arrow left facebook twitter linkedin medium menu play circle

Digital Fraud Wiki

Your source for the latest fraud intelligence, insights, research, and commentary.

Card Cloning

Cards are essentially physical means of storing and transmitting the digital information required to authenticate, authorize, and process transactions. This information mostly consists of card numbers, the cardholder’s name, security codes, expiration date, and a few others. Unfortunately, criminals can replicate this information and use it to commit fraud.

What is card cloning?

Card cloning is the process of replicating the digital information stored in debit or credit cards to create copies or clone cards. Also known as card skimming, this is usually performed with the intention of committing fraud. Once replicated, this information can be programmed into new or repurposed cards and used to make illicit purchases.

How does card cloning work?

The process and tools that fraudsters use to create counterfeit clone cards depends on the type of technology they are built with. 

Cards can store and transmit information in three ways:

  • Magnetic Stripe

If you look in the back of any card, you’ll find a gray magnetic strip that runs parallel to its longest edge and is about ½ inch wide. This stripe uses technology similar to music tapes to store information in the card and is transmitted to a reader when the card is “swiped” at the point of sale. 

Magstripe-only cards are being phased out due to the relative ease with which they are cloned. Given that they do not offer any encoding protection and contain static data, they can be duplicated using a simple card skimmer that can be purchased online for a few dollars. 

  • EMV Chip Cards

If you look in the front side of most newer cards, you will also notice a small rectangular metallic insert close to one of the card’s shorter edges. This is an EMV (which stands for EuroPay, Mastercard, and Visa) microchip, which uses more advanced technology to store and transmit information every time the card is “dipped” into a POS terminal.

EMV cards offer far superior cloning protection versus magstripe ones because chips protect each transaction with a dynamic security code that is useless if replicated.

Sadly but unsurprisingly, criminals have developed technology to bypass these security measures: card skimming. Even if it is far less common than card skimming, it should by no means be ignored by consumers, merchants, issuers, or networks. 

  • Contactless Cards

The newest cards in the market today are equipped with a third way of storing and transmitting information through radio-frequency identification technology (RFID). This allows them to communicate with card readers by simple proximity, without the need for dipping or swiping. Some refer to them as “smart cards” or “tap to pay” transactions. 

Contactless payments offer increased protection against card cloning, but using them does not mean that all fraud-related problems are solved. 

All cards that include RFID technology also include a magnetic band and an EMV chip, so cloning risks are only partially mitigated. Further, criminals are always innovating and come up with new social and technological schemes to take advantage of customers and businesses alike.

Examples of Credit Card Cloning Fraud

1. Card Skimming

Fraudsters create devices known as card skimmers that attach to point-of-sale terminals—commonly gas pumps, ATMs, and merchant card readers. These skimmers steal card information and store it for fraudsters to use in cloning the card. 

2. Carding

When fraudsters get stolen card information, they will sometimes use it for small purchases to test its validity. Once the card is confirmed valid, fraudsters alone the card to make larger purchases.

3. Data breaches

When fraudsters use malware or other means to break into a business’ private storage of customer information, they leak card details and sell them on the dark web. These leaked card details are then cloned to make fraudulent physical cards for scammers.

How big is the card cloning problem?

1.2 billion card transactions are performed worldwide every day (Statista), and massive amounts of money exchange hands through them. According to the FBI, skimming costs financial institutions and consumers more than $1 billion each year.

How to prevent card cloning?

  • Use Chip-Enabled Cards: Using credit or debit cards with chip technology (EMV) instead of magnetic stripe cards makes it harder for fraudsters to clone your card.
  • Avoid Suspicious ATMs: Look for signs of tampering or unusual attachments on the card insert slot and if something looks suspicious, find another machine.
  • Protect Your PIN: Shield your hand when entering your pin on the keypad to avoid prying eyes and cameras. Do not share your PIN with anyone, and avoid using easily guessable PINs like birth dates or sequential numbers.
  • Check Your Bank Statements: Review your credit card and bank statements regularly to spot unauthorized transactions. Report any you find to your financial institution immediately. 
  • Beware of Phishing Scams: Be cautious about providing your card information in response to unsolicited emails, calls, or messages. Legitimate institutions will never ask for sensitive information in this way.

Detect and prevent card cloning fraud with DataVisor

Hardware innovation is important to the security of payment networks. However, given the role of industry standardization protocols and the multiplicity of stakeholders involved, defining hardware security measures is beyond the control of any single card issuer or merchant. 

Instead, companies seeking to protect their customers and their revenue against payment fraud, including credit card fraud and debit card fraud, should implement a wholesome risk management strategy that can proactively detect fraudulent activity before it results in losses. 

DataVisor combines the power of advanced rules, proactive machine learning, mobile-first device intelligence, and a full suite of automation, visualization, and case management tools to stop all kinds of fraud and issuers and merchants teams control their risk exposure. Learn more about how we do this here.

We work with companies of all sizes who want to put an end to fraud. For example, a top global card network had limited ability to keep up with rapidly-changing fraud tactics. Decaying detection models, incomplete data and lack of a modern infrastructure to support real-time detection at scale were putting it at risk. DataVisor’s comprehensive, AI-driven fraud and risk solutions accelerated model development by 5X and delivered a 20% uplift in fraud detection with 94% accuracy. Here’s the complete case study.

References and further reading: