Secret Service Warns of Chip Card Scheme

Brian Krebs reports of a new scheme where new debit cards are intercepted in the mail and the chips on the cards are replaced with chips from old cards. Thieves can then start draining funds from the account as soon as the modified card is activated. The warning comes from the U.S. Secret Service. Krebs on Security reports: The reason the crooks don't just use the debit cards when intercepting them via the mail is that they need the cards to be activated first, and presumably they lack the privileged information needed to do that. So, they change out the chip and send the card on to the legitimate account holder and then wait for it to be activated. The Secret Service memo doesn't specify at what point in the mail process the crooks are intercepting the cards. It could well involve U.S. Postal Service employees (or another delivery service), or perhaps the thieves are somehow gaining access to company mailboxes directly. Either way, this alert shows the extent to which some thieves will go to target high-value customers.

Yeah - 3rd party postal overflow guys...

[RyanFenton]

Frequently during holiday periods (high mail flow), postal hubs take on outside contractors to handle those overflows. And those guys can be real scummy, to say the least.

One Christmas, I sent a care package to grandparents, including gift cards, and those were removed from the packaging, slit open from the envelopes, snapshot/sold as images with codes online, then thrown back in the package outside the envelopes. I was able to track it down (with a postal inspector and Amazon) to one of these overflow contractors, and although there's a few cases where they've been caught with hundreds of stolen gift cards - the relationship with the contracting organizations largely shield these crooks pretty constantly.

The Post Office can't hire extra real folks - because they're held to a crazy (Republican) demand that every employee get an absurd portion of their benefits completely pre-paid for life into a pool - way more than any other organization is held to - just as one of many attempts to strangle the organization. So, they're forced to play these games, and shield the folks screwing with the mail, lest they be unable to cover during holiday periods.

I can only imagine who the contracting groups are paying off to make this all possible, along with this latest mail-intercept racket.

Ryan Fenton

Re:Actiate, use, re-activate

[TheRaven64]

It's one of two things. Either the transaction itself correlated with fraudulent transactions, or the transaction didn't correlate with your own spending habits. Banks build fairly complex statistical models of spending and flag any outliers as potential fraud. The most amusing one of these for me was the registration fee for a DARPA PI meeting. Apparently my bank believes that paying money to the US government correlates strongly with fraud. Somewhat less helpfully, they insisted on calling me during UK business hours (i.e. in the middle of the night where I was) to confirm. After a very grumpy 4am conversation (the third time they'd woken me up that night, but the first time I'd managed to get to my phone before it stopped ringing) they gave me a 24-hour number that I could call from anywhere in the world.