Cyber criminals have been planning to conduct a sophisticated scam that involves using cloned US credit cards to target self-checkouts in British supermarkets.
The criminals have been plotting to clone magnetic stripes to create cards, and then use these cloned cards to loot US bank accounts at British checkouts, BBC reports.
In online forums, the thieves discussed how to use self-service tills, in particular in Asda and Tesco, to conduct transactions without being watched by a cashier. But the supermarkets told the BBC that there was little chance the criminals would make significant gains.
Andrew Moloney, a security expert at software supplier RSA, said cloning the magnetic stripe on the card is “one of the simplest ways to commit fraud."
“There’s no pin involved, it’s not encrypted, and the hardware for doing it is readily and legally available. It’s essentially the same hardware you’d use when making a membership card,” he said.
Unlike the UK chip and pin system, US credit cards only require a signature for transactions. In the planned scam, the fraudster would create cloned cards, therefore could create any signature they wish.
But the criminals’ plan may have been flawed because self service tills in many supermarkets will not accept transactions without a pin being entered, according to a Tesco spokesperson. Tesco also said a member of staff would have to approve a signature. Asda could not be reached for immediate comment on its authorisation controls.
Even the pin identification system is not completely safe, according to Eric Domage, manager of western European security research at analyst house IDC. In one instance in Paris, he said, criminals were placing fake cash machines on the front of real machines, capturing the cards and pin numbers, and then taking the cards round the corner to spend thousands of euros.
But criminals using cloned cards are also taking a risk, Domage said. "People doing this will be caught easily on camera when they use the self service tills."