buy clone cards , the United States shifted from using insecure magnetic stripe in credit and debit cards to better-protected chip-and-PIN cards, which are regulated by the EMV standard. That’s a big step toward increasing the security of transactions and reducing card fraud, and one might think that the end is near for the kind of card fraud that relied on cloning.
However, our researchers recently discovered that a group of cybercrooks from Brazil has developed a way to steal card data and successfully clone chip-and-PIN cards. Our experts presented their research at the Security Analyst Summit 2018, and here we will try to explain that complex work in a short post.
whatsapp contact: +1(646)655-8021
general support: firstname.lastname@example.org
Jackpotting ATMs and beyond
While researching malware for ATM jackpotting used by a Brazilian group called Prilex, our researchers stumbled upon a modified version of this malware with some additional features that was used to infect point-of-service (POS) terminals and collect card data.
This malware was capable of modifying POS software to allow a third party to capture the data transmitted by a POS to a bank. That’s how the crooks obtained the card data. Basically, when you pay at a local shop whose POS terminal is infected, your card data is transferred right away to the criminals.Add product gallery images
However, having the card data is just half the battle; to steal money, they also needed to be able to clone cards, a process made more complicated by the chips and their multiple authentications.
The Prilex group developed a whole infrastructure that lets its “customers” create cloned cards — which in theory shouldn’t be possible.
To learn why it’s possible, you might first want to take a quick look at how EMV cards work. As for the cloning, we’ll try to keep it as simple as possible.
How the chip-and-PIN standard works buy clone cards
The chip on the card is not just flash memory, but a tiny computer capable of running applications. When the chip is introduced into a POS terminal, a sequence of steps begins.
The first step is called initialization: The terminal receives basic information such as cardholder name, card expiration date, and the list of applications the card is capable of running.
Second is an optional step called data authentication. Here, the terminal checks if the card is authentic, a process that involves validating the card using cryptographic algorithms. It’s more complicated than needs to be discussed here.
Third is another optional step called cardholder verification; the cardholder must provide either the PIN code or a signature (depending on how the card was programmed). This step is used to ensure that the person trying to pay with a card is actually the same person the card was issued for.
er optional step called cardholder verification; the cardholder must provide either the PIN code or a signature (depending on how the card was programmed). This step is used to ensure that the person trying to pay with a card is actually the same person the card was issued for.