Is this possible? Cloning debit card question.

Someone’s used my debit card details at a shopping mall in Kuala Lumpur.

Thank goodness the Halifax spotted it! Their fraud team tell me there are three ways my details might have been obtained: hacking into my computer, a skimming device at an atm, letting the card out of my sight.

I never let my card out of my sight, I won’t use an atm if it looks funny (and only ones from major banks), online? not sure, if they’d got into my computer why not take my other card details.

Question: I’ve been using the underground a bit recently. You get really close to people there. My cards are in my wallet in a backpack. It is possible to read/copy/scan a card via some kind of reader?

Petrol stations are a popular place for peoples cards to be skimmed.

Could be anywhere you’ve used the card really.

If your card has an RFID/NFC chip it is technically possible to do this although I’m not really sure how much this is happening and how big the risk is. You do see wallets and such with metallic linings being sold, supposedly to foil this sort of scanning.

they’d still need the PIN, though, for any significant purchase?

they’d still need the PIN, though, for any significant purchase?

Not outside the UK and WE. Eg the USA still just use signatures….

Yup it’s possible.. Barclays this morning caught a big skiming network from a north London branch.. 😯

Some countries STILL dont insist on chip and PIN. Google suggests KL is one of these.

Any machine that swipes your card, or swallows your card temporarily can have a small doofer added that reads the mag stripe.

That then gets sold online and written to a “blank” card. The new user adds their own signature.

So automated machines for parking charges, tickets, that kind of thing can be modified locally.

to foil this sort of scanning.

I see what you did there…!

As above, can be a pretty simple skim. Thankfully, banks are great at spotting odd patterns these days.

You don’t actually need the card at all. The retailers receipt has all the relevant card info on it – hence petrol stations being a big target for these. Bung the till operative a few quid to let you have a look at the days till receipts and note all the numbers and expiry dates down and you’re good to go. Go shopping in Kuala Lumpur anyway.

I see what you did there…!

Glad someone’s on the ball 🙂

I had to my cancel my c/card last year after someone started buying airline tickets on it. Barclaycard picked up the change in pattern straight away. However I was stunned when talking to the fraud team when they admitted they probably wouldn’t attempt to track those responsible down – it’s cheaper to just take the hit (buying an airline ticket I thought would make it easy to catch someone!)

Would also watch out for hotels and car rental too. Although the fraudulent use there would more likely be online mail order.
They only need to cop a glance at the back of the card to see the 3 digit CV2. They also know the card number, home address, and exactly how long you’re staying. There are ways to make those 3 digits not easily visible to anyone but you.

edit: and when mine was done thanks to using a very popular online bicycle store, most of the fraudulent purchases were for shoes and flights.

Go shopping in Kuala Lumpur anyway.

Lots of great online bike deals from there apparently 😉

Afaik you can simply clone a card. The algorithm that generates the numbers is well known, and you can simply keep trying expiry dates and number combos til you find one.

It’s one approach at least.

interesting . . . I have very recently made a purchase from a popular online bike shop !

interesting . . . I have very recently made a purchase from a popular online bike shop !

Your card holds your details in 3 ways

1. on the chip
2. on the magnetic strip
3. stamped on the front

The security on the chip could only be copied by NSA levels of decryption. Its secure. That’s why the preferred method of transactions by the bank is Chip & Pin

The strip doesn’t hold much more detail than what’s stamped on the front of your card. I can’t recall but it may have address details to help with verification. But in the end its not much more different from what’s printed on the front.

Fraud usually happens by crims getting the card no. & expiry date and creating a card and using it in a country where they don’t use chip and pin transactions.

But not to worry if your card is copied, Visa, MaterCard and AMEX are obliged under credit card rules to refund you. If they didn’t the market would lose faith in the whole thing and we’d be back to cash.

Basically, the only thing the consumer has to worry about is if there are fraudulent transactions that you don’t spot and therefore don’t tell your bank about. Otherwise, it’s the credit card companies problem.

..amazing what random info you pick up in your life, isn’t it

The strip doesn’t hold much more detail than what’s stamped on the front of your card. I can’t recall but it may have address details to help with verification. But in the end its not much more different from what’s printed on the front.

You’re nearly right, but in the UK most card issuers adds numbers that are only known by the issuer (eg version and duration numbers). In some cases this is noise. But when the issuer gets the track 2 from the POS it compares it to what it knows it has written on the stripe originally.

You could guess these addition numbers, but it’s highly unlikey.

The most secure ATMs are those that suck in and spit out your card slowly with a jerky motion. Any skimming device needs the card to move by at a constant speed to read the data, so the jerky motion prevents the skimmers from being able to read the code. But another method is to attach a small camera to the ATM that records the card details and your PIN if you don’t cover with your hand.

I don’t think you can get info from a receipt as all but 4 of the card numbers are replaced with asterix’s.

Maybe it’s not your computer they’re hacking. It could be a shops that you’ve used or they’re working in cahoots with the shop attendants.

Happened to me a few years ago…£5k gone.

Got it back though without quibble from the bank.

They said that it my details were probably skimmed months previously… I think it was a petrol station near Norwich.