Credit Card Cloning Fraud: How it Works

Credit card cloning fraud is where a criminal copies a legitimate card in order to steal it. It is also sometimes known as card skimming.

How Card Cloning Fraud Works

Most credit card cloning fraud is done through the use of skimmers. Skimmers read credit card information such as numbers, PINs, CVV data through the magnetic stripe, and can be attached to hardware such as point of sale (POS) terminals, or ATMs, allowing them to steal whoever uses that hardware’s information. 

Criminals can also create a faux keypad on POS terminals or ATMs that allow them to steal PIN information. 

Once the information is stolen, the criminal can then make a physical credit card linked to another person’s money. The original cardholder may not even realize that this has happened, however, it is possible to tell by looking at their financial statements, bank accounts, or by seeing if their credit score has changed. 

Due to all of the contactless scanning technology, it is now possible for criminals to steal card information just by having a concealed scanner on them while walking down the street, allowing them to steal the card information of anyone who is close enough in proximity to them. 

How Financial Institutions Can Combat Credit Card Cloning Fraud

Implementation of EMV Chips

The implementation of Europay, Mastercard, and Visa (EVM) chips has been one of the biggest advancements in the fight against card cloning since they are safer alternatives to magnetic stripes. They use payment information that is encrypted to make it exceptionally difficult for criminals to clone cards, but EVM chips still have their vulnerabilities.

Even if their cards have EVM, people are more likely to use the magnetic stripe at POS terminals due to the familiarity allowing their credit card information to potentially be stolen. Also, a recent study from a security firm stated that cybercriminals have found a method to make purchases with a magnetic stripe card using data that was meant for EVM chips. 

This gives insight to the upsetting reality that is: it is almost impossible to get criminals to stop cloning cards because they will always try and find a workaround. 

Building Customer Profiles

Using a cardholder’s data profiles to understand how they usually behave is the most successful way to prevent card cloning fraud. Based on the location of the cardholder, how they used the card (magnetic stripe or EVM), the quantity or frequency of purchases or transactions, and the time of purchase, banks or merchants can determine if a cloned card is potentially being used. Customer profiles can also give information about the regularity or speed of payments between locations, meaning that it could be a red flag that a cloned card is being used in several locations by a criminal.

Physical Infrastructure Review

Merchants and Banks should review their physical infrastructure to see if there is any place that may be susceptible to criminal attack, including ATMs and POS terminals. This also makes it a lot more challenging for criminals to clone cards. For Example, making sure that POS terminals are all EMV compliant as well as helping customers purchase things in a more secure manner are a few ways Merchants can help make it more challenging for criminals to clone cards.

Despite possibly being impossible to end card cloning, the combination of customer profile data, securing physical infrastructure as well as EMV chips can help banks and merchants be more confident that the cards that are being used aren’t cloned cards, but instead, are the actual, legitimate, ones.

If you are interested in learning more about how Unit21 can help you protect your company from credit card cloning fraud, schedule a meeting today.

Let's schedule a time to learn more

Book a Meeting