Scammers steal credit card details in ways you never thought of

Cyber criminals and malicious scammers are constantly at work to devise new ways to steal confidential user data. Unfortunately, such attacks are not just restricted to the Internet. A recently discovered spate of attacks enables scammers to steal credit/debit card details and these methods are increasingly carried out in the physical world.

In brief, here are the 5 most common places from where credit/debit card data can be stolen:

  • Restaurants and retail stores
  • Online shopping portals
  • Hacked email accounts
  • ATM machines
  • Thieves and pickpockets

Restaurants and retail stores
Some scammers have devised ways to tamper with the card readers at retail stores. Malicious smart cards that look like legitimate cards are created and then inserted into the machines to make a payment. However, the machine simply says than an error has occurred and the retail store merchant is unaware of the damage that has been done. When a genuine payment is made with a valid card over the same machine in the future, the details of that card get recorded. Now the scammer revisits the store after a day or two and inserts the fraudulent card into the machine to make another seemingly innocent payment. Details about all the cards that have been inserted in the interim period are now transferred into the malicious card which can be viewed by the scammer via another device.

Retail store card fraud

Online shopping portals
The best online shopping portals mandatorily use secure methods to protect user details. Unsecure portals are susceptible to hackers and can easily lose data to scammers. There have been several instances where major online portals have been breached and card details have been stolen and misused. From a customers perspective it is advisable to be aware of the concept of SSL and security certificates. Additionally, the best Internet security software installed on a machine can also detect fraudulent pages and portals.

Hacked email accounts
Many people receive and pay their credit card bills via email. So if a hacker manages to gain access to an email account, he can cause a lot of trouble. It is imperative to use various tools for email protection like two-factor authentication, strong and unique passwords etc. Mail services like Gmail and Yahoo also offer other methods to check if your account has been hacked into, and these are worth exploring as well.

ATM Machines
Theft of card data from ATM machines is known as ‘skimming’. This is accomplished with the help of simple card reading equipment and a small camera that records an individual when he punches in his PIN. Scammers also use equipment that replicates the magnetic strip of cards. However, various steps can be taken to avoid such attacks and this includes shielding your hand while typing the PIN and being aware of suspicious looking machines.

Thieves and pickpockets
Physical loss of possession of cards is the biggest risk in this scenario. It is advisable to report a card loss to the concerned bank and local authorities as soon as possible. Another noteworthy precaution is to monitor card statements and activity for any signs of malicious activity.

Credit/debit card usage is convenient yet dangerous as scammers have come up with several innovative methods to gain such information. Readers are advised to stay vigilant and follow various safety measures to remain protected.

Rahul Thadani

Rahul Thadani


134 Comments

Leave a Reply to Aditya Nayak (15 yrs old XD) Cancel reply

Your email address will not be published.

CAPTCHA Image

  1. Avatar Nirav ZaveriOctober 28, 2012 at 3:25 PM

    Brilliantly explained..
    Thanks for sharing the information and expertise!

    Reply
  2. Thank U Rahul for your valuable information.

    Gautam Arun
    Odisha

    Reply
  3. This is a good way to steal credit card details from Restaurants and retail stores but this a method or the problem.
    How can we(consumers) prevent it from happening ??

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 10:20 AM

      Hi Prakram,
      Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
      Regards.

      Reply
      • Look Rahul,

        If the stores are not involved in the scam, where is a question of trusting or not trusting a store? It has to be convencing and serious if it is possible.

        Thanks
        Shailesh

        Reply
  4. Avatar Priya SinghOctober 28, 2012 at 4:35 PM

    Its really a helpful information, it should be read by all the persons who are using their credit care carelessly.

    Reply
  5. Avatar abdrahim mohamedOctober 28, 2012 at 4:41 PM

    Thank you too mutch

    Reply
  6. the card fraud at retail store…i did not get it..pls explain in detail….

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 10:25 AM

      Hi Harsha,
      Basically the machine is tampered with malicious software. This steals card information from cards that are inserted in the future.
      Regards.

      Reply
      • How a card reader will upload a programme through card reader? Are the card reader so badly designed that a software can be installed throgh reader? One need to demonstrate the same in presence of the manufacturer and police in interest of society so that if so it can be corrected.

        Dear Rahul it will be great if you take initiative to support your point.

        Thanks.

