actually work, since the chips don’t match the cards they’re attached to.
But you know what does work? The original chips that have now been activated by the account holder. The associated accounts can now be drained. Replacing the original chips opens up a much larger window before anyone realizes that the card has been stolen, particularly if the recipient activates the card but doesn’t necessarily use it very often. It could take days before the actual bait-and-switch is discovered. The image below is intended to help users spot counterfeit cards and was provided by the US Secret Service:
The scheme relies on the end user actually activating the credit card, because without that activation, the interceptors/thieves can’t pull off the scheme. It’s not clear how thieves are intercepting the parcels in the first place. This could mean that US Postal Service employees or a delivery service are helping with the theft.
The Secret Service, for those of you who did not know, is the federal law enforcement agency tasked with tracking down and preventing counterfeiting. In fact, it was on these grounds, rather than the protection of the President, that the Secret Service was created in 1865. Up to one-third of American currency in circulation following the Civil War was believed to be counterfeit, which puts some concrete size to the problem. It was only after President McKinley’s death that Congress made protection of the president one of the USSS primary responsibilities.
So far everything we’ve heard suggests corporations, not individuals, are the targets here, but be careful with your card activations. It might be wise to activate the card in an ATM and, if it cannot successfully complete transactions, warn your bank immediately. Waiting gives criminals the opportunity to empty your account.
(Top image credit: Hloom via Flickr, CC BY-SA, 401(K) 2013)
Apple May Replace Your Broken iPhone 6 Plus With an iPhone 6s Plus
Apple may be replacing iPhone 6 Pluses with iPhone 6s Pluses, if you've got one of the former in need of full repair or replacement. Might be your lucky day.
New Bill Mandates Replaceable Batteries in Consumer Electronics
The state of Washington is proposing a new bill that would mandate the inclusion of user-replaceable batteries in all consumer electronics.
Google Rolls Out Google Pay Branding to Replace Android Pay
Google's mobile payment platform has gone through almost as many revamps as its messaging apps, but maybe today will be the last one for a long time.
Google Is Replacing Drive Storage With More Generous ‘Google One’ Plans
Google last updated its storage plans in 2014 in response to price drops from rival Dropbox, and now it's making the prices even more competitive.