Cyber criminals and malicious scammers are constantly at work to devise new ways to steal confidential user data. Unfortunately, such attacks are not just restricted to the Internet. A recently discovered spate of attacks enables scammers to steal credit/debit card details and these methods are increasingly carried out in the physical world.
In brief, here are the 5 most common places from where credit/debit card data can be stolen:
- Restaurants and retail stores
- Online shopping portals
- Hacked email accounts
- ATM machines
- Thieves and pickpockets
Restaurants and retail stores
Some scammers have devised ways to tamper with the card readers at retail stores. Malicious smart cards that look like legitimate cards are created and then inserted into the machines to make a payment. However, the machine simply says than an error has occurred and the retail store merchant is unaware of the damage that has been done. When a genuine payment is made with a valid card over the same machine in the future, the details of that card get recorded. Now the scammer revisits the store after a day or two and inserts the fraudulent card into the machine to make another seemingly innocent payment. Details about all the cards that have been inserted in the interim period are now transferred into the malicious card which can be viewed by the scammer via another device.
Online shopping portals
The best online shopping portals mandatorily use secure methods to protect user details. Unsecure portals are susceptible to hackers and can easily lose data to scammers. There have been several instances where major online portals have been breached and card details have been stolen and misused. From a customers perspective it is advisable to be aware of the concept of SSL and security certificates. Additionally, the best Internet security software installed on a machine can also detect fraudulent pages and portals.
Hacked email accounts
Many people receive and pay their credit card bills via email. So if a hacker manages to gain access to an email account, he can cause a lot of trouble. It is imperative to use various tools for email protection like two-factor authentication, strong and unique passwords etc. Mail services like Gmail and Yahoo also offer other methods to check if your account has been hacked into, and these are worth exploring as well.
ATM Machines
Theft of card data from ATM machines is known as ‘skimming’. This is accomplished with the help of simple card reading equipment and a small camera that records an individual when he punches in his PIN. Scammers also use equipment that replicates the magnetic strip of cards. However, various steps can be taken to avoid such attacks and this includes shielding your hand while typing the PIN and being aware of suspicious looking machines.
Thieves and pickpockets
Physical loss of possession of cards is the biggest risk in this scenario. It is advisable to report a card loss to the concerned bank and local authorities as soon as possible. Another noteworthy precaution is to monitor card statements and activity for any signs of malicious activity.
Credit/debit card usage is convenient yet dangerous as scammers have come up with several innovative methods to gain such information. Readers are advised to stay vigilant and follow various safety measures to remain protected.
134 Comments
Brilliantly explained..
Thanks for sharing the information and expertise!
Thank U Rahul for your valuable information.
Gautam Arun
Odisha
This is a good way to steal credit card details from Restaurants and retail stores but this a method or the problem.
How can we(consumers) prevent it from happening ??
Hi Prakram,
Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
Regards.
Look Rahul,
If the stores are not involved in the scam, where is a question of trusting or not trusting a store? It has to be convencing and serious if it is possible.
Thanks
Shailesh
Its really a helpful information, it should be read by all the persons who are using their credit care carelessly.
Thank you too mutch
the card fraud at retail store…i did not get it..pls explain in detail….
Hi Harsha,
Basically the machine is tampered with malicious software. This steals card information from cards that are inserted in the future.
Regards.
How a card reader will upload a programme through card reader? Are the card reader so badly designed that a software can be installed throgh reader? One need to demonstrate the same in presence of the manufacturer and police in interest of society so that if so it can be corrected.
Dear Rahul it will be great if you take initiative to support your point.
Thanks.
Hi Shailesh,
Card readers are not badly designed but the fact is that every device that works electronically can be made to work in a different manner using various techniques. Unfortunately, attackers come up with innovative ways to target such devices very regularly. In this sense, people can only behave in a reactive manner to such attacks.
Regards.
you are making me nervous…..
I feel like giving up online transactions
Hi Anup,
It is good to simply be aware of such threats. It should not discourage you from carrying out such transactions. Awareness will help in keeping yourself protected.
Regards.
Restaurants and retail stores
This method is not possible — I have never seen any POS terminal which can be programmed by a card itself. POS can only be programmed externally and present terminals use highest level encryption system. This can be done by the bank itself.
Online shopping portals
Presently VBV and MSC 2nd level protection should be used. It is practically impossible to hide a fraud purchase as online purchase records delivery details. Most online payment gateway records IP.
Hacked email accounts
Hacker only get the card number from the credit card statement, not more than that. So this is also impossible.
ATM Machines
I prefer not to use credit card in ATM. While entering PIN in ATM, cover the keyboard by leaning over to keyboard and enter PIN by both hands quickly. Also do some false finger impression so that if a camera even detects your finger movement, it will practically impossible to figure out the number.
Thieves and pickpockets
This is a true problem. Make a complex sign in the card so only you can do an exact sign in the charge slip.
Hi P K Bose,
Thanks for your valuable inputs. Most of your assertions are correct, but such attacks are not impossible. There are many instances where such attacks have actually taken place. It is good that you are aware and protected, but this is not applicable for every individual out there who uses a credit card.
Regards.
how to get it protected ? do you have a solution from your end ?
Hi Raj,
Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
Regards.
How do you prevent yourself becoming a victim of card data theft at retail stores? This is not explained. How I am defrauded is explained, but how to prevent is not told-which is not a big help.
Hi Vijayakumar,
Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
Regards.
WHAT SHOULD WE DO IN RESTAURANT AND HOTELS?
Hi Uday,
Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
Regards.
Thank you for this info. Never really knew about it.
Thank you for the update but what’s the solution? What are the “various safety measures” that we should follow “to remain protected”?
very useful information. thank u so much,
very important update for every cardholder, but can you provide more details and remedies for the ways of getting cheated by the use of a credit or debit card.
very nice anti virus quick heal total security
Thank You…. For Giving the tips about the “Retail Store Card Reader Fraud”….
please provide additional steps to prevent scammers from stealing our credit/debit card data. THANKS !!!
Will you throw some more light about protection of credit/debit cards at retail stores/shopping malls/ restaurants.
Hi Ramesh,
Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
Regards.
Thank you for the update suggestion what is the solution for the same can you?????????
Hi Raghu,
Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
Regards.
Thanks for the useful information.
Item new but unknown.
Very valuable information. How to keep check whether scammer / attacker has already swipped fradulent card before us.
Hi Sunil,
Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
Regards.
i am using quick heal total security,i want to know how much safe i am from all this frauds..
Thanks for providing the updates. But these are not absolutely new.Almost all the card holders know about these but hardly care about. The lesser the use of cards, the better.
How one will prevent “Retail store card reader fraud”…?
Hi Koushik,
Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
Regards.
Thanks for the valuable information.
Veru very useful info in very simple understandable words. Thanks
Very Good information. We have a Store where many cards are swapped daily. How can Card Data be stores in a Machine ? I am Shocked.
Hi Harish,
Store owners must be vigilant about suspicious error messages that appear on the machine. As of now, this is the only way such software can be embedded so it is advisable to be suspicious if a strange error occurs.
Regards.
I am the victim of online shopping scammers I Purchased a railway ticket from irctc and very next day some one made transactions near about 11 thousands in dollars from London. I complained to the card authorities but they first refused to reverse the amount but later on they reversed the half of that amount rest amount still there. How can I pay when it is not done by me. Please advise.
Hi Harish,
That is a very serious crime against you. We can only advise you to take this matter to the police and legal authorities. Show them the necessary documents and lodge a formal complaint with them.
We wish you all the best.
thnx for this
Nice article. All the symptoms have been clearly explained. But no remedy. What do we do to prevent the hacking at the retail out let ??
Hi Biju,
Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
Regards.
Be careful, use your credit cards, atm carefully at authentic places.
Useless fellows in every office do keep their eyes vigilant for looking at every persons while logging for mail, easy recharge, personal banking etc. and use /transfer this information in using undue advantage of any persons, even the closest collegues/frineds/cronys.
In this husle-busle of every day busy life We should be vigilant enough to keep a watchful eye whether such caterpillar is near or not. We should be alert enough to not to let any such nasty person using your valuable information for their own luxuries, which they can’t afford.
Thanks for your valuable information, its very clearly explained but there are no explanations given how to be safe and i request you to update this article with those information.
thanks in advance
Hi Raj Naidu,
Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
Regards.
This is very serious matter.I hope quick heal can help to give early warning in case of such crime is done on line.Regards.
Very informative. Thanks for explaining the methods.
Brilliantly explained..
Thanks for sharing the information and expertise! Thnx sir???????
