According to a BBC investigation, stolen US credit card details are shared on the underground carding market for use in the UK. A gang that stole thousands of credit card details from ATMs across the US are contacting UK carders, and have them manufacture fake card clones to buy goods, or withdraw cash from self-service store chains like Asda and Tesco.

The British fraudsters are also looking on carding forums for mules, people that handle the physical aspect of the fraud for a share of the illegal profits. The most likely approach will be to buy high-value goods like electronics or expensive liquor, and then resell the items. Using the cards to get cash back payments is also theoretically possible, but Tesco officials have stated that the self-service terminals in their stores do not allow for such transactions.

The carders that specialize in cloning cards are looking for mules because, with scams of this nature, there is a high risk of exposure. Andrew Goodwill, director at The 3rd Man Ltd., a company that specializes in card fraud prevention, pointed out that "this is risky because fraudsters risk being captured by CCTV on checkouts. Carders typically like to remain faceless."

He also explained why this kind of scam was possible even though UK and most EU countries have implemented the “Chip and PIN” system, which adds an additional chip-level layer of protection to credit cards. "This approach wouldn't work on UK-issued cards but would work on foreign issued cards where there is a fall back to using data from the magnetic stripe in cases where the cards don't support Chip and PIN," he said. Unfortunately, this system is not yet available in the US, which puts companies like Tesco at risk regarding fraud, even though their terminals have the “chip and pin” system implemented.

Hitting self-service checkouts is preferred by criminals, since it reduces the chances of fake cards being detected. It also simplifies the card cloning manufacturing process, because the fake cards just need to be plain plastic sheets with a magnetic strip attached, as opposed to carefully crafted and branded clones that would be required to trick store personnel. Jacques Erasmus, from the Prevx security company, estimated that the fraudsters could make between $9,000 and $14,000 per day with this scam.

Tesco and Asda officials have noted that the systems block payments if the accounts have been reported as compromised. However, until the US and other countries implement the chip and pin system, this kind of scams that involves stealing credit card information in one country and cashing the money in another will still be possible because of the necessity of backward compatibility of the verification systems. This means that chip protected cards will still work in countries that did not implement the chip and pin system, while cards from such countries will also work on bank terminals that are chip-reading capable.