        Reply
        • Rahul Thadani Rahul ThadaniDecember 3, 2012 at 5:58 PM

          Hi Shailesh,
          Card readers are not badly designed but the fact is that every device that works electronically can be made to work in a different manner using various techniques. Unfortunately, attackers come up with innovative ways to target such devices very regularly. In this sense, people can only behave in a reactive manner to such attacks.
          Regards.

          Reply
  7. you are making me nervous…..
    I feel like giving up online transactions

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 10:27 AM

      Hi Anup,
      It is good to simply be aware of such threats. It should not discourage you from carrying out such transactions. Awareness will help in keeping yourself protected.
      Regards.

      Reply
  8. Restaurants and retail stores

    This method is not possible — I have never seen any POS terminal which can be programmed by a card itself. POS can only be programmed externally and present terminals use highest level encryption system. This can be done by the bank itself.

    Online shopping portals

    Presently VBV and MSC 2nd level protection should be used. It is practically impossible to hide a fraud purchase as online purchase records delivery details. Most online payment gateway records IP.

    Hacked email accounts

    Hacker only get the card number from the credit card statement, not more than that. So this is also impossible.

    ATM Machines

    I prefer not to use credit card in ATM. While entering PIN in ATM, cover the keyboard by leaning over to keyboard and enter PIN by both hands quickly. Also do some false finger impression so that if a camera even detects your finger movement, it will practically impossible to figure out the number.

    Thieves and pickpockets

    This is a true problem. Make a complex sign in the card so only you can do an exact sign in the charge slip.

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 10:29 AM

      Hi P K Bose,
      Thanks for your valuable inputs. Most of your assertions are correct, but such attacks are not impossible. There are many instances where such attacks have actually taken place. It is good that you are aware and protected, but this is not applicable for every individual out there who uses a credit card.
      Regards.

      Reply
  9. how to get it protected ? do you have a solution from your end ?

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 10:32 AM

      Hi Raj,
      Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
      Regards.

      Reply
  10. Avatar vijayakumarOctober 28, 2012 at 5:49 PM

    How do you prevent yourself becoming a victim of card data theft at retail stores? This is not explained. How I am defrauded is explained, but how to prevent is not told-which is not a big help.

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 10:36 AM

      Hi Vijayakumar,
      Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
      Regards.

      Reply
  11. Avatar UDAY ATHAVALEOctober 28, 2012 at 5:49 PM

    WHAT SHOULD WE DO IN RESTAURANT AND HOTELS?

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 10:38 AM

      Hi Uday,
      Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
      Regards.

      Reply
  12. Avatar Ashim GhoshOctober 28, 2012 at 5:54 PM

    Thank you for this info. Never really knew about it.

    Reply
  13. Thank you for the update but what’s the solution? What are the “various safety measures” that we should follow “to remain protected”?

    Reply
  14. very useful information. thank u so much,

    Reply
  15. very important update for every cardholder, but can you provide more details and remedies for the ways of getting cheated by the use of a credit or debit card.

    Reply
  16. Avatar rajesh khanOctober 28, 2012 at 7:06 PM

    very nice anti virus quick heal total security

    Reply
  17. Avatar S.K.AgrawalOctober 28, 2012 at 7:19 PM

    Thank You…. For Giving the tips about the “Retail Store Card Reader Fraud”….

    Reply
  18. please provide additional steps to prevent scammers from stealing our credit/debit card data. THANKS !!!

    Reply
  19. Avatar RAMESH SANGAMNERKAROctober 28, 2012 at 7:28 PM

    Will you throw some more light about protection of credit/debit cards at retail stores/shopping malls/ restaurants.

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 3:30 PM

      Hi Ramesh,
      Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
      Regards.

      Reply
  20. Thank you for the update suggestion what is the solution for the same can you?????????

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 3:28 PM

      Hi Raghu,
      Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
      Regards.

      Reply
  21. Avatar Rajendran RangasamyOctober 28, 2012 at 7:41 PM

    Thanks for the useful information.

    Reply
  22. Avatar Sukriti Kundu.October 28, 2012 at 8:24 PM

    Item new but unknown.

    Reply
  23. Avatar Sunil PushpangadanOctober 28, 2012 at 10:32 PM

    Very valuable information. How to keep check whether scammer / attacker has already swipped fradulent card before us.

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 3:26 PM

      Hi Sunil,
      Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
      Regards.

      Reply
  24. Avatar deepak goswamiOctober 28, 2012 at 11:28 PM

    i am using quick heal total security,i want to know how much safe i am from all this frauds..

