Buy Clone Cards
In the United States, there has been a shift from using insecure magnetic stripe in credit and debit cards to more secure chip-and-PIN cards, regulated by the EMV standard. This move was intended to increase transaction security and reduce card fraud. However, our researchers have recently discovered that a group of cybercrooks from Brazil has found a way to steal card data and successfully clone chip-and-PIN cards.
At the Security Analyst Summit 2018, our experts presented their research on this topic. In this post, we will attempt to explain their complex findings in a concise manner.
Jackpotting ATMs and Beyond
While investigating ATM jackpotting malware used by a Brazilian group called Prilex, our researchers came across a modified version of the malware with additional features. This modified malware was used to infect point-of-service (POS) terminals and collect card data.
The malware had the ability to modify POS software, allowing a third party to capture the data transmitted by a POS to a bank. This is how the criminals obtained card data. When you make a payment at a local shop with an infected POS terminal, your card data is immediately transferred to the criminals.
However, having the card data is only half the battle. To steal money, the criminals also needed to be able to clone cards. This process was made more complicated by the chips and their multiple authentications.
The Prilex Group’s Card Cloning Infrastructure
The Prilex group developed an infrastructure that enables its “customers” to create cloned cards, which theoretically shouldn’t be possible.
To understand why it is possible, let’s first take a quick look at how EMV cards work. Then, we’ll explain the card cloning process in simplified terms.
How the Chip-and-PIN Standard Works
The chip on the card is not just flash memory but a tiny computer capable of running applications. When the chip is inserted into a POS terminal, a sequence of steps is initiated.
- Initialization: The terminal receives basic information such as the cardholder’s name, card expiration date, and the list of applications the card can run.
- Data Authentication (optional): The terminal verifies the authenticity of the card using cryptographic algorithms. This is a complex process.
- Cardholder Verification (optional): The cardholder must provide either a PIN code or a signature, depending on how the card was programmed. This step ensures that the person using the card is the same person to whom the card was issued.
The Prilex group managed to overcome these authentication measures and create cloned cards, allowing them to carry out fraudulent activities.
In conclusion, despite the implementation of chip-and-PIN cards, card cloning is still a threat. It is essential for financial institutions and individuals to remain vigilant and take necessary precautions to protect themselves against these cybercriminals.