The President of the online payments company PayPal has recently revealed that his credit card information was cloned whilst he was on a trip to the United Kingdom. David Marcus voiced his opinions on the micro blogging social networking website, Twitter. He tweeted that a ‘ton’ of fraudulent transactions had been carried out via his account following the incident.
Marcus believes his card was ‘skimmed’ whilst he was in the UK. The process of ‘skimming’ a card is relatively straightforward (which is why it is quite dangerous), information is copied using an external ‘skimming’ device before being printed onto a new card. The cloned copy can then be used for fraudulent transactions.
It is often make possible by means of a device fixed to the front of a point-of-sale terminal or ATM that covertly copies credit and debit card information when customers put their cards into the machines to pay for a transaction or when they withdraw cash.
Marcus took the opportunity to inform people that the crime “wouldn’t have happened if (the) merchant accepted PayPal…Obfuscating card data online, on mobile, and now more and more offline remains one of PayPal’s strongest value props.”
Credit cardsin the US are typically less secure than those of the rest of the globe, because they do not have EMV technology (commonly known as “Chip and PIN”) but Marcus did actually reveal that this was a Chip and PIN type of credit card. He believes the skimming was likely to have happened via cloning of the magnetic strip on his card.
EMV chips, which validate credit and debit card transactions using a “Chip and PIN” machine, mad obsolete the process of signing a credit card receipt in the UK and much of Western Europe some time back now. The technology has had a slow up-take in the United States however, with a number of companies still using less secure and older, magnetic strip cards. MasterCard has this week confirmed that it will start rolling out Chip and PIN services in the US from October next year, with Visa are also saying that they are looking to implement the technology soon as well.
PayPal has put up with several attacks on its operations of late, most notably; coming under attack, only last week, from the notorious hacker group the Syrian Electronic Army. The SEA carried out the attack on the DNS infrastructure, which served the site. It redirected users logging onto the service to a web page of anti-US government information.