Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service, the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards. The scammers then pay for merchandise by instructing a cashier to scan the barcode and enter the expiration date and card security code.
Earlier this month, the Secret Service documented a recent fraud incident in Texas involving a counterfeit club membership card containing a barcode, and a card expiration date and CVV printed below the barcode.
“Located underneath the barcode are instructions to the cashier on the steps necessary to complete the transaction,” reads an alert the Secret Service sent to law enforcement agencies. “They instruct the cashier to select card payment, scan the barcode, then enter the expiration date and CVV. In this instance, the barcode was encoded with a VISA credit card number.”
The instructions on the phony rewards card are designed to make the cashier think it’s a payment alternative designed for use exclusively at Sam’s Club and WalMart stores. When the transaction goes through, it’s recorded as card-not-present purchase.
“This appears to be an evolution of the traditional card-not-present fraud, and early indications are linking this type of activity to criminal organizations of Asian descent,” the Secret Service memo observed.
“As a result of this emerging trend, instead of finding a large number of re-encoded credit cards during a search, a subject may only possess stickers or cards with barcodes that contain stolen card data,” the alert continues. “Additionally, the barcodes could be stored on the subject’s cell phone. If barcodes are discovered in the field, it could be beneficial to utilize a barcode scanning app to check the barcode for credit card data.”
*** This is a Security Bloggers Network syndicated blog from Krebs on Security authored by BrianKrebs. Read the original post at: https://krebsonsecurity.com/2020/02/encoding-stolen-credit-card-data-on-barcodes/