Recently, the so-called carding - theft from bank plastic cards - has been very popular among computer scammers. Such criminals are well armed with knowledge and have in their arsenal a number of special technical means that allow them to steal information from bank cards.
There are many known fraudulent schemes used to steal money from plastic cards. Which of them are found in our country? And how do Belarusian cardholders themselves contribute to thefts from their card accounts?
Card is different: “white plastic” and “Lebanese loop” as the main means of fraud.
For a long time now, the bulk of computer crimes has been theft using bank cards. First of all, the details of cards issued by foreign banks are affected. However, given the accelerated pace of development of electronic payments in our country, the situation may change significantly towards the predominance of domestic payment systems. A similar point of view is shared by foreign law enforcement officers who monitor processes in the Russian-language segment of the World Wide Web.
“The methods of stealing funds from personal bank cards are very extensive and varied,” says Dmitry Ostapovich, head of the detective agency Ostap and Partners.
Until recently, the most common of them was an almost philistine method: when an inattentive cardholder forgot a bank card at an ATM, the attackers, without hesitation, withdrew funds from it. Joint response measures taken by the Ministry of Internal Affairs with the support of bank management stopped this possibility: fraudsters were no longer able to access payment information thanks to preventive technical measures. The ATM software was modified, after which each repeated transaction using the same plastic card required a new PIN code.
However, gullible ordinary people sometimes do not even suspect that they themselves provoke scammers into criminal actions. There are still well-known cases where criminals obtained a PIN from a piece of paper attached to a card, or wrote it off from the back of the bank card itself. If the card was forgotten at an ATM or stolen from the owner’s bag or pocket, the attacker could easily withdraw cash from it. Such “notes in the margins”, of course, help keep the necessary information in front of your eyes - but you should not neglect the basic aspects of security either.
“Today, the level of user culture has increased significantly,” notes the head of the detective agency “Ostap and Partners” Dmitry Ostapovich. – Plastic card holders have become more attentive, and now, when writing down a PIN code, its owners either disguise the numbers as a house/apartment/mobile phone number, or simply rearrange the numbers. As a result, one can observe a noticeable increase in the reduction in the number of crimes committed using counterfeit cards.
As for the “not genuine” ones, we should dwell in more detail on the technologies for their production. The stolen details are applied to the so-called “white plastic”. In fact, these are ordinary plastic blanks for bank cards. After this, the newly minted millionaires go on their criminal business. And the owners of bank accounts are clutching their heads: where have their hard-earned savings gone? Similar crimes are multi-episode: there are known facts when the criminal committed hundreds or thousands of illegal transactions before his arrest.
The arsenal of carders is very extensive and varied
For example, several years ago in the city of Grodno and the Belarusian capital, unknown criminals cashed out funds using more than 100 counterfeit plastic cards at various ATMs. The fraudsters were detained right at the crime scene near one of the Minsk ATMs when they tried to withdraw money using a fake card. They turned out to be foreigners: two residents of the Republic of Georgia and two citizens of Turkey. When the scammers’ apartment was searched, they found as many as 107 fake bank cards.
Another 40 cards and more than 50 million Belarusian rubles were found in the car in which the criminals moved around the city. An almost similar situation occurred at the end of 2013, when unknown fraudsters stole more than 90 million rubles from card accounts of leading Belarusian banks. As it turned out later, the criminals used a special device that allowed them to copy information from the magnetic stripe of a bank plastic card without the client’s knowledge and obtain its PIN code. In a similar way, information was stolen from the bank cards of more than 1,000 clients of various financial institutions.
Police officers identified the suspects in this crime; they turned out to be four residents of Bulgaria and a citizen of the Republic of Lebanon. Two criminals - a Bulgarian and a Lebanese - were arrested. The rest of the Bulgarians were handed over to the police of their native country.
- What other types of crimes related to the theft of bank cards can you identify?
- I would like to note such a common phenomenon as skimming. A skimmer is a reading device that allows you to remotely identify a PIN code. It is attached to the back of the ATM keyboard and is almost invisible to the user. You can often find skimmers that are so well made that it is almost impossible to detect their presence in an ATM.
Such systems can only be identified thanks to the efforts of specialists from the bank’s technical service group, who check ATMs for functionality during scheduled inspections. The number of skimming-related crimes ranges from 3 to 5-6 per year. The portrait of an attacker is very diverse: it can be either an advanced user or a half-educated student. Sometimes it is foreigners who steal details, sometimes it is our compatriots. It should be noted that theft from electronic accounts (both skimming and shimming) requires significant costs for the purchase of the equipment itself. And, since the salaries and total incomes of Belarusians are not very high, this method does not always justify itself.
There is also a less technologically advanced criminal “gadget” called the “Lebanese loop”. This is a special device that blocks the card reader. A user who finds it difficult to return the card dials the PIN code again on the recommendation of the person standing behind. He doesn’t know only one thing: that the “well-wisher” is writing down the code. The card is not returned, and the angry client goes to the bank, while the “adviser” removes the card from the card reader and withdraws cash. Today, payment card data has become the subject of criminal trading on closed card card web sites. A number of forums and websites represent a real “black market” for trading dumps – stolen data.
The most famous Belarusian IT criminal was Sergei Pavlovich, known in hacker circles under the nickname Policedog. The cyber attacker was sentenced to 10 years in prison. This conviction was already the second in a row of the sensational villain, but the first term did not teach him anything. Pavlovich was the initiator and creator of a closed website on which there was active trading in stolen dumps. Each issuer had its own prices and recommendations for cashing out funds in the payment systems of a particular country. A well-functioning system was supported by a group of people who helped the criminal in his plans. Pavlovich’s “associates” launched such extensive activities that law enforcement officers could not help but notice them.
As we found out during the investigation, the criminal had been running closed world-class carder forums for about five years. Information was also released that the attacker had launched a very unusual underground service for cashing out stolen funds: through email, he was looking for US residents who, for a small fee, purchased household appliances, CDs, books and other goods from online stores, paying using stolen funds. users of money. If we talk about the quantity of atrocities committed by computer criminals, it often greatly exceeds the quality. Most criminal cases related to carding are successfully solved by law enforcement agencies in their initial stages. Fraudsters created and maintained a resource for a long time to resell stolen payment details.
White plastic
The fraudster was detained on suspicion of committing these crimes (Article 212 of the Criminal Code of the Republic of Belarus Theft through the use of computer equipment). On the same day, in Prague (Czech Republic), at the request of the US intelligence services, the basis for which was information received from the Ministry of Internal Affairs of the Republic of Belarus, his accomplice, also a citizen of Belarus, was detained.
Last year there was a case where fraudsters sealed a cash dispenser with tape. Since the ATM software was not updated, criminals managed to deceive a large number of plastic card users. Our employees also detained fraudsters who illegally gained access to the payment accounts of foreigners. At first, young people limited themselves to clothing carding - they ordered goods through online stores with subsequent payment. After this, the criminals began to look for ways to cash out the stolen currency. The transaction amounts on foreign accounts were so impressive that the bank’s management contacted law enforcement agencies. This made it possible to timely identify and neutralize attackers.
Arguments and facts: will we defeat carding?
Of course, the culture of user behavior and citizens’ awareness of legal issues are increasing from year to year, states Dmitry Ostapovich . - However, a large number of carding frauds still occur in Belarus. Therefore, it is necessary to be vigilant: the most effective way to avoid becoming a victim is to be aware and attentive, as well as legally and technically savvy. As part of a production meeting with our British colleagues, the problem of carding from an international perspective was actively discussed.
Representatives of Foggy Albion made a number of constructive forecasts and recommendations. It is assumed that the exponentially growing number of electronic payments will allow attackers to integrate deeper and deeper into these processes. This is a very pressing problem that requires lengthy and detailed consideration.
One of the main aspects of resolving it is cooperation with bank management. The scale of the problem will be fully developed when law enforcement agencies have sufficient information regarding the susceptibility of bank payment systems to attacks by carders. Of course, image considerations do not allow commercial structures to widely disclose such information, but it is still possible to establish working contacts. In addition, bank management is trying to solve the problem of comprehensive protection of its own systems on its own.
Today, by decision of the Head of the National Bank, the creation of a special interdepartmental group was initiated, which included specialists from the Department for solving crimes in the field of high technologies. The group developed and approved a set of measures to prevent theft of funds from user card accounts, as well as the use of counterfeit cards. The creation of a forum was also initiated for the active exchange of information between cardholders about incidents and the provision of feedback to banking specialists responsible for security. As a result, we can quite rightly say that the fight against carding is being carried out systematically and comprehensively. Which certainly bore fruit.