    Reply
  25. Avatar Dipankar ParuiOctober 29, 2012 at 12:06 AM

    Thanks for providing the updates. But these are not absolutely new.Almost all the card holders know about these but hardly care about. The lesser the use of cards, the better.

    Reply
  26. How one will prevent “Retail store card reader fraud”…?

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 2:21 PM

      Hi Koushik,
      Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
      Regards.

      Reply
  27. Avatar Biswajit ChatterjeeOctober 29, 2012 at 1:47 AM

    Thanks for the valuable information.

    Reply
  28. Avatar DR Vijay GargeOctober 29, 2012 at 6:32 AM

    Veru very useful info in very simple understandable words. Thanks

    Reply
  29. Very Good information. We have a Store where many cards are swapped daily. How can Card Data be stores in a Machine ? I am Shocked.

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 2:17 PM

      Hi Harish,
      Store owners must be vigilant about suspicious error messages that appear on the machine. As of now, this is the only way such software can be embedded so it is advisable to be suspicious if a strange error occurs.
      Regards.

      Reply
  30. I am the victim of online shopping scammers I Purchased a railway ticket from irctc and very next day some one made transactions near about 11 thousands in dollars from London. I complained to the card authorities but they first refused to reverse the amount but later on they reversed the half of that amount rest amount still there. How can I pay when it is not done by me. Please advise.

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 2:15 PM

      Hi Harish,
      That is a very serious crime against you. We can only advise you to take this matter to the police and legal authorities. Show them the necessary documents and lodge a formal complaint with them.
      We wish you all the best.

      Reply
  31. Nice article. All the symptoms have been clearly explained. But no remedy. What do we do to prevent the hacking at the retail out let ??

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 2:08 PM

      Hi Biju,
      Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
      Regards.

      Reply
  32. Be careful, use your credit cards, atm carefully at authentic places.

    Reply
  33. Useless fellows in every office do keep their eyes vigilant for looking at every persons while logging for mail, easy recharge, personal banking etc. and use /transfer this information in using undue advantage of any persons, even the closest collegues/frineds/cronys.
    In this husle-busle of every day busy life We should be vigilant enough to keep a watchful eye whether such caterpillar is near or not. We should be alert enough to not to let any such nasty person using your valuable information for their own luxuries, which they can’t afford.

    Reply
  34. Thanks for your valuable information, its very clearly explained but there are no explanations given how to be safe and i request you to update this article with those information.
    thanks in advance

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 2:06 PM

      Hi Raj Naidu,
      Unfortunately, if a card machine is attacked in this manner, it would be impossible to know. Even the merchant would be unaware. It requires the store owners to be more vigilant and this is out of our hands. One option is to use credit cards in stores as less as possible, or to use it only in stores that we trust.
      Regards.

      Reply
  35. This is very serious matter.I hope quick heal can help to give early warning in case of such crime is done on line.Regards.

    Reply
  36. Very informative. Thanks for explaining the methods.

    Reply
  37. Brilliantly explained..
    Thanks for sharing the information and expertise! Thnx sir???????

    Regards

    ankit verma
    frontier agencies pvt.ltd

    Reply
  38. What precaution can we take to ensure we protect our card from being misused by a retail store, when we hand over our credit card to them?
    This we we are at risk everytime we hand ove a card to a restaurent / petrol pump / retail shop.

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 11:26 AM

      Hi Vijay,
      Unfortunately, there is not much we can do to prevent such attacks. It is advisable to use cash in busy places like a petrol pump. If you must use the card, you should accompany the person swiping the card. Malicious attacks against the reading machine however, are very hard to detect and they require vigilance from the merchants themselves.
      Regards.

      Reply
  39. Avatar Kailash ChandraOctober 29, 2012 at 11:43 AM

    Thanks for spreading awareness in public.

    Reply
  40. An article is half written !! No article is full untill it provide full information on subject and how can people get safty mesure on that particular subject.
    Do people stop useing credit cards, how many such instance take place do Credit card authority working on it or awer off? such things should be provided.
    i appriciate light on hacking.

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 2:00 PM

      Hi Pragnesh,
      Unfortunately, if a credit card reading machine is compromised, it is very hard to know. While we cannot prevent such attacks, nor can we claim that credit cards should not be used at all, it always helps to be aware of such techniques that hackers use. We will add updates to this post if more information is available. Until then we shall continue providing valuable information like this that a majority of people appreciate and find useful.
      Thanks.

