The new cards are intercepted in the mail, the chips get switched out, and bank accounts are drained before anyone realizes there’s a problem.
Whenever we are sent a new debit or credit card in the mail, it is always accompanied by guidance on how to keep it safe from potential thieves. But what if that brand new card has already been compromised? That’s exactly what is happening to large corporations in the US according to the Secret Service.
As KrebsonSecurity reports, the US Secret Service is warning financial institutions about this new type of mass debit card fraud. The criminals are targeting large corporations who have new debit cards sent to them in a bulk package directly from a bank/financial institution. Those packages are intercepted, the chips removed from the new cards using a heat source to melt the glue, and old chips attached to replace them.
When the package is mailed on to its intended destination, the cards look fine and so they get activated. The clever bit here is, the new cards make it through the activation process, but can’t be used because the attached chip doesn’t match. However, because the card is now active, the stolen chips from the cards do work and allow the criminals to drain those account before anyone realizes something is wrong.
Card activation typically requires information the criminals don’t have access to, so taking the time to remove and replace the chips is actually a much more reliable way of stealing the card. It also opens up a larger window of opportunity as (if they do a good job of attaching the old chips) nobody suspects anything is wrong and the hard work (activating the cards) is done for them.
The easiest solution to this fraud problem is to figure out how the cards are being intercepted. The financial institutions sending out the cards could quickly put an end to this by using a more secure method of mailing them. Of course, that would cost more money, but probably much less than the cost of dealing with mass debit card fraud.