Fraudsters' bugs transmit credit card details to Pakistan

Thieves have planted new sophisticated bugs in supermarket card readers so customer details can be cloned

Detectives are investigating a sophisticated credit card fraud against customers of some of Britain’s biggest supermarkets that may be linked to extremists in Pakistan. 

Fraudsters have targeted more than 40 stores in Britain, including those of Asda, Tesco and Sainsbury’s, in an elaborate scam that police say involves tiny devices inserted into the stores’ “chip and Pin” credit card readers. 

Specialists say the technology is the most advanced they have seen and is being used in supermarket chains across Europe. 

The devices, which are reported to have been made in China, are reading and storing selected customers’ Mastercard and personal identification numbers as the cards are inserted into readers at supermarket checkout tills.

The bugs transmit the information by wireless technology to Lahore, Pakistan, according to a senior American counter-intelligence official. 

Customers’ cards are then cloned and used to steal money from their credit and current accounts and to pay for items such as airline tickets on the internet. 

A senior British police source said he was unable to confirm reports in America that as much as $100m had been siphoned out of customers’ accounts. 

The fraud was revealed by Joel Brenner, the American government’s top counter-intelligence officer. He said: “Small but intelligent criminal organisations are pulling off transnational, multicontinental heists that only a foreign intelligence service would have been able to do a few years ago.” 

The US National Security Agency, which monitors electronic communications worldwide, is said to be tracking the case because of its links to Pakistan, which has become a base for Al-Qaeda. 

A counter-terrorism official in Britain emphasised yesterday that the authorities here had yet to uncover clear evidence of any scam linked to Al-Qaeda, but said they did not rule out the emergence of such evidence. 

This weekend MPs called for a full investigation. Patrick Mercer, a member of the Commons home affairs committee, said: “This is a deeply worrying matter and I hope the authorities aren’t in denial about any links to terrorism.” 

There is growing evidence that terrorist groups are resorting to sophisticated technology to raise money. 

Last month a London court convicted a Sri Lankan gang with suspected links to the Tamil Tiger terrorist group of running an elaborate credit card fraud at petrol stations across the country. 

Cameras installed in secret compartments in the ceilings above the credit card readers recorded motorists putting in their Pin numbers. Account information was also electronically copied as the cards were put into readers. This was sent abroad and employed to clone credit cards that were subsequently used around the world. 

A Mastercard spokesman declined to discuss details of the latest case but said safeguarding financial information was a top priority. 

Rising concern about the growth in credit card fraud has led Mastercard to improve monitoring of unusual or suspicious transactions. It has started sending automated calls to card holders’ mobile phones asking them to confirm recent transactions. 

In the latest scam the gang is suspected of having tampered with the chip and Pin machines, either during their manufacture in China or at some point after they came off the production line. 

A special chip is inserted behind the machine’s motherboard and it sends, by mobile phone, the details and Pins of selected cards to criminals in Lahore. Brenner said: “It was impossible to tell, even for someone working at the factory, that they had been tampered with.” 

Jemma Smith, a spokesman for Apacs, the interbank group that leads the fight against card fraud, said that a special police unit was investigating Pin pads at 40 stores, including those of Asda, Sainsbury’s and Tesco. 

“The police are aware of Pin pads having been tampered with, with devices inside them that wire information,” she said. However, no investigation by the unit had yet uncovered links to Lahore, she said. 

Shoppers at Asda in High Wycombe, Buckinghamshire, reported last month that their cards had been used to make illicit withdrawals overseas after they had visited the store. One customer said 25 withdrawals from his account, totalling £1,400, had been made in the US and Pakistan. 

The banking industry hoped that chip and Pin cards, introduced in February 2006, would help cut fraud. However, total card fraud losses increased by 14% in the six months to June 2008 compared with the first half of last year. Total card losses for this period were £301.7m, of which more than 40% was fraud abroad. continues here

Related Posts by Categories