The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Credit Card Fraud

Bluetana App Quickly Detects Hidden Bluetooth Card Skimmers at Gas Pumps

Bluetana App Quickly Detects Hidden Bluetooth Card Skimmers at Gas Pumps

August 16, 2019Swati Khandelwal
In recent years, gas stations have become one of the favorite targets for thieves who are stealing customers' credit and debit card information by installing a Bluetooth-enabled payment card skimmers at gas stations across the nation. The media has also reported several recent crimes surrounding credit card skimmers, including: Gas pump skimmer found at a 7-Eleven in Pinellas County Credit card skimmer found at West Palm Beach gas station Credit Card Skimmer Found at Gas Station in Sunnyvale Several Gas Pump Credit Card Skimmers Found at Bay Area Stations Gas pump credit card skimmers found at Boerne stations Credit card skimmers target Anthem Circle K For those unaware, Bluetooth credit card skimmer is a tiny sneaky device designed to stealthily capture payment card information, like credit card holder's card number, expiration date and the full name, which nearby thieves then retrieve wirelessly over a Bluetooth connection. Since these devices have been des
Capital One Data Breach Affects 106 Million Customers; Hacker Arrested

Capital One Data Breach Affects 106 Million Customers; Hacker Arrested

July 30, 2019Swati Khandelwal
Another week, another massive data breach. Capital One, the fifth-largest U.S. credit-card issuer and banking institution, has recently suffered a data breach exposing the personal information of more than 100 million credit card applicants in the United States and 6 million in Canada. The data breach that occurred on March 22nd and 23rd this year allowed attackers to steal information of customers who had applied for a credit card between 2005 and 2019, Capital One said in a statement. However, the security incident only came to light after July 19 when a hacker posted information about the theft on her GitHub account. The FBI Arrested the Alleged Hacker The FBI arrested Paige Thompson a.k.a erratic, 33, a former Amazon Web Services software engineer who worked for a Capital One contractor from 2015 to 2016, in relation to the breach, yesterday morning and seized electronic storage devices containing a copy of the stolen data. Thompson appeared in U.S. District Court o
Hackers Stole Customers' Credit Cards from 103 Checkers and Rally's Restaurants

Hackers Stole Customers' Credit Cards from 103 Checkers and Rally's Restaurants

May 31, 2019Swati Khandelwal
If you have swiped your payment card at the popular Checkers and Rally's drive-through restaurant chains in past 2-3 years, you should immediately request your bank to block your card and notify it if you notice any suspicious transaction. Checkers, one of the largest drive-through restaurant chains in the United States, disclosed a massive long-running data breach yesterday that affected an unknown number of customers at 103 of its Checkers and Rally's locations—nearly 15% of its restaurants. The impacted restaurants [ name, addresses and exposure dates ] reside in 20 states, including Florida, California, Michigan, New York, Nevada, New Jersey, Florida, Georgia, Ohio, Illinois, Indiana, Delaware, Kentucky, Louisiana, Alabama, North Carolina, Pennsylvania, Tennessee, West Virginia and Virginia. After becoming aware of a "data security issue involving malware" at some Checkers and Rally's locations, the company launched an extensive investigation which r
Experts Reveal How Attackers Can Hack Your Credit Cards In Seconds

Experts Reveal How Attackers Can Hack Your Credit Cards In Seconds

December 06, 2016Swati Khandelwal
As India attempts an upgrade to a cashless society, cyber security experts have raised serious concerns and revealed how to find credit card information – including expiration dates and CVV numbers – in just 6 Seconds. And what's more interesting? The hack uses nothing more than guesswork by querying multiple e-commerce sites. In a new research paper entitled " Does The Online Card Payment Landscape Unwittingly Facilitate Fraud? " published in the academic journal IEEE Security & Privacy, researchers from the University of Newcastle explains how online payments remain a weak spot in the credit card security which makes it easy for fraudsters to retrieve sensitive card information. The technique, dubbed Distributed Guessing Attack , can circumvent all the security features put in place to protect online payments from fraud. The similar technique is believed to be responsible for the hack of thousands of Tesco customers in the U.K last month. The issue reli
Russian Lawmaker's Son Convicted of Stealing 2.9 Million Credit Card Numbers

