Evidence is emerging that fake chip and PIN readers are being swapped for real devices in the UK and around the world. Criminals are targeting credit card data using fake Point of Sale (POS) devices. Criminal businesses adapt to the changing environment just like legal businesses, however criminal enterprise is looking at new crimes where the suppliers of the readers and those using them against customers would both get a cut of the profits. Even the tough economic times can affect fraudsters!
The business model is very simple. A fraudster at the POS obtains a card reader (the chip and pin machines) subsidized from a criminal supplier and then they would swap it out for the real device at the targeted location i.e. restaurant, railway station or retail outlet. A real customer comes along to pay and has their card swiped and the reader behaves exactly the same as a real chip and PIN device.
The big difference here is that when a real customer has their card swiped everything will appear normal. All the cards work just fine, but all the information that is stored on the card including the chip and PIN are copied and transferred for example using wireless to a web server (this is where websites you visit are hosted – so you can imagine just how many web servers are out on the Internet.
The card criminals (operators) also have a great opportunity to earn money from the fraud, and would expect to earn up to 30% of the credit card data value.
Safe surfing folks!