Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Cybercriminals Could Be Cloning Payment Cards Using Stolen EVM Data

Cybercriminals are stealing EMV chip card data

Cybercriminals are stealing EMV chip card data

Cybercriminals could be stealing data from payment cards with EMV chips and using it to create magnetic stripe cards which they can use for card-present transactions, cybersecurity firm Gemini Advisory reported on Thursday.

EMV technology encrypts the information stored on a card and uses a unique encryption key that is generated for each card-present transaction to prevent malicious actors from conducting other transactions even if the information stored on the chip is compromised.

This has made it impossible for fraudsters to create clones of EMV cards, as they have done with magnetic stripe cards, from which data can be easily obtained and encoded on a blank card.

Many companies still haven’t fully implemented EMV card readers, which has forced card issuers to encode the data needed to make payments on both the magnetic stripe and the EMV chip. The main difference is that the magnetic stripe contains one card security code, or card verification value (CVV), while the chip stores a different code called integrated circuit card verification value (iCVV).

The problem is that some banks don’t check to ensure that the CVV is provided when the magnetic stripe is used and the iCVV is provided when the chip is used for a transaction.

This enables cybercriminals who can steal EMV card data to encode that data on a magnetic stripe, inserting the iCVV instead of the CVV that is expected to be on the magnetic stripe.

Researchers at Cyber R&D Lab conducted an experiment recently using Visa and MasterCard cards issued by 11 banks in the United States, United Kingdom and some EU countries, and found that four of them were not properly verified by banks, enabling fraudsters to make transactions using magnetic stripe cards that were generated with data obtained from EMV chips.

This EMV-bypass cloning technique may already be used by fraudsters in the wild, with Gemini Advisory pointing to two recent security incidents that involved hackers stealing data from cards that were compromised during EMV transactions. The impacted US companies, supermarket chain Key Food Stores and liquor store Mega Package Store, apparently lost more than 720,000 payment cards.

Advertisement. Scroll to continue reading.

Fraudsters could have used the stolen EMV data, which is believed to have been obtained as a result of a breach into the point-of-sale (PoS) systems at the two companies, to create magnetic stripe clones, which could then be used for fraudulent card-present transactions if the issuing bank fails to properly verify the CVV.

“While analysts have not found dark web chatter highlighting EMV-Bypass Cloning or malware capable of capturing such data from EMV-enabled POS devices, the Key Food Stores and Mega Package Store breaches came from two unrelated dark web sources. This indicates that the technique used to compromise this data is likely spreading across different criminal groups using advanced operational security (OPSEC),” Gemini Advisory explained.

Security blogger Brian Krebs pointed to a recent alert from Visa warning that known PoS malware families such as Alina, Dexter and TinyLoader were successfully used to steal payment card data from EMV chip-enabled PoS terminals.

Gemini Advisory said, “EMV technology may have changed the underground market for CP [card-present] records, but EMV-Bypass Cloning has opened the door for cybercriminals to sidestep the central security features of EMV chips and channel a new source of CP cards back into the underground CP market,”

Related: EMV Payment Cards: Salvation or Failure?

Related: Fraudsters Stole $680,000 Via MitM Attack on EMV Cards

Related: Collection of South Korean, U.S. Payment Cards Emerges on Underground Market

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.