Russian Lawmaker's Son Convicted of Stealing 2.9 Million Credit Card Numbers

August 29, 2016Wang Wei
The son of a prominent Russian lawmaker has been found guilty in the United States of running a hacking scheme that stole and sold 2.9 million US credit card numbers using Point-of-Sale (POS) malware, costing financial institutions more than $169 Million. Roman Seleznev , 32, the son of Russian Parliament member Valery Seleznev, was arrested in 2014 while attempting to board a flight in the Maldives, which sparked an international dispute between American and Russian authorities, who characterized the extradition as a " kidnapping ." Prosecutors introduced evidence from a corrupted laptop seized by the authorities at the time of his arrest.  "I don't know of any case that has allowed such outrageous behavior," said his lawyer, John Henry Browne. Also Read: How to Freeze Credit Report To Protect Yourself Against Identity Theft . According to the Department of Justice, Seleznev, who also went by the moniker ' Track2 ' online, was convicted in
This ATM Hack Allows Crooks to Steal Money From Chip-and-Pin Cards

This ATM Hack Allows Crooks to Steal Money From Chip-and-Pin Cards

August 05, 2016Swati Khandelwal
Forget about security! It turns out that the Chip-and-PIN cards are just as easy to clone as magnetic stripe cards. It took researchers just a simple chip and pin hack to withdraw up to $50,000 in cash from an ATM in America in under 15 minutes. We have been told that EMV ( Europay, MasterCard and Visa ) chip-equipped cards provides an extra layer of security which makes these cards more secure and harder to clone than the old magnetic stripe cards. But, it turns out to be just a myth. A team of security engineers from Rapid7 at Black Hat USA 2016 conference in Las Vegas demonstrated how a small and simple modifications to equipment would be enough for attackers to bypass the Chip-and-PIN protections and enable unauthorized transactions. The demonstration was part of their presentation titled, "Hacking Next-Gen ATMs: From Capture to Washout," [ PDF ]. The team of researchers was able to show the audience an ATM spitting out hundreds of dollars in cash. Here
Fraudsters Stole ¥1.4 Billion from 1,400 Japanese ATMs in Just 3 Hours

Fraudsters Stole ¥1.4 Billion from 1,400 Japanese ATMs in Just 3 Hours

May 23, 2016Mohit Kumar
In an era where major data hacks are on the rise, it is no surprise breaches on individuals are also up. In just three hours, over 100 criminals managed to steal ¥1.4 Billion ( approx. US$12.7 Million ) from around 1,400 ATMs placed in small convenience stores across Japan. The heist took place on May 15, between 5:00 am and 8:00 am, and looked like a coordinated attack by an international crime network. The crooks operated around 1,400 convenience store ATMs from where the cash was withdrawn simultaneously in 16 prefectures around Japan, including Tokyo, Osaka, Fukuoka, Kanagawa, Aichi, Nagasaki, Hyogo, Chiba and Nigata, The Mainichi reports . Also Read: Tyupkin Malware Hacking ATM Machines Worldwide Many ATM incidents involve a long-established technique called ' ATM Skimming ' in which criminals install devices to obtain card details via its magnetic stripe, or use ATM malware or from data breaches, and then work with so-called carders and money mules to pilfe
Ukrainian Hacker Admits Stealing Corporate Press Releases for $30 Million Profit

