Tuesday, August 19, 2008

Major bank card scam uncovered - - 18 Aug 2008

Gardaí are searching for a criminal gang which has illegally skimmed data from around 9,000 debit and credit cards which would allow the cards to be cloned and used overseas, it has emerged.

The scam came to light last Friday when a retailer noticed a small device had been attached to a card payment terminal in one of its shops. The device had the capacity to record all information from the magnetic strip on the back of a payment card as well as the PIN number needed to make withdrawals or purchases.

The device was fitted by a man who called to the shop and claimed to be an engineer working for the bank who supplied the terminal.

Informed sources have told The Irish Times that four further identical cases have come to light since Friday in the north and east of the country. The same gang, members of which are not believed to be Irish, is suspected in all cases.

People posing as engineers are known to have fitted card reading technology to at least five terminals in five major retailers under the guise of carrying out maintenance. The skimming device used is based on mobile phone technology which enables the data skimmed to be downloaded from anywhere around the world.

Around 9,000 cards had been swiped through the five targeted machines since Thursday.

The retailers targeted all had monitoring software linked to the terminals. At the end of a day’s trading the software alerted them to the fact that their machines had been tampered with.

The retailers have also been able to provide CCTV images to gardai of the gang members behind the scam. The Irish Payment Services Organisation (IPSO) said those responsible appear to be trained engineers with an advanced level of expertise.

Head of card services at IPSO Una Dillon said: “IPSO has been working together with the Gardaí, banks, card issuers, terminal manufacturers and other relevant bodies in the banking industry to examine the details of this fraud so that necessary action can be taken to minimise its impact and to prevent it going forward.”

“The payments industry body is extremely concerned about these fraud attacks and ensures that all appropriate action is being taken. In the meantime, banking industry fraud monitoring systems continue to work to detect where fraud is taking place, thus keeping losses to a minimum.”

She said any money taken would be refunded by card issuing banks.

While the information from 9,000 cards has been skimmed gardaí believe the scam has effectively been foiled before cards were cloned and used on a large scale.

It is unclear how much, if any, money has been stolen. However, gardaí believe the sums involved, if any, will be small because the scam was spotted so soon after it began. Any card holders affected will contacted by their bank and issued with new cards.

Because chip and PIN technology is used at machines in Ireland any cloned cards could not be used in this country. Cloned cards could only be used to make purchases or withdraw cash in countries such as Canada and Italy, where chip and PIN technology is not in use.

Some of the banks and card providers targeted have imposed maximum daily withdrawal limits of €100 and €250 for cardholders seeking to make withdrawals overseas.

The full extent of the scam is still emerging but it is believed all of the main card providers have been affected including; Bank of Ireland, AIB, Ulster Bank, Perm TSB, National Irish Bank, First Active, EBS and MBNA.


No comments: