Criminals have devised a new scheme that aims
to drain the bank accounts of large corporations.
US authorities are alerting banks to a new
type of payment card fraud that is targeting chips in debit cards sent through
the mail, a report by KrebsOnSecurity reveals.
According to a warning issued by the United
States Secret Service in late March that was obtained by security journalist
Brian Krebs, it is a rather elaborate scheme that ultimately seeks to drain
funds from the accounts of large corporations.
First, fraudsters intercept letters
containing chip-based debit cards sent in the mail to high-value corporate
customers. They then prise the chip from the newly-issued payment card by
exposing the card to heat and melting the glue.
Next, they replace the chip with an expired
or invalid chip while placing the stolen chip into an old card. They then
repackage the card with the dud chip and dispatch it to its recipient, waiting
for the unsuspecting firm to activate it.
It’s not clear how exactly the thieves are
able to intercept the letters. Krebs suggests that the scheme could involve
postal employees or that perhaps the fraudsters steal the letters directly from
corporate mailboxes. “Either way, this alert shows the extent to which some
thieves will go to target high-value customers,” Krebs wrote.
“The reason the crooks don’t just use the
debit cards when intercepting them via the mail is that they need the cards to
be activated first, and presumably they lack the privileged information needed
to do that,” he added.
It probably doesn’t take long before the
companies notice that something is amiss, which gives the criminals only a
narrow window of opportunity to steal funds. Also, apparently the scam can only
pay dividends if no PIN validation is required.
In late January, Krebs informed about another memo that the Secret Service issued
to financial firms. Back then, he reported that jackpotting – a kind of attack
that involves manipulating ATMs into spewing out cash like slot machines – had made
its way into the United States.