Ukrainian Hacker Admits Stealing Corporate Press Releases for $30 Million Profit

May 17, 2016Wang Wei
A 28-year-old Ukrainian hacker has pleaded guilty in the United States to stealing unpublished news releases and using that non-public information in illegal trading to generate more than $30 Million (£20.8 Million) in illicit profits. Vadym Iermolovych, 28, admitted Monday that he worked with two other Ukrainian hackers to hack into computer networks at PR Newswire, Marketwired and Business Wire, and steal 150,000 press releases to gain the advantage in the stock market. The defendants then used nearly 800 of those stolen news releases to make trades before the publication of the information, exploiting a time gap ranging from hours to 3 days. The trades would occur in "extremely short windows of time between when the hackers illegally accessed and shared the [news] releases and when the press releases were disseminated to the public by the Newswires, usually shortly after the close of the markets," said the Department of Justice in a press release . Thirty-two pe
Hacker arrested for ATM Skimming escaped from Prison

Hacker arrested for ATM Skimming escaped from Prison

March 08, 2016Mohit Kumar
A Romanian card skimmer arrested for being part of an international cybercrime group that used malware to plunder US$217,000 from ATMs has escaped from a Bucharest prison on Sunday morning (6th March). Renato Marius Tulli , 34, was being held at Police Precinct 19 in Bucharest, the capital of Romania, after being arrested together with 7 other suspects as part of a joint Europol, Eurojust, and DIICOT investigation on January 5, 2016. Tulli was part of a criminal gang specialized in robbing NCR-based ATMs. According to the federal authorities, the gang allegedly used a piece of malware, dubbed Tyupkin , to conduct what's known as Jackpotting attack and made Millions by infecting ATMs across Europe and beyond. Using Tyupkin malware, the criminals were able to empty cash from infected ATMs by issuing commands through the ATM's pin pad. Authorities announced on Monday that Tulli escaped with Grosy Gostel , 38, a man held for robbery charges, while both o
Casino Sues Cyber Security Company Over Failure to Stop Hackers

Casino Sues Cyber Security Company Over Failure to Stop Hackers

January 16, 2016Swati Khandelwal
IT security firm Trustwave has been sued by a Las Vegas-based casino operator for conducting an allegedly "woefully inadequate" investigation following a network breach of the casino operator’s system. Affinity Gaming , an operator of 5 casinos in Nevada and 6 elsewhere in the United States, has questioned Trustwave's investigation for failing to shut down breach that directly resulted in the theft of credit card data, allowing credit card thieves to maintain their foothold during the investigation period. The lawsuit, filed in the US District Court in Nevada, is one of the first cases of its kind where a client challenges a cyber security firm over the quality of its investigation following a hacking attack. Casino Sued an IT Security Firm Affinity Gaming said it hired Trustwave in late 2013 to analyze and clean up computer network intrusions that allowed attackers to obtain its customers' credit card data. It was reported that the details
Top 8 Cyber Security Tips for Christmas Online Shopping

Top 8 Cyber Security Tips for Christmas Online Shopping

December 21, 2015Wang Wei
As the most wonderful time of the year has come - Christmas , it has brought with itself the time of online shopping. According to National Retail Federation , more than 151 million people shopped in store, but more than 100 Million shopped online during Cyber Monday sales and even why wouldn't it be so given the vast conveniences of online shopping. It is quite visible in these days that more and more people are heading towards online shopping rather than the malls to purchase gifts for Christmas. However, the main question arises: Is it safe to do so? Especially with so many users sharing credit card information online. Here are some tips that you have to keep in mind before providing your credit card number and clicking, ' BUY ' 1. DO NOT CLICK On Suspicious Links Malicious links are sent by scammers who look more real than the original ones. As these links are specifically of the well-known sites like eBay and Flipkart, many online users fal
This $10 Device Can Guess and Steal Your Next Credit Card Number before You've Received It

This $10 Device Can Guess and Steal Your Next Credit Card Number before You've Received It

November 25, 2015Mohit Kumar
Imagine you have lost your credit card and applied for a fresh credit card from your bank. What if some criminal is using your new credit card before you have even received it? Yes, it's possible at least with this $10 device. Hardware hacker Samy Kamkar has built a $10 device that can predict and store hundreds of American Express credit card numbers, allowing anyone to use them for wireless payment transactions, even at non-wireless terminals. The device, dubbed MagSpoof , guesses the next credit card numbers and new expiration dates based on a cancelled credit card's number and when the replacement card was requested respectively. This process does not require the three or four-digit CVV numbers that are printed on the back side of the credit cards. Also Read:  How Hackers Can Hack Your Chip-and-PIN Credit Cards The tiny gadget would be a dream of any card fraudster who can pilfer cash from the stolen credit cards even after they have been blocked
How Hackers Can Hack Your Chip-and-PIN Credit Cards