Regards
ankit verma
frontier agencies pvt.ltd
What precaution can we take to ensure we protect our card from being misused by a retail store, when we hand over our credit card to them?
This we we are at risk everytime we hand ove a card to a restaurent / petrol pump / retail shop.
Hi Vijay,
Unfortunately, there is not much we can do to prevent such attacks. It is advisable to use cash in busy places like a petrol pump. If you must use the card, you should accompany the person swiping the card. Malicious attacks against the reading machine however, are very hard to detect and they require vigilance from the merchants themselves.
Regards.
Thanks for spreading awareness in public.
An article is half written !! No article is full untill it provide full information on subject and how can people get safty mesure on that particular subject.
Do people stop useing credit cards, how many such instance take place do Credit card authority working on it or awer off? such things should be provided.
i appriciate light on hacking.
Hi Pragnesh,
Unfortunately, if a credit card reading machine is compromised, it is very hard to know. While we cannot prevent such attacks, nor can we claim that credit cards should not be used at all, it always helps to be aware of such techniques that hackers use. We will add updates to this post if more information is available. Until then we shall continue providing valuable information like this that a majority of people appreciate and find useful.
Thanks.
You Are Such A Great Guy ,,,,SO Thanks TO Save Us And Give Us This Priceless And So Important Information Sir…
You have shared valuable information.
Do you know what “SKIMMER” is?
Every one having bank debit card must know these points.
No thanks.
Yet another method of hacking credit/debit card is tele market calls from various sources and gather your personal information like dob, address, phone number, spouse name, bank names etc. These informations are gathered over a period by different person and collated.
Plz be careful before parting with any of these information
Thanx buddy..u’v enlightened me.
THX. RAHUL FOR SUCH A VALUABLE ADVISE.
In the case of restaurant retail stores Please confirm if in case the machine is switched off after the fraud card is swiped and restarted then will the data still get transferred after swiping the correct card on re-starting.
Hi Deb,
We cannot say for sure if this will happen. But we should expect the worst and assume that even when the machine is switched off and on again, the malicious software will remain inside.
Regards.
yeah yeah you are right Rahul Sir ji…
THANK FOR YOU
Hacking and stealing the card data and misusing later by the criminals is not a new phenomenon.It is an ongoing and developing with more sophistication process.
Even if you use the credit and debit cards at restaurants and retail outlets in whom you have confidence, have no control over the scammers using their machine to introduce the malicious card.It is alright to say that machine holders should be more vigilant.It does not happen.Is there a soft ware which can be installed in such machine rejecting or detecting the malicious cards well before they do the damage.If it is there why can’t it be made mandatory to all such machine holders to introduce such soft ware in their machines?
How can one be sure if the shopping portals use security software to guard against such thefts in the event of customers using their portals for monetary transactions like the banks do.
It is much safer to pay credit card bills through the reputed bank portals who have ensured through systems and procedures pethat your transactions are safe.
What measures banks are taking to ensure that the data at the ATM is not stolen.Apart from the physical measures by the customers what are the digital measures banks can take to make ATM as safe as possible?
CAN ANTI-VIRUS HELP TO PREVENT THIS KIND OF ONLINE HACKING?
OR WHAT RECOMMENDATION? SHOULD WE FORMAT PC VERY MONTH?
Hi Mitesh,
If you have an effective antivirus installed on your machine, then online hackings are considerably lesser in number and intensity.
Regards.
Thank you Rahul for your valuable information & knowledge about credit card data stolen ways
few of the hotels asks for your debit/credit card number when U want to book ,they say payment you make at the time of check-in,is it advisable to do so.
If not then why ?,they dont ask for PIN.
Hi Atul,
They probably do this so that they can convince you to confirm your bookings soon, or so that they can confirm your identity or so that they can cross check the card you use to make your payment later.
Regards.
Another way is to use thermal camera along with skimmers. After the person comes out of the ATM , another person waiting outside operates the thermal camera on the keypad to know the PIN. Careful…..
Kindly let me know if the MO has been observed in India or abroad.As mentioned by you it would be very difficult to completly do away with the risk however would be grateful to know the instance and its detection happened in the past.
Hi Paresh,
Mostly these cases have been seen in the US and Europe. It is not seen in India much, but that does not mean that it will never be seen here.
Regards.
thank you for giving such valuable information
A great thanks for the information. Hats off to you.
