by : Stan Jaslar
In Nashville, authorities apprehended a woman with 40 re-encoded cards. They found a man with 102 re-encoded cards in Chattanooga. In Michigan, two men used re-encoded cards to buy nearly $10,000 in gift certificates. These stories aren’t that uncommon. With the right technology and a bit of information, thieves can easily re-encode cards and potentially steal money from your customers’ accounts. To protect your financial institution, check out the answers to these questions.
What Are Re-encoded Cards?
Re-encoded cards have different information saved onto the strip than printed on the front of the card. For instance, someone may have a debit card with their own name and a dummy account number on the front, but the information in the strip reflects a different name and stolen account number.
Information on Magnetic Strips
The magnetic strips on debit cards, credit cards, and gift cards store data, and card readers decipher that data by noting the positioning of tiny (about 20 millionths of an inch) iron-based magnetic particles on the strip. Most strips feature three tracks of data, consisting of a blend of alphanumeric and numeric characters. For instance, some card printers may have space for 70 letters for your name in the first track, up to 40 numbers for your account number in second track, and up to 107 numbers in the third track for extra details.
The History of Re-encoding Cards
Re-encoding cards is not new. The scam started in the early 1990s. Between 1989 and 1991, Visa’s losses due to re-encoded cards jumped from zero to $39 million. As of 2018, there is about $2 billion in credit card fraud every year. That number includes all fraud involving counterfeit cards, not just encoded cards, and it’s been cut by more than half over the last four years due to technological changes and enhanced security in most cards.
How Re-encoding Scams Work
Also called encoding scams, re-encoding scams start when thieves steal or buy credit card numbers. For example, if a thief works at a restaurant, they may jot down the numbers from their customers’ credit cards. Then, they may use those numbers to encode other cards, or they may sell the information on the dark web and let other criminals handle the rest of the scam.
Then, the thieves use a coding machine to download the stolen data onto a card. In turn, they use that card to withdraw money from ATMs or to make purchases. Sometimes, the thieves emboss the stolen number onto the front of the card, but in most cases, thieves simply use cards with one set of information printed on the card and a different set of information encoded on the magnetic strip. Because most cashiers don’t check for that type of discrepancy, this type of fraud is easy to carry out.
The equipment to encode cards is sold freely. However, while this equipment cost about $600 in the early 1990s, it only costs about $80 right now. Additionally, while thieves from the early 1990s were largely self taught, a new generation of scammers just has to turn to YouTube to get instructions for this scam.
Encoding Chip Cards
EMV chips have made credit and debit cards safer, and this technology has reduced in-person credit card fraud. Chips can store about 100 times more data than magnetic strips, meaning that thieves have to steal and encode a lot more data than they do with strip cards. Thieves can also encode smart cards, but the process is more complicated as they need the ability to read more data from the stolen cards and upload more data to the blank cards. The equipment is also much more expensive, harder to find, and more complex to use.
Protecting Your Financial Institution
To protect your financial institution from this scam, you may want to increase the limits on your plastic card insurance, but you also need to take a more proactive approach. Make sure that the cards you send to customers are not activated until they are received by your customers. Even more importantly, ensure that you have software in place that can track customers’ spending habits and flag unusual activity as potential fraud.
Customer education is also important. Remind your customers to never share credit card numbers or other details with strangers over email, phone, or text. Also, tell them to be on the lookout for aberrations with credit card readers at store checkouts, gas pumps, and ATMs, as these readers may have skimmers to steal information that could be used to encode other cards and access the funds in your customers’ accounts. Additionally, make sure that your customers understand the importance of monitoring their accounts for unusual activity and emphasize the importance of alerting the bank immediately after a suspected breach.
To protect your financial institution and your customers, the right security software is essential. We can help you. Contact us today at SQN Banking Systems and learn how our security solutions can help you detect and stop fraud.