How Hackers Can Hack Your Chip-and-PIN Credit Cards

October 21, 2015Khyati Jain
October 1, 2015, was the end of the deadline for U.S. citizens to switch to Chip-enabled Credit Cards for making the transactions through swipe cards safer. Now, a group of French forensics researchers have inspected a real-world case in which criminals played smart in such a way that they did a seamless chip-switching trick with a slip of plastic that it was identical to a normal credit card. The researchers from the École Normale Supérieure University and the Science and Technology Institute CEA did a combined study of the subject, publishing a research paper [ PDF ] that gives details of a unique credit card fraud analyzed by them. What's the Case? Back in 2011 and 2012, police arrested five French citizens for stealing about 600,000 Euros (~ $680,000) as a result of the card fraud scheme, in spite of the Chip-and-PIN cards protections. How did the Chip-and-Pin Card Fraud Scheme Work? On investigating the case, the researchers discovered that the n
How to Freeze Credit Report To Protect Yourself Against Identity Theft

How to Freeze Credit Report To Protect Yourself Against Identity Theft

October 03, 2015Swati Khandelwal
If your Social Security number gets hacked in any data breaches, including recently hacked T-Mobile , then there's a way to prevent hackers from misusing your identity (i.e. identity theft ). The solution here is that you can institute a security freeze at each of the three credit bureaus, Equifax , Experian , or TransUnion . Once frozen, nobody will be allowed to access your credit report, which will prevent any identity thieves from opening new accounts in your name. Because most creditors required to see your credit report before approving a new account. But, if they are restricted to see your file, they may not extend the credit or open a new account in your name. However, there are some disadvantages of doing so. 1.   Cost The cost of a security freeze differs by state (check yours here ). However, it is often free for already affected people, but the issue is – if you want to let anyone check your credit, you will need to pay a fee every time to
Chip-and-PIN Credit Cards and The Deadline: Here's What You need To Know

Chip-and-PIN Credit Cards and The Deadline: Here's What You need To Know

October 01, 2015Khyati Jain
October 1 Liability shift ENDS! Today, 1st October 2015 , is the deadline for US-based Banks and Retailers to roll out Chip-embedded Credit Cards ( powered by EVM Technology ) to customers that will make transactions more secure. EVM Technology stands for Europay , MasterCard and Visa -- a global standard for Payment Cards equipped with Chips used to authenticate chip card transactions. Starting Thursday, Merchants must have new Payment Terminals installed to accept Chip Cards in their stores or restaurants. Otherwise, they will be responsible for credit card frauds. Stephanie Ericksen, Visa's Vice President Risk Products said, " That's the date by which if a merchant doesn't have a chip terminal, and a counterfeit card is used at that location, they may be liable for that fraud on that transaction. '' 60% Customers Still have Old Credit Cards However, If you have not received a new credit card with chip technology, don't worry,
Web.com Hacked! Credit Card information of 93,000 Customers Compromised

Web.com Hacked! Credit Card information of 93,000 Customers Compromised

August 20, 2015Swati Khandelwal
Web.com, a Florida-based web hosting company with up to 3.3 Million customers, has suffered a data breach and may have compromised personal information and credit card data belonging to 93,000 of its clients . The company on Tuesday confirmed that some unknown hackers had breached one of its computer systems on August 13, 2015, and accessed personal information of nearly 93,000 customers. Web.com, with the goal to help small businesses succeed online, uncovered the unauthorized activity as part of its ongoing security monitoring and shutdown process. The stolen information includes: Credit Card information Actual Names associated with the payment cards Residential Addresses No other information belonging to customers, such as Social Security numbers , Verification Codes for the exposed credit cards, was affected by the data breach, according to the company. "The security of our customer information is a high priority for Web.com," Web.com CEO and Chairman David L. Brow
Let's Take a Selfie to Shop Online With MasterCard