Thanks alot rahul for such a valuable information.
Thanks rahul much needed information and well explained which a lay man can understand
Good Information, Thanks a lot rahul.
Thanks for the information.
Is using Virtual Keyboard worth for online payments?
Hi Priya,
Yes it is advisable to use the virtual keyboard. There are some malwares that track every keyboard input and the virtual keyboard helps avoid this while entering crucial financial information.
Regards.
Better to avoid purchase with credit card.
This is Very Serious & Studyfull subject. This Frouad Policy is All Big Cities. But Every Person Carefully use for our Cr. ,Dr. Cards.
But Generally Not Use Outside Station. & Unauthorise Shop & Malls.
Thanks Quick Heal & Rahul Thadani.
Share This Usefull Information.
Rahul, thanks for the information, but unfortunately i have already been a victim of this scam 15 days back, my ATM-cum debit card was stolen dont know when and where, i used it last time in hyderabad for shopping but the transcations were started from this card five days after i returned back to my home i.e. kanpur, the different atm machines used for this were from kanpur and lucknow. Investigations are still going on , but it is a mystery with me and want a help from your side, is it possible to do the transcations from the stolen card even if the person don’t know the PIN no. , because in my case i am 100% sure that i have not shared it with anyone . Hope to get some views regarding this from your side.
Hi Pallavi,
Firstly you should have informed the bank that you lost your ATM card immediately. They would have then blocked all transactions with the card. It would be difficult to carry out transactions without the PIN, but since the attacker has the card itself you must assume that he has found a way. Please inform the authorities and visit your bank again.
All the best.
If you have just for example only say card of Maharashtra Bank and I to have card from Maharashtra Bank, I have been told that by putting your card and my pin many times give money.
The person who told me was a student and says I will give a demo. So far we have not seen each other in many days but I will try to contact him and confirm my self.
As I am doing failed ATM transaction work many people tell me stories and this is one of them. I will try with my card first.
Hi Sharad,
A card will only work with the PIN that you have created for it. If you enter an incorrect PIN 3 times, the card gets swallowed by the machine so I suggest that you refrain from trying this.
How can I get to know that from which online shopping portal I most shop an give my card details securely.
also suggest me the best online protection software.
Thank You.
Hi Saurabh,
Ideally, you should only use your card on reputable portals that you trust. Alternately, you can visit your banks website and see if they offer the feature of a virtual one-time use credit card. If you are interested in online protection software, have a look at our Total Security product.
Regards.
Thank you very much to inform us about the latest fraud which happens on these places….. But how can we prevent or we can avoid such instances of getting scammed?? How can a POS terminal be hacked or can be tampered with a card whereas it can be tampered from outside and nowadays these terminals use high encryption system & these are used by the bank itself??
In case of restaurants or physical establishments, how can we avoid the scenario you have mentioned?
Hi Jay,
One cannot be completely sure in all restaurants or retail stores. It is advisable to use your card only in the selected stores or restaurants that you trust.
Regards.
So most of all it is an unstopable threat to human being, Hackers are greater than you and Quick Heal and all sequrity systems !!! So I will hats off to Hackers, they are doing their job well, BUT UNFORTUNATELY WE DONT.
Thankyou very much for the valuable info.
Hi i am awaiting a reply.
thanx Rahul,
I do a lot of online transactions, interbank transactions, cinema,air and rail ticket purchases on line. so far not faced such a problem. is it possible in these payment gateways that they can do fraudulent transfers. please highlight. regards
Hi Dr. Pramod,
If you follow all the necessary security precautions, then you need not worry. Use a unique online banking password, check the page for SSL certificates and best of all, check if your bank offers a virtual credit card feature.
Regards.
Thanks Rahul,
“Retail Store Card Reader Fraud” clause is really excellent. Thanks again !!
Regards,
Sunny
Dear Rahul,
Thanks for giving such useful information to us.
I am a housewife and have my own laptop. I am receiving
a lot of mails from abroad to work from home and earn huge money.
Kindly explain how much truthful and helpful they are?
Sometimes they ask to pay $ 50-70 as security & ask for credit
card and CVV number. Is it right to pay them thru it?
How can they fraud us? How can we make out that they are true?
Regards,
Mrs S.Bhambri
Hi Mrs. Bhambri,
In all likelihood, these schemes are all scams. You should not fall for such proposals, especially the ones that ask you to pay money to them so that you can earn money. Please check the website credentials and also verify with another individual before you provide your credit card details somewhere.
