Sunday, November 26, 2006

India Deals with the Problem of Credit/Debit Card Cloning

We read a lot of stories about credit/debit card skimming in the West, but see very few stories about it in other parts of the world.

India, which has become a giant in IT circles is now being victimized by the problem.

In May, I did a post about cloned credit/debit cards showing up in India. Since then I've had the pleasure of corresponding with a "security person," who is sharing information with me regarding the scope of the problem.

In November, in another case, there were more arrests in three Indian cities - 6 skimmers, laptops, a desktop and cards were seized.

The activity was facilitated with the collusion of waiters and shop-keepers.

According to my "source," more card-skimming has been uncovered and the Indian authorities are hot on it's trail. We can probably expect to see a few more criminals arrested in the not so distant future.

Until recently, cloned cards were normally sent in the mail from other destination points in Asia.

Recently, the news media was awash with stories of information being compromised at call centers in India. The industry and the government in India have quickly moved to enact legislation to counter this threat.

The stories got a lot of attention (probably because it happened in India), but in reality, information and data breaches are happening (with too much frequency), worldwide.

India seems to be proactive (refreshing) in taking legal measures, which are far more effective that technological countermeasures, to protect it's citizens and the industry, itself.

Of note, the recent skimming/cloning activity seems to have been introduced by British based gangs and the UK is suffering a "large" issue with this type of activity.

Video (interesting) on skimming in India from IBN, here.

Interesting and "informative" discussion about cyber-law in India by Praveen Dalal, here.

1 comment:

Gary said...

Hi Ed.

Your comments in this and other blog entries regarding the apparent prevalence of card skimming and other attacks in the UK are thought-provoking. There may well be some truth to your assertion although I'm not (yet) totally convinced. In particular, the UK's move from magstripe to chip-and-pin cards, now well advanced if not complete, is surely going to reduce the incidence of card frauds in the UK ... but perhaps not necessarily elsewhere. So long as cards continue to carry magstripes as well as chips, the skimmers will be able to clone magstripe cards from anywhere and use them in those places that have yet to implement chip-and-pin, including (I suspect) here in New Zealand. The Visa EMV programme (and presumably similar ones by Mastercard and Amex and the others) are pressing hard to get the whole world up to chip-and-pin ASAP. Countries and banking systems that are dragging their feet and clinging on to magstrip technologies for whatever reason are surely inviting the fraudsters to move in, set up business and start exploiting the local financial institutions as well as their customers.

I wonder when the card suppliers and banks in the UK will finally get around to removing the magstripes from their cards, making it much more difficult (but still not impossible) to clone cards? They are no doubt worried about the impact on customers who may wish to use their cards in non-chip-and-pin retailers (are there any left in the UK now?) or travel to non-chip-and-pin countries (like NZ), but at some point the change is inevitable. Perhaps, meanwhile, they will compromise by offering non-magstripe cards to customers who request them ... or some enterprising company will offer a card demagnetising service?

Keep up the good work. I always enjoy reading your blog.

Best wishes for 2007,