      Reply
  41. Avatar Anil ShekhawatOctober 29, 2012 at 1:14 PM

    You Are Such A Great Guy ,,,,SO Thanks TO Save Us And Give Us This Priceless And So Important Information Sir…

    Reply
  42. Avatar vasant joshiOctober 29, 2012 at 1:32 PM

    You have shared valuable information.

    Reply
  43. Avatar Ashish SharmaOctober 29, 2012 at 1:37 PM

    Do you know what “SKIMMER” is?

    Reply
  44. Avatar vasant joshiOctober 29, 2012 at 1:37 PM

    Every one having bank debit card must know these points.

    Reply
  45. Avatar vasant joshiOctober 29, 2012 at 1:39 PM

    No thanks.

    Reply
  46. Avatar Raj DhanukaOctober 29, 2012 at 2:27 PM

    Yet another method of hacking credit/debit card is tele market calls from various sources and gather your personal information like dob, address, phone number, spouse name, bank names etc. These informations are gathered over a period by different person and collated.

    Plz be careful before parting with any of these information

    Reply
  47. Thanx buddy..u’v enlightened me.

    Reply
  48. Avatar PREM PRAKASH SHAUKEENOctober 29, 2012 at 3:20 PM

    THX. RAHUL FOR SUCH A VALUABLE ADVISE.

    Reply
  49. In the case of restaurant retail stores Please confirm if in case the machine is switched off after the fraud card is swiped and restarted then will the data still get transferred after swiping the correct card on re-starting.

    Reply
    • Rahul Thadani Rahul ThadaniOctober 29, 2012 at 3:22 PM

      Hi Deb,
      We cannot say for sure if this will happen. But we should expect the worst and assume that even when the machine is switched off and on again, the malicious software will remain inside.
      Regards.

      Reply
  50. Avatar BikashKashyapKhilsineyAdhikariChujachenPamRongliEastSikkiOctober 29, 2012 at 5:26 PM

    yeah yeah you are right Rahul Sir ji…

    Reply
  51. Avatar ANIL KUMAR MROctober 29, 2012 at 6:51 PM

    THANK FOR YOU

    Reply
  52. Hacking and stealing the card data and misusing later by the criminals is not a new phenomenon.It is an ongoing and developing with more sophistication process.
    Even if you use the credit and debit cards at restaurants and retail outlets in whom you have confidence, have no control over the scammers using their machine to introduce the malicious card.It is alright to say that machine holders should be more vigilant.It does not happen.Is there a soft ware which can be installed in such machine rejecting or detecting the malicious cards well before they do the damage.If it is there why can’t it be made mandatory to all such machine holders to introduce such soft ware in their machines?
    How can one be sure if the shopping portals use security software to guard against such thefts in the event of customers using their portals for monetary transactions like the banks do.
    It is much safer to pay credit card bills through the reputed bank portals who have ensured through systems and procedures pethat your transactions are safe.
    What measures banks are taking to ensure that the data at the ATM is not stolen.Apart from the physical measures by the customers what are the digital measures banks can take to make ATM as safe as possible?

    Reply
  53. Avatar MITESH GALAOctober 29, 2012 at 9:25 PM

    CAN ANTI-VIRUS HELP TO PREVENT THIS KIND OF ONLINE HACKING?
    OR WHAT RECOMMENDATION? SHOULD WE FORMAT PC VERY MONTH?

    Reply
    • Rahul Thadani Rahul ThadaniOctober 30, 2012 at 10:04 AM

      Hi Mitesh,
      If you have an effective antivirus installed on your machine, then online hackings are considerably lesser in number and intensity.
      Regards.

      Reply
  54. Avatar Dr RC UpadhyayaOctober 29, 2012 at 10:37 PM

    Thank you Rahul for your valuable information & knowledge about credit card data stolen ways

    Reply
  55. few of the hotels asks for your debit/credit card number when U want to book ,they say payment you make at the time of check-in,is it advisable to do so.
    If not then why ?,they dont ask for PIN.

    Reply
    • Rahul Thadani Rahul ThadaniOctober 30, 2012 at 9:58 AM

      Hi Atul,
      They probably do this so that they can convince you to confirm your bookings soon, or so that they can confirm your identity or so that they can cross check the card you use to make your payment later.
      Regards.