Let's Take a Selfie to Shop Online With MasterCard

July 03, 2015Wang Wei
Difficulty in remembering complicated Passwords? Forget Passwords and Fingerprints now – and get ready to authenticate your online purchases with your SELFIES . MasterCard is experimenting a new app that would let you make online purchases by taking a selfie rather than typing a password, moving a step forward in the mobile payments evolution. This experimental ID Check security system uses the front camera of your mobile phone and "facial recognition" technology to get your payment done with a quick shot of your face. And MasterCard thinks this generation people will love it. " The new generation, which is into selfies...I think they will find it cool, " MasterCard President of Enterprise Safety and Security Ajay Bhalla told CNNMoney. " They'll embrace it ." How this new feature works? MasterCard will provide you a new mobile app to download in order to use the feature. After you make an online payment, the new app will
How Apple Pay Can Be Hacked to Steal Your Credit Card Details

How Apple Pay Can Be Hacked to Steal Your Credit Card Details

June 05, 2015Mohit Kumar
Today anywhere you go, you will come across Free or Public WiFi hotspots -- it makes our travel easier when we stuck without a data connection. Isn’t it? But, I think you’ll agree with me when I say: This Free WiFi hotspot service could bring you in trouble, as it could be a bait set up by hackers or cyber criminals to get access to devices that connects to the free network. This is why mobile device manufacturers provide an option in their phone settings so that the device do not automatically connects to any unknown hotspot and asks the owner for approval every time it comes across a compatible WiFi. Hackers can grab your Credit Card Data. Here’s How? Recently, security researchers from mobile security company ' Wandera ' have alerted Apple users about a potential security flaw in iOS mobile operating system that could be exploited by hackers to set up a rogue WiFi spot and then fool users into giving up their personal information, including credit card details. The l
Hacker Who Stole Money From Bill Gates Arrested in Philippines

Hacker Who Stole Money From Bill Gates Arrested in Philippines

April 13, 2015Mohit Kumar
What if you get into the bank account of the World’s most richest person? Maybe it could be difficult for you as well as I. But not for this guy… ... Konstantin Simeonov Kavrakov , a Bulgarian hacker, who hacked into the ATM and stole thousands of dollars from the bank account of Microsoft mogul Bill Gates with fake ATM cards arrested in Philippines, according to the Philippine National Police. The 31-year-old man was arrested red-handed by the Philippine National Police while he was withdrawing cash from an ATM using fake cards. He had stolen tens of thousands of dollars from many victims by hacking into the automated teller machines (ATMs). In 2011, Kavrakov got arrested and was jailed in Paraguay for hacking into the Bill Gates' account in The Philippines' densely-populated Quezon City and stealing thousands of dollars. Since then Kavrakov was on the hit list of many countries police. During the arrest, the police recovered seven cloned credit card
Beware of Skimming Devices Installed on the ATM Vestibule Doors

Beware of Skimming Devices Installed on the ATM Vestibule Doors

March 19, 2015Wang Wei
Despite anti-skimmer ATM Lobby access control system available in the market, we have seen a number of incidents in recent years where criminals used card skimmers at ATM doors. Few years back, cyber criminals started using card skimmers on the door of the ATM vestibule , where customers have to slide their credit or debit cards to gain access to the ATM. The typical ATM Skimming devices are used by fraudsters capture both magnetic stripe data contained on the back of a debit or credit card as well as the PIN number that is entered by the customer when using the ATM. In recent case discussed by Brian, cyber criminal installed the card skimming device on the ATM Lobby Card Access Control and a pinhole hidden camera pointed at the ATM's keyboard. Basically, it's an ATM skimmer that requires no modification to the ATM. The card skimmer hidden on the ATM door records the debit and credit card information , and the pinhole camera records the PIN number the
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.