(c) https://pikabu.ru/story/sovremennyiy_karding_sushchestvuet_li_protivoyadie_10723683
There are many known fraudulent schemes used to steal money from plastic cards. Which of them are found in our country? And how do Belarusian cardholders themselves contribute to thefts from their card accounts?
Card is different: “white plastic” and “Lebanese loop” as the main means of fraud.
For a long time now, the bulk of computer crimes has been theft using bank cards. First of all, the details of cards issued by foreign banks are affected. However, given the accelerated pace of development of electronic payments in our country, the situation may change significantly towards the predominance of domestic payment systems. A similar point of view is shared by foreign law enforcement officers who monitor processes in the Russian-language segment of the World Wide Web.
“The methods of stealing funds from personal bank cards are very extensive and varied,” says Dmitry Ostapovich, head of the detective agency Ostap and Partners.
Until recently, the most common of them was an almost philistine method: when an inattentive cardholder forgot a bank card at an ATM, the attackers, without hesitation, withdrew funds from it. Joint response measures taken by the Ministry of Internal Affairs with the support of bank management stopped this possibility: fraudsters were no longer able to access payment information thanks to preventive technical measures. The ATM software was modified, after which each repeated transaction using the same plastic card required a new PIN code.
However, gullible ordinary people sometimes do not even suspect that they themselves provoke scammers into criminal actions. There are still well-known cases where criminals obtained a PIN from a piece of paper attached to a card, or wrote it off from the back of the bank card itself. If the card was forgotten at an ATM or stolen from the owner’s bag or pocket, the attacker could easily withdraw cash from it. Such “notes in the margins”, of course, help keep the necessary information in front of your eyes - but you should not neglect the basic aspects of security either.
“Today, the level of user culture has increased significantly,” notes the head of the detective agency “Ostap and Partners” Dmitry Ostapovich. – Plastic card holders have become more attentive, and now, when writing down a PIN code, its owners either disguise the numbers as a house/apartment/mobile phone number, or simply rearrange the numbers. As a result, one can observe a noticeable increase in the reduction in the number of crimes committed using counterfeit cards.
As for the “not genuine” ones, we should dwell in more detail on the technologies for their production. The stolen details are applied to the so-called “white plastic”. In fact, these are ordinary plastic blanks for bank cards. After this, the newly minted millionaires go on their criminal business. And the owners of bank accounts are clutching their heads: where have their hard-earned savings gone? Similar crimes are multi-episode: there are known facts when the criminal committed hundreds or thousands of illegal transactions before his arrest.
The arsenal of carders is very extensive and varied
For example, several years ago in the city of Grodno and the Belarusian capital, unknown criminals cashed out funds using more than 100 counterfeit plastic cards at various ATMs. The fraudsters were detained right at the crime scene near one of the Minsk ATMs when they tried to withdraw money using a fake card. They turned out to be foreigners: two residents of the Republic of Georgia and two citizens of Turkey. When the scammers’ apartment was searched, they found as many as 107 fake bank cards.
Another 40 cards and more than 50 million Belarusian rubles were found in the car in which the criminals moved around the city. An almost similar situation occurred at the end of 2013, when unknown fraudsters stole more than 90 million rubles from card accounts of leading Belarusian banks. As it turned out later, the criminals used a special device that allowed them to copy information from the magnetic stripe of a bank plastic card without the client’s knowledge and obtain its PIN code. In a similar way, information was stolen from the bank cards of more than 1,000 clients of various financial institutions.
Police officers identified the suspects in this crime; they turned out to be four residents of Bulgaria and a citizen of the Republic of Lebanon. Two criminals - a Bulgarian and a Lebanese - were arrested. The rest of the Bulgarians were handed over to the police of their native country.
- What other types of crimes related to the theft of bank cards can you identify?
- I would like to note such a common phenomenon as skimming. A skimmer is a reading device that allows you to remotely identify a PIN code. It is attached to the back of the ATM keyboard and is almost invisible to the user. You can often find skimmers that are so well made that it is almost impossible to detect their presence in an ATM.
Such systems can only be identified thanks to the efforts of specialists from the bank’s technical service group, who check ATMs for functionality during scheduled inspections. The number of skimming-related crimes ranges from 3 to 5-6 per year. The portrait of an attacker is very diverse: it can be either an advanced user or a half-educated student. Sometimes it is foreigners who steal details, sometimes it is our compatriots. It should be noted that theft from electronic accounts (both skimming and shimming) requires significant costs for the purchase of the equipment itself. And, since the salaries and total incomes of Belarusians are not very high, this method does not always justify itself.