Regards.
Good information.Thank you Rahul
However regarding the 1st type of attempt through the card reader, I think there is some misconception. These type of readers are slave readers. They cannot write to the magnetic cards. So reading back any data through its slot is not possible. By directional w/r is possible through its com port but it only has access to its system not data.
Regards
Thanks for sharing this information with us. It was really helpful. Thanks:)
Thks for spreading the awareness between normal people….appreciated
Hey, this is awesome, for those who are actually careless card holders, well i have a query when we fill our data on the machine isn’t it is supposed to be encrypted in ASCII code? and its cracking which will be hardcore is 99% of impossible, well this is possible if the machine its self have been bugged?
I mean then we should be goin’ to trusted ones only? If i am wrong anyone can correct me.
regards 🙂
Thanks for the such a great information, i know after reading this blog many people will always b alert while making online transactions…
WOW, really good info. Thanks.
I tried to make and emgdisk in pen drive. I wasn’t successful. But now my pen-drive has become write protected. So how to make it usable. This has happened after I tried to make QH emgdisk.
Hi George,
Please visit this link and submit a ticket about your grievance – http://www.quickheal.com/submitticket.asp. Our support team will get back to you.
Regards.
Retail Store Card Reader Fraud
Rahul
The modus operandi articulated lacks clarity on infiltration and exfiltration. Practically it is not possible since machines are designed to read magnetic strip data only.Please refrain from putting such baseless facts on your blog.
Hi Paresh,
A major reason why such attacks happen is because of lack of public knowledge about such exploits. This is a situation we are attempting to rectify here by informing readers. These machines are not designed to only read magnetic strip data. Many new cards contain the ‘Chip and PIN’ technology with integrated circuits. This has been put into place by the EMV, a global standard for such operations. This is the technology that can be exploited with the right tools. Thank you for your advice and feedback.
Regards.
Rahul,
Please let me know one such event which proves this hypothesis.The magnetic strip was a vulnerable aspect in Credit Cards and therefore Chip and Pin cards have evolved.Any way your pictoral depiction was regarding swiping of Credit Cards and no mention of Chip and Pin Cards.Are you saying that the Chip and Pin cards when inserted in the POS can get compromised by this MO?
Hi Paresh,
Kindly read about the recent incident where around 60 card reading machines in Barnes & Noble stores were compromised this way.
Regards.
USEFUL INFORMATION. PLZ KEEP ON . THANKS
Hi Rahul,
I just happened to stumble upon your article and I must say its a very well put together one. Easy for even the lay man to understand. But it also got me thinking. Correct me if I am wrong, but embedded technologies have come to the level where it just might be possible to insert a secondary protection chip in the card itself to overcome the POS machines from tampering with the card. Hope to hear from you soon.
hi…thanks for giving such information to us.
Online Shopping and ATM Machines are now in day to day use.
There should be something where customer is Protected
Many ATM machines has only face identifying camera in whole booth no other camera.
Hance we have to take care ourselved.
Does this entire thing apply for Debit Card as well? If yes then pls guide me with which specific attacks or online shoppin/recharge should i avoid n relent on ?
THANKS FOR SUCH A VALUABLE INFORMATION
THANKS
My friend have 2 cards. He uses only “A” Bank card for cash withdrawal from “B” bank ATM machine which is near his residance. He also have ATM card from “B” bank also but he never uses it for cash withdrawal. Unfortunately he kept pin for both card same.
Now it is noticed that his “B” bank account is also debited withing 20 to 50 seconds difference 9 tmes in a year dooping him for 90,000/-
“B” bank is not willing to to give him CCTV footage nor willing to provide footage at the time machine was balanced and refilled. They did show him that he is the person who used machine.
Can any one highlight as to how this hakking has taken place?
Hi Sharad,
This does not seem to be a case of hacking. There seems to be another issue here and it can only be resolved with the bank or with local authorities. Unfortunately, we cannot comment on this.
Regards.
Thanks to QUICK Heal.
I want know the added feathers in the latest (2013 or 2014) Quick heal Total Security, Internet Security. I want to renew mine.
Hi Vijay,
Kindly visit this link to read about the new features of the Quick Heal 2013 range of products. Thanks for choosing us.
Regards.