What is credit card cloning?

Card cloning – sometimes known as card skimming – is a type of credit card theft in which a fraudster creates a copy of a legitimate user’s credit card.

How Card Cloning Scams Work

Fraudsters typically rely on technologies like skimmers, small devices that can be affixed to hardware like point of sale (POS) terminals at a physical retail location or even at an ATM. These skimming devices act as card readers that collect an unsuspecting victim’s credit card information – including card numbers, PINs, and CVV data – by reading the magnetic stripe on the back of the physical credit card or debit card. They are also cheap and can be obtained through online purchases.

Fraudsters can implement a fake keypad on the POS terminal or ATM that allows them to steal the real cardholder’s PIN information. Once they have collected this information, they can take the stolen credit card information, PIN, and CVV data to make a new, physical card to make fraudulent purchases in the real cardholder’s name. The cardholder might not realize something has happened until they check their financial statements, bank accounts, or see a change in their credit score. 

Cloning doesn’t need to be physically done anymore, either. Contactless technology has made it possible for fraudsters to steal numerous card numbers using remote scanning devices simply by walking down a crowded street with a concealed scanner in their backpack or purse. 

Examples of Credit Card Cloning

Card cloning is a global phenomenon that surged by 34% across all regions according to Feedzai research. Last year, police in Ireland arrested a pair of men and seized 66 credit cards that had been cloned using skimmers. In India, more than 350 cloned cards were seized by police just last month. In the United States, the FBI recently arrested six people for stealing over $200,000 from gas stations using card skimming technology. 

How Big of a Problem is Card Cloning?

The numbers speak for themselves.

3 Ways Financial Institutions Can Fight Card Cloning

Implement EMV Chips

One of the biggest advancements in the fight against card cloning is the advent of EMV (Europay, Mastercard, Visa) microchips that act as safer, encrypted alternatives to magnetic stripes. EMV chips use encrypted payment information that makes it extremely challenging for fraudsters to clone cards. While this technology is much more secure than the magnetic strip alternatives, even EMV technology has its vulnerabilities.

For starters, many POS terminals allow transactions to be completed using both magnetic stripe and EMV options. If the consumer is uncomfortable using the EMV chip, they will use the more familiar magnetic stripe instead, which risks having their credit card number compromised and cloned. Meanwhile, a report from a security firm noted that cybercriminals found a workaround tactic that allowed them to make purchases using magnetic stripe cards with data that was intended for EMV chips.

Unfortunately, these findings point to a disturbing reality: stopping card cloning is a constant game of cat-and-mouse in which it’s nearly impossible to get fraudsters to stop cloning cards. 

Build Customer Profiles

The most effective way to prevent card cloning fraud is to use customers’ data profiles to understand how they normally behave. Having profiles of customer’s normal behaviors can help banks and merchants determine if a cloned card might be at play based on the cardholder’s location, whether or not they used the EMV chip or magnetic strip, the number of purchases made in a period of time, the time of the day the purchase is attempted, the frequency of transactions, or even if the user is using a physical card or contactless card to make a purchase. Access to customer profiles can also provide insight into the frequency and speed of payments between different locations. These could be red flags that a cloned card is being used in multiple locations by a fraudster. 

Review physical infrastructure

Banks and merchants should take stock of their physical infrastructure to determine if there are any vulnerabilities that fraudsters might try to attack. This can include POS terminals and ATM kiosks. These efforts can go a long way in making it harder for fraudsters to clone legitimate credit cards. Merchants, for example, can ensure that their POS terminals are all EMV compliant and educate their customers to use a more secure way of completing purchases. Remember, having a little friction makes life difficult for fraudsters.

It might be impossible to stop card cloning altogether. But the combination of profile data and securing physical infrastructure can help banks and merchants feel more secure that the credit cards they accept are legitimate and noted cloned copies.

Want to understand how fraudsters took advantage of the global pandemic? Watch Financial Crime Webinar Q4 2020: How Covid Impacted Consumers & Fraud on-demand for exclusive insights based on over 34 billion global transactions to learn how financial fraud changed during a time of unprecedented disruption.