How easy is it to clone a credit card?
By Eva Norlyk Smith Ph.D.
May 5, 2014
With all the data breaches in the news lately, there has been talk about crooks duplicating cards. Is it really that easy to duplicate a card? Sounds like a complicated process to me. –-Thomas
Just as inventive fraudsters find ways to develop the technology needed to produce counterfeit money, they have technology to clone credit cards — the modern day version of fake dollar bills.
In fact, when it comes to credit cards, in some ways you are less protected than with dollar bills. The U.S. Treasury has set up a whole department — the Bureau of Engraving and Printing — to develop dollar bills that are so difficult to duplicate that fake bills are quickly detected.
When it comes to cloning credit cards, there are lots of technology options for fraudsters, and they are not hard to come by. Even a three-minute Google search revealed hacking forums where people – who proudly referred to a federal inmate number as proof they were real criminals – openly discussed these questions.
Basically, cloning a credit card is the same principle as creating a fake ID card. In the U.S., credit card information is stored in a binary format on the magnetic stripe at the back of the credit card. You use a magnetizing tool to copy this digital information onto the fake credit card, much as you would copy information from a computer to a USB stick. Similar technology enables you to copy the physical characteristics of the card, complete with credit card number, name and CVV code.
Credit cards in Europe, as well as many Asian countries, use what is known as Chip and PIN technology, which offers greater protection against credit card cloning than U.S. cards' magnetic stripe technology.
With Chip and PIN cards, consumers have to enter their PIN at the point of sale. Even if someone compromises the card data and clones the card, they can't use it to make changes without the PIN.
Hackers, of course, are aware of U.S. card vulnerability. Experts believe overseas hackers orchestrated the recent theft of millions of credit card records from Target, highlighting the fact that weak security technology in the U.S. is attracting worldwide hacker attention to U.S. cards.
Card issuers in the U.S. are aggressively moving toward the EMV technology, requiring merchants to have processors that accept EMV cards by October 2015. Target has moved up its transition to EMV technology to September.
In the meantime, protect yourself by taking basic steps to protect your credit card information from being stolen in the first place. Never use your credit card on websites you don't know and trust. Also, look for the https:// preface in the URL to make sure the site uses SSL encryption.
In addition, credit card information can be stolen via credit card skimming devices at ATMs, restaurants and gas stations. At gas stations and ATMs, skimming devices can be attached to the ATM or gas pump, so look for anything that appears out of place. Finally, review your credit card account once a week to intercept fraudulent charges as early as possible.
Got a question for Eva? Send her an email.