Symantec: Credit card dumping on the rise

Candid Wuest, senior threat researcher at Symantec

Credit card dumps have increased over the past year, according to research conducted by analysts at security management solution provider Symantec.

The phenomenon translates into copies of information stored on the magnetic stripe of the original card being made, usually obtained via electronic “skimming devices” fitted to the credit card machine or bank teller.

“Skimming devices can be combined with a doctored keypad that is placed over the real one or a small video camera that records the PIN code entered for each card”, explained Candid Wüest, senior threat researcher at Symantec.

“Newer versions even contain a GSM module that will send the encrypted dumps back to the attacker. Video footage from surveillance cameras has shown that scammers can install the fake keypad and card reader in under five seconds”, he added.

Access to a card’s information allows criminals to clone the card, which can be “almost indistinguishable from authentic cards, often including holograms and embossed gold numbers”.

Also, if the criminals have recorded the PIN codes, the cards can be used at any ATM to withdraw cash.

“Consumers should look out for any attached keypads or strange looking card slots. Often they are fixed point mounted and create a small overlap that just looks a bit odd and wiggles a bit”, said Wüest.

He warned football fans who would be traveling to South Africa in a couple of months for the 2010 World Cup to pay special attention to their bank and credit cards usage, stating that “while the country is a developing economy, it has a highly sophisticated and modern banking infrastructure and credit card fraudsters to match it”.

To fight online fraud during the 2010 Soccer World Cup, Symantec has created the website with useful information on Internet scams related to the upcoming event.

Symantec is one of the global leaders in providing security, storage and systems management solutions.