‘Ban­dits’ use card trick

Tech-savvy scam­mers ex­ploit flaw in se­cu­rity

Daily Mercury - - TRENDING - ALLY FOSTER

AUSSIE busi­ness own­ers are be­ing warned to watch out for a sneaky new Eft­pos scam in which mul­ti­ple stores have al­ready been ripped off by thou­sands of dol­lars.

A group of alleged scam­mers, dubbed the ‘Eft­pos Ban­dits’ have been ex­ploit­ing a se­cu­rity loop­hole to tar­get at least two cam­era stores in Perth.

CCTV at Cam­era House caught the so­phis­ti­cated rort in ac­tion, show­ing two women ap­pear­ing to buy two cam­eras for $15,000.

It looks just like any other trans­ac­tion, with one of the women chat­ting to the cashier while the other pulls out her credit card ready to put it into the ma­chine – but this is where the con be­gins.

Just be­fore she in­serts the card the woman glances at her phone for a few sec­onds. To the shop worker this is noth­ing out of the or­di­nary but, in those few mo­ments, she is al­legedly mem­o­ris­ing the de­tails of a stolen credit card.

“She got her own credit card, she put it into the ter­mi­nal, but didn’t push it all the way through, so it didn’t reg­is­ter,” shop owner Lid­dio told A Cur­rent Af­fair.

“She can­celled our trans­ac­tion and went in man­u­ally and typed in a stolen credit card num­ber.”

While the woman types in the de­tails, her ac­com­plice dis­tracts the staff mem­ber.

It is over in a mat­ter of sec­onds and the women walk out of the store with thou­sands of dol­lars worth of cam­eras charged to an al­legedly stolen credit card.

Lid­dio said he was “ab­so­lutely gut­ted” when he re­alised what had hap­pened.

The two women were joined by a third when they were also caught on film al­legedly pulling the same scam at a dif­fer­ent cam­era place across town.

VO Cam­era store owner Russell said the women walked away with three cam­eras worth $21,000.

This time the women were faced with a touch­screen Eft­pos ma­chine but it seemed that even newer ma­chine mod­els can be used in the trick.

“She takes her card and she in­serts it into the ma­chine, then she does a dou­ble swipe down from the top,” Russell said.

“Man­ual card en­try, man­u­ally keys in the de­tails of the stolen credit card, 16 dig­its, ex­piry date, then ap­prove.”

When Russell con­tacted the Com­mon­wealth Bank he was re­port­edly told the ma­chines could not be pro­tected from this type of fraud and it was on the em­ployer to en­sure they were be­ing used cor­rectly.

“I don’t think it’s a good enough re­sponse. It bor­ders on an ad­mis­sion of li­a­bil­ity from the Com­mon­wealth Bank,” he said. “Th­ese ma­chines have a se­cu­rity loop­hole, in my opin­ion, and the Com­mon­wealth Bank knows about it.”

In a state­ment, the Com­mon­wealth Bank said the man­ual pay­ment op­tion was avail­able in case a card was dam­aged or the other op­tions on the ma­chine were not work­ing.

“As part of the mer­chant agree­ment, the mer­chant agrees to take on li­a­bil­ity for mis­use of the ter­mi­nal, in­clud­ing fraud­u­lent ac­tiv­ity,” the state­ment read.

“Given the rise in fraud­u­lent use of the man­ual func­tion across the in­dus­try, and the preva­lent ac­cep­tance of con­tact­less trans­ac­tions, CBA is cur­rently re­view­ing how it can fur­ther as­sist mer­chants mit­i­gate ex­ploita­tion of the man­ual func­tion.”

Photo: iStock

An Eft­pos se­cu­rity loop­hole is be­ing used by scam­mers to steal thou­sands of dol­lars from Aussie busi­nesses.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.