This article is from the source 'bbc' and was first published or seen on . It will not be checked again for changes.
You can find the current article at its original source at http://news.bbc.co.uk/go/rss/-/1/hi/technology/7584258.stm
The article has changed 3 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| Hackers prepare supermarket sweep | Hackers prepare supermarket sweep |
| (40 minutes later) | |
| Self-checkout systems in UK supermarkets are being targeted by hi-tech criminals with stolen credit card details. | Self-checkout systems in UK supermarkets are being targeted by hi-tech criminals with stolen credit card details. |
| A BBC investigation has unearthed a plan hatching online to loot US bank accounts via the checkout systems. | A BBC investigation has unearthed a plan hatching online to loot US bank accounts via the checkout systems. |
| Fake credit cards loaded with details from the accounts will be used to get cash or buy high value goods. | Fake credit cards loaded with details from the accounts will be used to get cash or buy high value goods. |
| The supermarkets targeted said there was little chance the fraudsters would make significant gains with their plan. | The supermarkets targeted said there was little chance the fraudsters would make significant gains with their plan. |
| With the help of computer security experts the BBC found a discussion on a card fraud website in which hi-tech thieves debated the best way to strip money from the US accounts. | With the help of computer security experts the BBC found a discussion on a card fraud website in which hi-tech thieves debated the best way to strip money from the US accounts. |
| The thieves claim to have comprehensive details of US credit and debit cards passed to them from an American gang who tapped phone lines between cash machines and banks. | The thieves claim to have comprehensive details of US credit and debit cards passed to them from an American gang who tapped phone lines between cash machines and banks. |
| 'Cashing out' | 'Cashing out' |
| The gang plans to copy card details onto the magnetic stripes of fake cards and then use them in UK stores. In the discussion on the card site those co-ordinating the fraud say they are seeking places to "cash out", meaning strip funds from the bank accounts using fake cards. | The gang plans to copy card details onto the magnetic stripes of fake cards and then use them in UK stores. In the discussion on the card site those co-ordinating the fraud say they are seeking places to "cash out", meaning strip funds from the bank accounts using fake cards. |
| In the forum they are asking for information about Asda and Tesco stores in which it is possible to use self-service systems that mules could visit with the fake cards to get at the cash. | In the forum they are asking for information about Asda and Tesco stores in which it is possible to use self-service systems that mules could visit with the fake cards to get at the cash. |
| Advertisement | Advertisement |
| Reformed hacker Jacques Erasmus of online security firm Prevx explains the scam. | Reformed hacker Jacques Erasmus of online security firm Prevx explains the scam. |
| The fraudsters are looking for self-service systems to avoid contact with store staff who may spot the fake cards. | The fraudsters are looking for self-service systems to avoid contact with store staff who may spot the fake cards. |
| Over the period of a month from mid-August the ringleader claims he will have details from 2300 cards to handle. | Over the period of a month from mid-August the ringleader claims he will have details from 2300 cards to handle. |
| In the forum he declares: "Its (sic) shopping spree guys help me out and I will take care of you." | In the forum he declares: "Its (sic) shopping spree guys help me out and I will take care of you." |
| It's not difficult to take compromised cards from one country and exploit them in another Andrew Moloney | It's not difficult to take compromised cards from one country and exploit them in another Andrew Moloney |
| The information found by the BBC has been passed to the Dedicated Cheque and Plastic Crime Unit so it can investigate the ongoing fraud. | The information found by the BBC has been passed to the Dedicated Cheque and Plastic Crime Unit so it can investigate the ongoing fraud. |
| Andrew Moloney, security evangelist at RSA, said the gang were involved in "classic" card fraud by cloning details on to magnetic stripes. | Andrew Moloney, security evangelist at RSA, said the gang were involved in "classic" card fraud by cloning details on to magnetic stripes. |
| He said it was an example of a long observed trend in fraud. | He said it was an example of a long observed trend in fraud. |
| "We've seen a shift from card-present fraud to card-not-present to fraud abroad," he said. | "We've seen a shift from card-present fraud to card-not-present to fraud abroad," he said. |
| "The internet is the global marketplace," he said. "It's not difficult to take compromised cards from one country and exploit them in another. It's a simple and routine procedure for these guys these days." | "The internet is the global marketplace," he said. "It's not difficult to take compromised cards from one country and exploit them in another. It's a simple and routine procedure for these guys these days." |
| The discussion on the crooks' forum is a bit of a wake-up call for all those who think that the introduction of chip-and-pin in the UK has wiped out card fraud Rory Cellan-JonesBBC technology correspondent class="" href="http://www.bbc.co.uk/blogs/technology/2008/08/a_forum_for_fraudsters.html">Read the dot.life blog in full Jacques Erasmus, from security firm Prevx, agreed that cashing out abroad was a well established method. "They do not normally cash out in the same country," he said, "just because it makes the law enforcement job that much harder." | |
| He said many criminal gangs even offer their fraudulent services via the web. | He said many criminal gangs even offer their fraudulent services via the web. |
| "They will do it for you in India and China," he said. | "They will do it for you in India and China," he said. |
| Sweeping up | Sweeping up |
| Armed with fake cards and a list of shops and supermarkets that can be hit the fraudsters could make £5-8000 per day, according to Mr Erasmus. | Armed with fake cards and a list of shops and supermarkets that can be hit the fraudsters could make £5-8000 per day, according to Mr Erasmus. |
| The funds would be split between the mules who actually carry out the transactions, those organising the mules and the hi-tech thieves who stole the original card numbers. | The funds would be split between the mules who actually carry out the transactions, those organising the mules and the hi-tech thieves who stole the original card numbers. |
| Representatives from both Tesco and Asda argue that payment systems automatically contact the banks when a card is swiped instead of using chip-and-pin. The banks must authorise the acceptance of a signature. | Representatives from both Tesco and Asda argue that payment systems automatically contact the banks when a card is swiped instead of using chip-and-pin. The banks must authorise the acceptance of a signature. |
| "If the card has not been reported as having been cloned, yes, it can go through," said a spokeswoman for Tesco. However, she pointed out that swipe and sign transactions represent a tiny fraction of the supermarket chain's trade. | "If the card has not been reported as having been cloned, yes, it can go through," said a spokeswoman for Tesco. However, she pointed out that swipe and sign transactions represent a tiny fraction of the supermarket chain's trade. |
| "We would hope this will bring further pressure on the States to introduce chip-and-pin," said Jemma Smith of the UK payments organisation Apacs. "Until that happens we will still see fraud on US cards happening in our shops and our cash-machines and also fraud on our cards happening in the US." | "We would hope this will bring further pressure on the States to introduce chip-and-pin," said Jemma Smith of the UK payments organisation Apacs. "Until that happens we will still see fraud on US cards happening in our shops and our cash-machines and also fraud on our cards happening in the US." |