Smart Cards: The ABC of Hacking and 5 Tested Ways to Protect Your Cards: Part 3

RF-blocking leather passport and credit card wallets. Although a tinfoil or an aluminum foil can

block radio wave frequency, and probably the most inexpensive way to protect your ePassports

contactless credit cards, or any smart cards, a leather-coated tinfoil may be a better and

more fashionable alternative. Image courtesy from IDStronghold

Last Updated: December 23,2010 10:20AM

Credit card fraud is billions of dollar business. In US alone,the Boston-based research firm Aite Group LLC has issued a report recently that it costs about $8.6 billion annually. Among these card fraud include in different forms such as cards not present, counterfeit cards, lost/stolen card fraud and first party fraud.

Trustwave company also released a study thru SpiderLabs, which shows that over 38% of credit card hacking-related crimes last year involved hotels than other industries. Other sectors that were cited in the study that were involved with credit card fraud include: the restaurants and bars industry, 13%; the retailing industry, 14.2%; and the financial service industry, 19%.

For this last installment series on contactless smart card, I would like to focus more on how smart cards can be counterfeited or hacked and practical yet effective ways to protect them. It is not a question whether credit cards in general can be hacked or not, but how and when. There are numerous ways, but I will just mention at least 6 for this post:

Corporate and financial database hack.

Compromising corporate secured system and stealing customers’ database of sensitive information are harder tasks to perform compared to other forms of hacking, but once successful, it would be very devastating and could cost the company’s entire business, customers lost of confidence, or even the entire credit card industry.

Just 3 years ago, at least 45.7 million credit and debit card users are at risk following a security breach with the TJ Maxx database. Another example of database hack was 2 years ago: The Best Western hotel chain has suffered one of the world’s largest credit card hacks which compromised at least 8 million customers. Just last year, 7 Eleven chain of stores, Heartland, etc. suffered customer data theft from hackers who broke into the database’s firewall and stole at least 130 million credit cards information. The company has paid 12 million to cards issuers already.

Stolen or Lost Cards.

Every credit card transaction, online or offline, is assumed valid until it is proven otherwise. Although you may have zero liability for fraudulent purchases against your card, you are still liable for transactions if you do not report an incident promptly. If you do not report any stolen or lost card immediately to your card issuer, you are putting a greater risk for fraudulent purchases against your account.

CNP (Card Not Present) Transactions

These types of transactions are anything done thru online shopping, mail-orders, and phone orders. Merchants are not fully aware of the identity of the shopper. They simply rely on the information based on the card information being provided. Sure there are countermeasures and safeguards, but since online payment systems vary from merchant to merchant, credit fraud creates a lot of opportunities and has a lot of real estate to offer for hackers.

How does a merchant spot that the credit card an online buyer uses a legitimate or cloned when all the information the buyer have provided are true and accurate? Honestly, a merchant does not concern about it. But the real card holder may only determine it AFTER a fraudulent purchase has been done AND recognized that it was a counterfeit. It is even harder to spot a fraudulent transaction when the counterfeit user analyze and mimic the card holder’s spending patterns and shopping behavior.

It is not hard to perform online purchases using a counterfeit credit information. Because such information needed to complete a transaction can be obtained easily from an RF reader, or from a Chip and PIN reader (if you happened to live in UK), or from a skimmed credit cards that card holders use for payment at bars and restaurants.

Peer-to-Peer network credit card theft.

Some of you may have used a peer-to-peer client software such as BitTorrent, LimeWire, etc. at some point. This is probably one of the easiest ways to steal credit cards numbers and information stored in computers connected to a P2P network or uses a file-sharing client software.