Can ATM cards with a chip be cloned?

New scam for fraud with debit cards

Status: 01/28/2019 2:05 p.m. | archive
In order to be able to withdraw money with an EC card, fraudsters always need the secret number (PIN).

The debit card stolen, the account plundered - that is a horror scenario for many people. Banks and savings banks usually refuse to reimburse the damage if the withdrawal has been made with the correct PIN. The banks argue that the EC or giro card system is secure and the PIN cannot be read from a stolen card.

The allegedly only way that card thieves could get the PIN is if the theft victim handled the PIN negligently, for example if the stolen customer kept the card together with his secret number or even noted the number on the debit card .

Experts uncover critical security gaps

In recent years, however, IT security researchers and hackers have proven several times that the supposedly secure EC card system is not as secure as the German banks claim. In 2012, IT experts from Security Research Labs Berlin succeeded in manipulating Verifone's most widely used EC card payment terminal in German retail at the time so that they could spy on card data and the PIN - without retailers, customers or banks having a chance to notice the manipulation and spying. In the worst scenario, according to the IT security researchers, attackers could bring hundreds of card payment terminals under their control and then record all the EC cards used there and their PIN numbers.

Perfidious scam: spy out your PIN and steal your debit card

Help, the card is gone!

If the credit card or giro card is stolen or lost, it should be blocked as soon as possible. Most card issuers have contacted the central emergency number on the telephone number 116 116 connected. The call is free of charge within Germany. The number also works with the prefix +49 from abroad.

In Germany, however, you can hardly do anything with card data and PINs alone. The original EC card is required to withdraw money from German ATMs. But how do criminals manage to get the correct PIN when a card is stolen? Research by Markt shows that criminal gangs have come up with a perfidious scam. The gangs work in a locally limited area, each concentrating on one city. At petrol stations, kiosks or in restaurants - i.e. wherever payment is made with EC cards - gang members try to watch the PIN being entered. Day in, day out, countless secret numbers are collected and reported to a gang member who saves them in a list. At the same time, so-called runners are on the road, who then steal EC cards in the city. As soon as the runners have a debit card, they call the gang member with the list. If there is a PIN for the card, the account will be ransacked.

60 cases a day

So far, the banks have insisted on their simple argument of negligence in the event of abuse, and many customers then probably shy away from a legal dispute with their bank. In 2017, around 22,000 cases of fraud involving EC cards were reported to the Federal Criminal Police Office in which the criminals had used the correct secret number. Statistically, this corresponds to about 60 cases per day. There are no figures on how often bank customers were left with their damage.

Don't get rid of it too quickly

Affected customers should not let themselves get rid of too quickly, because even now the stolen cardholders are not completely powerless to defend themselves against suspicion of negligence. One possibility is to prove that you used your card to pay or at the ATM shortly before the card was stolen. Then there is the possibility that the thieves spied out the secret number and then specifically stole the card when leaving the store, for example.

Insist on transaction logs

Bank customers who have been robbed have a statutory right to obtain information about the fraudulent withdrawal from the bank. The financial institutions must prove that authentication has taken place and that the payment process has been properly recorded, correctly booked and not impaired by a malfunction. Affected customers should therefore insist that the bank provide complete transaction logs. Experienced lawyers can determine inconsistencies in some cases on the basis of these protocols.

This topic in the program:

Market | 01/28/2019 | 8:15 pm