It seems cases of card cloning are on the rise. Three months into the year, debit card holders had already lost $200 000 to perpetrators of bank card cloning. Now it’s being reported Philip Chiyangwa’s nephew –Mike Harris Chiyangwa- was arrested (for the third time) on allegations of cloning people’s bank cards.
Mike Harris Chiyangwa is accused of having swindled more than $20 000 from his card cloning antics with one of his alleged victims losing as much as $14 000.
You’re probably wondering how Mike Harris got involved in card scheming and according to the state, some of the complainants are his customers as he has a transport business. It’s a bit chilling to know that even a business can outright steal from of its customers and you really begin to wonder how one can be safe if some businesses are involved in these acts.
Not only that…
Last week another card cloning gang was apprehended after they were caught stealing a POS machine at a Zuva service station. It was easy to identify the thieves because of the CCTV footage of the crime.
Why would they physically steal the machines?
Cases of card cloning have been on the rise for the past few months and you’re probably wondering what or how the thieves use these machines once they have got their hands on them. Scammers modify the machines and the data is then used to make a counterfeit card and thus funds in your account just start to disappear without your knowledge.
What can be done to stay safe
Back in March, we wrote an article on how to avoid incidences of card cloning and if you hadn’t read that, now might be a good time. You wouldn’t want to be the guy/girl who randomly receives messages informing you that $14 000 has been debited from your account without your knowledge.
Banks need to adopt safer standards
Banks have been issuing statements warning customers on the increased risk of fraud. I do not think this is enough. Perhaps the central bank should closely look into making sure all banks are issuing out chip cards to replace the existing magnetic strip cards. Chip cards are proven to be much more secure than magnetic cards but this added security comes at a cost. As mentioned before, the cost of adopting Chip Cards is not only limited to ordering the Chip cards but upgrading and replacing the existing debit and credit infrastructure so maybe the RBZ should require chip cards to be adopted by all banks by a certain date.
9 comments
A more cost effective and secure solution would be USSD and PUSH based MFA on purchases above a certain value. e.g $20
Bank cards are an inherently insecure method of transferring funds.
I have always refused to sign anything once l put my pin and lm always given the evil look. Do away with the magnetic strip and introduce AI inside banking infrastructure!!
AI help to detect unusual shopping habbits then block the card automatically if its out of ordinary. Lets say the owner makes a purchase in Harare CBD, with an hour another purchase is done in Vic Falls, that warrants an automatic card blocking straight away.
Bt as always, our banks are still decades behind.
I like how you all think but remember all solutions have their limitations either in funding or simply that you might not have considered all possibilities. For instance the AI blocking a card idea, it’s a good idea but what if I left my card home for my wife to use and I use the one registered on my phone to swipe at a magnetic terminal should that mean my account gets blocked and I can’t enjoy my vacation. Maybe having it as an option would work.
The most effective way is to try and protect your pin as the cardholder always. Try and make sure no one else is looking and block the view if you have to to make sure no recording devices can see it. The magnetic code without the pin is useless after all.
Or maybe have optional two factor authentication as a safeguard that is cost effective
You can go a step further with AI, you mind is the only limit. You can register a mobile which gets automatically dialed when suspicious transaction or purchases are, you then confirm via your mobile phone that you are aware and approve the transactions. If you dont, then the card is blocked and purchase rejected.
Simple!!
Rest easy fellow Zimbos, chip cards will be mainstream by November or December this year. RBZ already has implemented plans in motion.
Please note that you can’t just copy a chip card and use it elsewhere as is the case with magstripe. The chip on a bank card is not just a flash memory storage but an actual mini computer in itself which is activated when the circuit is completed by an ATM or POS machine.
Internationally like in Brazil as reported by Kasperky criminals use what is known as a pre play attack, i.e. install malware on POS devices which then intercepts your transaction information on its way to the bank. But even then you can’t just copy that information to another card as Chip cards contain logic which uses a randomly generated value from the ATM or POS to encrypt or decrypt the data.
Its a lot more expensive to copy chip cards as you need to have insider knowledge of bank chip application details as well as some pricey equipment to duplicate or modify the card.
ooh wow thats scary !!! eeeehhh !!! chop!
I think two pin verification would work well. One on the machine one your phone. Then they need to pins card and phone
There are many categories of fraud out there. The OTP (One-Time-PIN) mentioned above has already been compromised due to collusion between bank staff and fraudsters (in RSA). The mag stripe (tracks 1,2 &3) works well upon certain conditions being followed – a PIN entry AND signature PLUS the cardholder must produce positive ID. All 3 conditions reduce fraud at point of service. However, banks have card, daily, floor, transaction, merchant or supervisor limits etc which probably these fraudsters are abusing. Transactions under these limits do not seek authorisation assuming the 3 conditions stated above are observed. When a card is stolen or skimmed there is likely no positive ID and the signature is fake. Chances are offline transactions are being carried out on accounts that obviously have enough funding, otherwise these should be rejected when electronic banking takes place. Visa & Mastercard have very clear guidelines on card acceptance procedures but I doubt that these are being followed strictly as expected at point of service. CHIP cards (ISO7816 or ISO10536) are obviously more secure and difficult to clone but more expensive to produce, manage and maintain as levels of EMV standards transcend hardware through to host and stand-in processing including all middle-ware. One cannot rule out collusion between bank staff and merchants because not every card can be approved when there are insufficient funds, it is simply declined except when processed offline. You will be amazed at what can be checked/verified even using the mag stripe ISO7811 or ISO7813 – criminals have become more sophisticated. Let’s not forget that these systems where designed by engineers in countries where technology far outstrips ours in Zimbabwe.