Wednesday, December 26, 2007

Card crooks tap into data wires

First, it was skimmers. Now, credit card crooks in Kolkata may be getting more tech savvy, using wire-tapping gadgets to cash in on unsuspecting card users.

It's a new cause of worry for city police and CID. Wire-tapping is a complicated scheme and much more difficult to track down. It's a technical maze that involves telephone wires, receiving-terminals and a cable line parallel with telephone cables to copy the card details when it is swiped for a transaction.

The first time that the city police got an inkling of fake credit card rackets in Kolkata was when three Bangladeshis were arrested for using a card whose owner was in Singapore. Another fake card was seized in Burrabazar which was in use in New Zealand. Police still have no clue to how this card was copied.

Wire-tapping is the most likely method, they now say. Though they have not identified a racket as yet, cyber sleuths are sure the card racketeers are running a hi-tech operation in the city. Their suspicions were strengthened when a private bank recently held a workshop for CID to discuss fraud techniques.

"We haven't got any case where wire-tapping was used to dupe somebody but we are sure the racketeers are out there. We are trying to find the right technique to detect such crimes and also adopting safe-guard measures," said a senior CID officer.

Wiretapping works in three phases. The first phase involves tapping into the wires of the main server to capture card data as it is processed for a legitimate transaction. The next step is to transfer the encoded data to another server, at the fraudster's end, where it is decoded. In the last phase, the data is used to produce counterfeit cards. The technology is definitely more complicated than a skimmer - a gadget which copies the details of a card from a measured distance. In advanced countries, encrypted cables are installed to prevent telephone wire tapping but awareness is low in India.

"The cable linking the electronic data capturing machine (EDC) and the distribution point box is a very sensitive area which is targeted by the racketeers. When the card is swiped on the EDC, the machine records the financial data in the card's magnetic strip and feeds it to the DP box, from where it moves to the main server of the telephone service provider and is finally transferred to the servers of banks where the transaction is recorded. The hackers target the area between the EDC and the DP box, tap into the wires, steal data and send it to another server," said an anti-fraud officer of a private bank.

Police officers say it is difficult to trace such rackets. "For the first phase, the fraudsters need only a map of the telephone wiring, a receiving terminal and cables matching the ones used by the telephone service provider. These are not very difficult to manage and anybody who has a flair for technology can use it to store the data. High-end technology comes in the next level," said an officer.

Police suspect card fraudsters in Kolkata could be using the technology to copy the data and send it to other cities in India and abroad. They have a good reason to suspect this. In the last one year, such units have been busted in Delhi, Jaipur and Hyderabad. "We heard about it and are looking for effective measures to prevent wire-tapping," said Jawed Shamim, deputy commissioner, detective department. Kolkata Police could also take tips from south-east Asian countries like Thailand and Philippines, where such rackets are active and where law enforcement agencies have more experience in handling such crimes.
 
SOURCE TOI