      Reply
  56. Avatar Sri Raghu RamOctober 30, 2012 at 9:49 AM

    Another way is to use thermal camera along with skimmers. After the person comes out of the ATM , another person waiting outside operates the thermal camera on the keypad to know the PIN. Careful…..

    Reply
  57. Avatar Paresh MahaleOctober 30, 2012 at 11:31 AM

    Kindly let me know if the MO has been observed in India or abroad.As mentioned by you it would be very difficult to completly do away with the risk however would be grateful to know the instance and its detection happened in the past.

    Reply
    • Rahul Thadani Rahul ThadaniOctober 31, 2012 at 11:57 AM

      Hi Paresh,
      Mostly these cases have been seen in the US and Europe. It is not seen in India much, but that does not mean that it will never be seen here.
      Regards.

      Reply
  58. thank you for giving such valuable information

    Reply
  59. Avatar .K N BADARINATHOctober 30, 2012 at 1:00 PM

    A great thanks for the information. Hats off to you.

    Reply
  60. Thanks alot rahul for such a valuable information.

    Reply
  61. Thanks rahul much needed information and well explained which a lay man can understand

    Reply
  62. Good Information, Thanks a lot rahul.

    Reply
  63. Thanks for the information.

    Reply
  64. Is using Virtual Keyboard worth for online payments?

    Reply
    • Rahul Thadani Rahul ThadaniOctober 31, 2012 at 10:16 AM

      Hi Priya,
      Yes it is advisable to use the virtual keyboard. There are some malwares that track every keyboard input and the virtual keyboard helps avoid this while entering crucial financial information.
      Regards.

      Reply
  65. Better to avoid purchase with credit card.

    Reply
  66. Avatar Kailas Arjun MandageOctober 30, 2012 at 10:00 PM

    This is Very Serious & Studyfull subject. This Frouad Policy is All Big Cities. But Every Person Carefully use for our Cr. ,Dr. Cards.
    But Generally Not Use Outside Station. & Unauthorise Shop & Malls.
    Thanks Quick Heal & Rahul Thadani.
    Share This Usefull Information.

    Reply
  67. Avatar Pallavi SinghOctober 30, 2012 at 10:05 PM

    Rahul, thanks for the information, but unfortunately i have already been a victim of this scam 15 days back, my ATM-cum debit card was stolen dont know when and where, i used it last time in hyderabad for shopping but the transcations were started from this card five days after i returned back to my home i.e. kanpur, the different atm machines used for this were from kanpur and lucknow. Investigations are still going on , but it is a mystery with me and want a help from your side, is it possible to do the transcations from the stolen card even if the person don’t know the PIN no. , because in my case i am 100% sure that i have not shared it with anyone . Hope to get some views regarding this from your side.

    Reply
    • Rahul Thadani Rahul ThadaniOctober 31, 2012 at 10:11 AM

      Hi Pallavi,
      Firstly you should have informed the bank that you lost your ATM card immediately. They would have then blocked all transactions with the card. It would be difficult to carry out transactions without the PIN, but since the attacker has the card itself you must assume that he has found a way. Please inform the authorities and visit your bank again.
      All the best.

      Reply
    • Avatar Sharad PhadkeDecember 4, 2012 at 12:14 PM

      If you have just for example only say card of Maharashtra Bank and I to have card from Maharashtra Bank, I have been told that by putting your card and my pin many times give money.
      The person who told me was a student and says I will give a demo. So far we have not seen each other in many days but I will try to contact him and confirm my self.
      As I am doing failed ATM transaction work many people tell me stories and this is one of them. I will try with my card first.

      Reply
      • Rahul Thadani Rahul ThadaniDecember 5, 2012 at 10:34 AM

        Hi Sharad,
        A card will only work with the PIN that you have created for it. If you enter an incorrect PIN 3 times, the card gets swallowed by the machine so I suggest that you refrain from trying this.

        Reply
  68. How can I get to know that from which online shopping portal I most shop an give my card details securely.
    also suggest me the best online protection software.
    Thank You.

    Reply
    • Rahul Thadani Rahul ThadaniOctober 31, 2012 at 10:07 AM

      Hi Saurabh,
      Ideally, you should only use your card on reputable portals that you trust. Alternately, you can visit your banks website and see if they offer the feature of a virtual one-time use credit card. If you are interested in online protection software, have a look at our Total Security product.
      Regards.

