Upon returning from a holiday trip this week, we received unsettling news. There has been a rash of mail theft emanating from our local post office. Our box of held mail seemed lighter than it should have been. And one envelope was slashed open; the gift card sent to us, missing.
Our experience fell in line with similar reports from around our neighborhood. It was a stark reminder that despite the wide adoption of chip cards, the lowly “magstripe” wallet card is still in wide use – and remains a prime target of thieves.
Related article: How fraudsters became so enamored with magstriped cards
Magstriped cards consist of magnetized particles impregnated on a thin band. This decades old technology is perfect for holding data, including account information. Anyone can easily extract this data from a magstriped card simply by purchasing a $70 card reader.
And it’s equally simple to purchase blank cards and impregnate their magnetic strips with whatever data you’d like. This intrinsic weakness of magstriped cards is exactly why U.S. banks finally got around to replacing mag-striped credit and debit cards with chips cards, years after banks in Europe, Canada and Asia.
There was a period from 2005 through 2008 when crime rings were taking account information stolen in data breaches of major U.S. retailers (Target, Home Depot,et. al,) creating faked credit cards, and then sending teams of mules to make thousands of dollar of purchases at the self-check out lines at Sam’s Club and WalMart.
That specific type of faked-credit-card fraud is no longer a big issue. But magstriped cards continue in wide use, not just for gift cards, but on employee access cards, public transit tokens, phone calling cards, even hotel card keys.
Retailers’ main precaution is to cover gift-card magstripes with a security decal. And cards are not activated until purchased and paid for. Think like a criminal here, and it should take only a few moments to see the opportunity.
Mailed gift cards, paid for, and ready for use in self-check out lines or via online shopping, obviously are the lowest hanging fruit. Thus the incentive for mail theft, especially this time of year.
It doesn’t stop there. Fraudsters are motivated, the risks are low and the payoffs lucrative. So they are creatively targeting gift cards hanging on the rack at your local supermarket or retailer – and making use of card readers.
One scheme is to steal the for-sale gift cards, peel off the security decal, read the card data, replace the decal, and replace the cards back on the for-sale rack where they came from. A spy then watches the rack, and as soon as one of the tampered cards gets purchase, an accomplice is alerted, who then makes on an online purchase.
That’s apparently what happened to a Denver man, Josh Layton, who was dismayed to learn a $50 gift card he purchased at the Highlands Ranch Walmart was nearly drained when we tried to use it. Layton says he spent 77 minutes on the phone with Walmart officials – but never got his money back.
Cybersecurity blogger Brian Krebs has filed this report about gift cards with tampered security decals discovered for sale at that same Walmart. If it’s happening there, it is almost certainly happening elsewhere, likely on a very wide scale.
Acquiring a bank gift card is as easy as buying a pack of gum at the grocery store or ordering a novel online. Thousands of banks, credit unions, supermarkets, drugstores and convenience stores offer them; they can be picked up at a grocery checkout line or ordered from online banking websites or sites such as iCardGiftCard.com. And they work at millions of restaurants and shops.
It’s no wonder mail theft has come to haunt our quaint, rural community. This is something all consumers should think about, and account for. Happy holidays.
This is a Security Bloggers Network syndicated blog post authored by bacohido. Read the original post at: The Last Watchdog