14 DAY TRIAL // The National Police Service in Ireland is investigating a major credit card scam in which information of over 20,000 credit and debit cards has been stolen. The attackers posed as bank service personnel and attached rogue devices to card readers in stores from northeast Ireland. The captured data was then sent on the Internet using a wireless connection.
The use of rogue card readers, for example, attached to bank ATMs, is not uncommon in the world of credit card fraud but, in this case, it was done on a large scale. Furthermore, the data gathered can be used to create clones of the cards, to empty the accounts or perform online transactions.
Because most European countries use the "chip-and-pin" system, in which an embedded chip is also checked when the credit card is inserted into an ATM, the scammers will most likely attempt to withdraw the money from other countries in the world that do not have this system implemented. To combat this, affected financial institutions like the Bank of Ireland have temporarily limited overseas withdrawals to as little as $150, in addition to completely blocking some cards from being used.
Jennie Chamberlaine, marketing manager for the Irish Payment Services Organization, commented that people whose card details had been stolen would be notified by their respective banks, adding that it was possible that some of the data had already been used for fraud.
In the past few years, the system that uses embedded chips into credit cards has significantly reduced credit card fraud within the European Union territory. However, this has a downfall. The attackers moved to countries outside EU in order to withdraw the money, which makes it a lot harder to track and arrest them. "Card fraud has tended to move to the weakest link," pointed out Jennie Chamberlaine.
The "chip-and-pin" system does not offer protection for online transactions, where only credit card information is needed, and not the physical cards themselves. The web is also the environment where many forms of social engineering, like e-mail scams and phishing, are used in order to steal personal information. Further details regarding this attack are being kept secret during the investigation, due to the sensitive nature of the data involved.