      Reply
  69. Thank you very much to inform us about the latest fraud which happens on these places….. But how can we prevent or we can avoid such instances of getting scammed?? How can a POS terminal be hacked or can be tampered with a card whereas it can be tampered from outside and nowadays these terminals use high encryption system & these are used by the bank itself??

    Reply
  70. In case of restaurants or physical establishments, how can we avoid the scenario you have mentioned?

    Reply
    • Rahul Thadani Rahul ThadaniOctober 31, 2012 at 9:57 AM

      Hi Jay,
      One cannot be completely sure in all restaurants or retail stores. It is advisable to use your card only in the selected stores or restaurants that you trust.
      Regards.

      Reply
  71. Avatar Subrata ChakrabortyOctober 31, 2012 at 2:42 AM

    So most of all it is an unstopable threat to human being, Hackers are greater than you and Quick Heal and all sequrity systems !!! So I will hats off to Hackers, they are doing their job well, BUT UNFORTUNATELY WE DONT.

    Reply
  72. Thankyou very much for the valuable info.

    Reply
  73. Avatar Paresh MahaleOctober 31, 2012 at 10:54 AM

    Hi i am awaiting a reply.

    Reply
  74. thanx Rahul,
    I do a lot of online transactions, interbank transactions, cinema,air and rail ticket purchases on line. so far not faced such a problem. is it possible in these payment gateways that they can do fraudulent transfers. please highlight. regards

    Reply
    • Rahul Thadani Rahul ThadaniOctober 31, 2012 at 12:00 PM

      Hi Dr. Pramod,
      If you follow all the necessary security precautions, then you need not worry. Use a unique online banking password, check the page for SSL certificates and best of all, check if your bank offers a virtual credit card feature.
      Regards.

      Reply
  75. Thanks Rahul,
    “Retail Store Card Reader Fraud” clause is really excellent. Thanks again !!

    Regards,
    Sunny

    Reply
  76. Avatar Mrs Sunita BhambriOctober 31, 2012 at 11:19 AM

    Dear Rahul,

    Thanks for giving such useful information to us.
    I am a housewife and have my own laptop. I am receiving
    a lot of mails from abroad to work from home and earn huge money.
    Kindly explain how much truthful and helpful they are?
    Sometimes they ask to pay $ 50-70 as security & ask for credit
    card and CVV number. Is it right to pay them thru it?
    How can they fraud us? How can we make out that they are true?
    Regards,
    Mrs S.Bhambri

    Reply
    • Rahul Thadani Rahul ThadaniOctober 31, 2012 at 12:07 PM

      Hi Mrs. Bhambri,
      In all likelihood, these schemes are all scams. You should not fall for such proposals, especially the ones that ask you to pay money to them so that you can earn money. Please check the website credentials and also verify with another individual before you provide your credit card details somewhere.
      Regards.

      Reply
  77. Avatar A.M.KULKARNI, HUBLIOctober 31, 2012 at 12:48 PM

    Good information.Thank you Rahul

    Reply
  78. However regarding the 1st type of attempt through the card reader, I think there is some misconception. These type of readers are slave readers. They cannot write to the magnetic cards. So reading back any data through its slot is not possible. By directional w/r is possible through its com port but it only has access to its system not data.
    Regards

    Reply
  79. Avatar Ashish RaneOctober 31, 2012 at 3:12 PM

    Thanks for sharing this information with us. It was really helpful. Thanks:)

    Reply
  80. Avatar JayaprakashOctober 31, 2012 at 3:26 PM

    Thks for spreading the awareness between normal people….appreciated

    Reply
  81. Avatar Aditya Nayak (15 yrs old XD)October 31, 2012 at 8:14 PM

    Hey, this is awesome, for those who are actually careless card holders, well i have a query when we fill our data on the machine isn’t it is supposed to be encrypted in ASCII code? and its cracking which will be hardcore is 99% of impossible, well this is possible if the machine its self have been bugged?
    I mean then we should be goin’ to trusted ones only? If i am wrong anyone can correct me.
    regards 🙂

    Reply
  82. Avatar Rahul SuryawanshiNovember 1, 2012 at 2:29 AM

    Thanks for the such a great information, i know after reading this blog many people will always b alert while making online transactions…

    Reply
  83. Avatar Tanay MondalNovember 1, 2012 at 7:49 AM

    WOW, really good info. Thanks.

    Reply
  84. Avatar George JosephNovember 1, 2012 at 7:52 AM

    I tried to make and emgdisk in pen drive. I wasn’t successful. But now my pen-drive has become write protected. So how to make it usable. This has happened after I tried to make QH emgdisk.

