skimming
Latest
Card skimming hack targets 201 campus stores in North America
The infamous Magecart card skimming hack has been used to make life miserable for college students. Trend Micro has discovered that a hacking group, currently nicknamed Mirrorthief, relied on the scripting technique to steal card data from 201 online campus stores across the US and Canada on April 14th. The team slipped its scripts into the checkout pages of the sites (all created by a common developer, PrismRBS) to harvest full card details, names, addresses and phone numbers. The number of people affected by the heist isn't yet clear.
British Airways hackers used same tools behind Ticketmaster breach
The British Airways web hack wasn't an isolated incident. Analysts at RiskIQ have reported that the breach was likely perpetrated by Magecart, the same criminal enterprise that infiltrated Ticketmaster UK. In both cases, the culprits used similar virtual card skimming JavaScript to swipe data from payment forms. For the British Airways attack, it was just a matter of customizing the scripts and targeting the company directly instead of going through compromised third-party customers.
NYPD says 'Skim Reaper' device could curb ATM fraud
Skimming costs US consumers more than a billion dollars a year. The practice, which sees devices illegally installed on ATMs and gas station pumps to "skim" credit card information from unsuspecting users, can affect everyone. Even cybersecurity expert Patrick Traynor, who's now come up with a solution that could end the nefarious crime for good.
Thieves find a more insidious way to steal credit card details
The secret service has issued a warning to banks and ATM companies about a new way that thieves can steal your credit card information. A report from Krebs on Security explains that "periscope" skimmers have been found inside teller machines in Connecticut and Pennsylvania in the last two months. Of course, since the devices attach to the internal mechanism, there's absolutely no way for an end user to tell if they're at risk.
Hacks turn Square's reader into a card-stealing machine (updated)
As helpful as a Square Reader may be for purchases at trendy stores, you'll want to watch out -- in the right circumstances, they can also be used to steal your credit card info. Security researchers have discovered that you can physically disable the encryption the device uses to protect your financial info, turning the Reader into a tiny, portable card skimmer. There's also a way to record the signal created by your card when you swipe its magnetic stripe on an unmodified Reader, which theoretically lets evildoers charge your card without approval.
DCUO gets new skimming movement power
DC Universe just got a new movement variation, and Skimming represents the first such addition since the superhero MMO's 2011 launch. Skimming allows players to "swoop, glide, and soar on Aero Discs like Mister Miracle," according to SOE's press materials. Skimming also shares a skill tree with Flight, meaning that they both "have the same aerial traits and abilities as well as feats, races, and trophies." Members get Skimming for free, while free-to-play gamers can purchase it in DCUO's cash shop. Game Update 42 is also live, and you can read all that via the official DCUO website. Don't forget to click past the cut to view Skimming in action!
Engadget Daily: credit card skimming, floating 'Star Wars' holograms and more!
Today, we investigated the tech behind credit card skimming, looked at floating 3D video, learned about next gen lithium ion batteries and checked our Uber passenger ratings. Read on for Engadget's news highlights from the last 24 hours.
What you need to know about card skimming
"Skimming" is a blanket term used when referencing a crime where you take small amounts of money. It literally means to take cash off the top, as if money were the sweet cream floating atop a cauldron of lesser riches. Fifty years ago, skimming might have meant stealing a handful of dollars from your employer, or even millions in elaborate scams we've seen in countless Hollywood films. Today's skimming, however, employs tricks and hardware that are absurdly complex and yet sneaky enough to elude detection. Unless you know what to look for, of course. Today's world of skimming is high-tech, and it wants your credit card and banking info. Though we can't help you catch every conceivable method that crooks are using to try to rip you off, being armed with a bit of knowledge on the topic could save you major hassle down the road. No matter what you take away form this read, at a minimum you'll never look at an ATM or POS terminal the same way again.
Account-stealing bank machine skimmers are now virtually invisible
Bank machine skimmers, which swipe your account as you insert your card, have been getting increasingly harder to spot as the years go by; now, it looks like they're just about undetectable. Researchers at the European ATM Security Team have found skimmers that not only fit neatly into a card slot, but do a good job of hiding any other equipment they need to steal your info. One example (shown below) combined a virtually invisible skimmer with a cleverly hidden spy camera that recorded PIN code entries. Another disguised a system that captured card info through audio, and there are now translucent mini-scanners that even a keen eye might miss.
The definition of karma: PayPal president's credit card gets hacked
If you've ever lost access to your PayPal holdings through no fault of your own -- say, following a shady money transfer -- you may be tempted to enjoy a little schadenfreude today. PayPal president David Marcus reports that someone used a skimming device to clone his credit card while he was in the UK, letting the perpetrator make a "ton" of fraudulent purchases. It's virtually the embodiment of karmic payback, isn't it? In fairness, the executive is right when he notes that the incident wouldn't have happened if the merchant accepted PayPal; the company would have masked the card number and rendered the skimmer useless. And we sincerely hope that Marcus' finances are back in order. All the same, the affair shows just why business leaders should be sympathetic to their customers' problems -- one day, they may be stuck in the same boat.
Black Hat hackers demo Square card skimmer, feed it stolen credit card numbers
Here's some more fun out of Vegas, this time involving Jack Dorsey's Square and a little thing we like to call credit card fraud. Researchers from Aperture Labs (seriously) held two demonstrations at the Black Hat Conference. The first used a script, written by Adam Laurie, to convert stolen credit card data into a series of audio tones that were then fed to the Square app via the headphone jack on a phone -- removing the need to have a physical card. A second avenue of fraud, also using code authored by Laurie, turned the Square dongle into a skimmer. It intercepted incoming data, which is unencrypted, and spit out human readable numbers that could easily be used to clone a card. New hardware that encrypts information pulled from the magnetic strip is in the pipeline but, until then, it seems everyone's favorite smartphone-based payment service has some troublesome holes to fill.
VeriFone calls out Square for 'gaping security hole,' publishes sample app to demonstrate
VeriFone, a huge provider of credit card processing systems that's been around since time immemorial, has taken a huge swipe at upstart Square today, branding its free, headphone jack-based credit card readers "skimming devices" and demanding their immediate removal from the market. Crazy, right? VeriFone's CEO has thrown up a YouTube video talking about the exploit its thrown together, and it's more of a social engineering hack than a technical one: a bad guy makes a fake Square app for his phone, plugs in the reader, and steals your unencrypted credit card details without running a "real" payment through Square's system. They're really going big with this, too -- not only is VeriFone's sample app available for download, but they've sent notices to Visa, MasterCard, American Express, and JP Morgan Chase, which handles Square's processing. Sounds like a possible problem, sure -- but when the "exploit" is being announced in such grand fashion by a company that's most threatened by Square's business model, you can't help but feel a little icky about it. Follow the break for video.
Elecom intros skim prevention kit for wallet, cellphone
If you're down with the whole "swipeless" idea, but don't much dig the potential lack of security associated with it, Elecom's coming to the rescue in an attempt to put your paranoia to rest. The Skim Black I lineup of gear consists of a thin, wallet-based card and a not-so-elegant adornment for cellphones (pictured after the jump), both of which eliminate snoopers from jacking your precious information (or identity) by cutting off a reported 99.9-percent of radio waves. To be effective, the skim prevention card must be close to any swipeless cards in your wallet or pocket, while the bulkier SKM-K001 needs to be stuck on the rear of your mobile to effectively destroy the hopes of data thieves (and all stylistic appeal your handset previously had). Both units should be hitting Japan any day, and while the SKM-C001 wallet card will run you ¥1,260 ($11), the cellphone guardian will demand ¥2,310 ($20).[Via AkihabaraNews]