There is also a less technologically advanced criminal “gadget” called the “Lebanese loop”. This is a special device that blocks the card reader. A user who finds it difficult to return the card dials the PIN code again on the recommendation of the person standing behind. He doesn’t know only one thing: that the “well-wisher” is writing down the code. The card is not returned, and the angry client goes to the bank, while the “adviser” removes the card from the card reader and withdraws cash. Today, payment card data has become the subject of criminal trading on closed card card web sites. A number of forums and websites represent a real “black market” for trading dumps – stolen data.
The most famous Belarusian IT criminal was Sergei Pavlovich, known in hacker circles under the nickname Policedog. The cyber attacker was sentenced to 10 years in prison. This conviction was already the second in a row of the sensational villain, but the first term did not teach him anything. Pavlovich was the initiator and creator of a closed website on which there was active trading in stolen dumps. Each issuer had its own prices and recommendations for cashing out funds in the payment systems of a particular country. A well-functioning system was supported by a group of people who helped the criminal in his plans. Pavlovich’s “associates” launched such extensive activities that law enforcement officers could not help but notice them.
As we found out during the investigation, the criminal had been running closed world-class carder forums for about five years. Information was also released that the attacker had launched a very unusual underground service for cashing out stolen funds: through email, he was looking for US residents who, for a small fee, purchased household appliances, CDs, books and other goods from online stores, paying using stolen funds. users of money. If we talk about the quantity of atrocities committed by computer criminals, it often greatly exceeds the quality. Most criminal cases related to carding are successfully solved by law enforcement agencies in their initial stages. Fraudsters created and maintained a resource for a long time to resell stolen payment details.
White plastic
The fraudster was detained on suspicion of committing these crimes (Article 212 of the Criminal Code of the Republic of Belarus Theft through the use of computer equipment). On the same day, in Prague (Czech Republic), at the request of the US intelligence services, the basis for which was information received from the Ministry of Internal Affairs of the Republic of Belarus, his accomplice, also a citizen of Belarus, was detained.
Last year there was a case where fraudsters sealed a cash dispenser with tape. Since the ATM software was not updated, criminals managed to deceive a large number of plastic card users. Our employees also detained fraudsters who illegally gained access to the payment accounts of foreigners. At first, young people limited themselves to clothing carding - they ordered goods through online stores with subsequent payment. After this, the criminals began to look for ways to cash out the stolen currency. The transaction amounts on foreign accounts were so impressive that the bank’s management contacted law enforcement agencies. This made it possible to timely identify and neutralize attackers.
Arguments and facts: will we defeat carding?
Of course, the culture of user behavior and citizens’ awareness of legal issues are increasing from year to year, states Dmitry Ostapovich . - However, a large number of carding frauds still occur in Belarus. Therefore, it is necessary to be vigilant: the most effective way to avoid becoming a victim is to be aware and attentive, as well as legally and technically savvy. As part of a production meeting with our British colleagues, the problem of carding from an international perspective was actively discussed.
Representatives of Foggy Albion made a number of constructive forecasts and recommendations. It is assumed that the exponentially growing number of electronic payments will allow attackers to integrate deeper and deeper into these processes. This is a very pressing problem that requires lengthy and detailed consideration.
One of the main aspects of resolving it is cooperation with bank management. The scale of the problem will be fully developed when law enforcement agencies have sufficient information regarding the susceptibility of bank payment systems to attacks by carders. Of course, image considerations do not allow commercial structures to widely disclose such information, but it is still possible to establish working contacts. In addition, bank management is trying to solve the problem of comprehensive protection of its own systems on its own.
Today, by decision of the Head of the National Bank, the creation of a special interdepartmental group was initiated, which included specialists from the Department for solving crimes in the field of high technologies. The group developed and approved a set of measures to prevent theft of funds from user card accounts, as well as the use of counterfeit cards. The creation of a forum was also initiated for the active exchange of information between cardholders about incidents and the provision of feedback to banking specialists responsible for security. As a result, we can quite rightly say that the fight against carding is being carried out systematically and comprehensively. Which certainly bore fruit.
(c) https://pikabu.ru/story/sovremennyiy_karding_sushchestvuet_li_protivoyadie_10723683