    Reply
  85. Avatar Paresh MahaleNovember 1, 2012 at 2:04 PM

    Retail Store Card Reader Fraud

    Rahul

    The modus operandi articulated lacks clarity on infiltration and exfiltration. Practically it is not possible since machines are designed to read magnetic strip data only.Please refrain from putting such baseless facts on your blog.

    Reply
    • Rahul Thadani Rahul ThadaniNovember 1, 2012 at 2:15 PM

      Hi Paresh,
      A major reason why such attacks happen is because of lack of public knowledge about such exploits. This is a situation we are attempting to rectify here by informing readers. These machines are not designed to only read magnetic strip data. Many new cards contain the ‘Chip and PIN’ technology with integrated circuits. This has been put into place by the EMV, a global standard for such operations. This is the technology that can be exploited with the right tools. Thank you for your advice and feedback.
      Regards.

      Reply
  86. Avatar Paresh MahaleNovember 1, 2012 at 9:11 PM

    Rahul,

    Please let me know one such event which proves this hypothesis.The magnetic strip was a vulnerable aspect in Credit Cards and therefore Chip and Pin cards have evolved.Any way your pictoral depiction was regarding swiping of Credit Cards and no mention of Chip and Pin Cards.Are you saying that the Chip and Pin cards when inserted in the POS can get compromised by this MO?

    Reply
    • Rahul Thadani Rahul ThadaniNovember 2, 2012 at 10:04 AM

      Hi Paresh,
      Kindly read about the recent incident where around 60 card reading machines in Barnes & Noble stores were compromised this way.
      Regards.

      Reply
  87. USEFUL INFORMATION. PLZ KEEP ON . THANKS

    Reply
  88. Avatar Vikram WadhwaniNovember 10, 2012 at 12:28 PM

    Hi Rahul,
    I just happened to stumble upon your article and I must say its a very well put together one. Easy for even the lay man to understand. But it also got me thinking. Correct me if I am wrong, but embedded technologies have come to the level where it just might be possible to insert a secondary protection chip in the card itself to overcome the POS machines from tampering with the card. Hope to hear from you soon.

    Reply
  89. hi…thanks for giving such information to us.

    Reply
  90. Online Shopping and ATM Machines are now in day to day use.
    There should be something where customer is Protected

    Reply
    • Avatar Sharad PhadkeDecember 4, 2012 at 11:53 AM

      Many ATM machines has only face identifying camera in whole booth no other camera.

      Hance we have to take care ourselved.

      Reply
  91. Does this entire thing apply for Debit Card as well? If yes then pls guide me with which specific attacks or online shoppin/recharge should i avoid n relent on ?

    Reply
  92. Avatar HALGE PRASHANTDecember 3, 2012 at 11:01 PM

    THANKS FOR SUCH A VALUABLE INFORMATION

    Reply
  93. Avatar HALGE PRASHANTDecember 3, 2012 at 11:02 PM

    THANKS

    Reply
  94. Avatar Sharad PhadkeDecember 4, 2012 at 11:48 AM

    My friend have 2 cards. He uses only “A” Bank card for cash withdrawal from “B” bank ATM machine which is near his residance. He also have ATM card from “B” bank also but he never uses it for cash withdrawal. Unfortunately he kept pin for both card same.
    Now it is noticed that his “B” bank account is also debited withing 20 to 50 seconds difference 9 tmes in a year dooping him for 90,000/-
    “B” bank is not willing to to give him CCTV footage nor willing to provide footage at the time machine was balanced and refilled. They did show him that he is the person who used machine.
    Can any one highlight as to how this hakking has taken place?

    Reply
    • Rahul Thadani Rahul ThadaniDecember 5, 2012 at 10:30 AM

      Hi Sharad,
      This does not seem to be a case of hacking. There seems to be another issue here and it can only be resolved with the bank or with local authorities. Unfortunately, we cannot comment on this.
      Regards.

      Reply
  95. Thanks to QUICK Heal.
    I want know the added feathers in the latest (2013 or 2014) Quick heal Total Security, Internet Security. I want to renew mine.

    Reply
    • Rahul Thadani Rahul ThadaniFebruary 8, 2013 at 10:46 AM

      Hi Vijay,
      Kindly visit this link to read about the new features of the Quick Heal 2013 range of products. Thanks for choosing us.
      Regards.

      Reply