While counter-fraud professionals tend to focus on fighting headline-grabbing fraud activity originating from retailer breaches or new mobile payment platforms, it is not irresponsible to suggest some less sophisticated schemes may be flying under the radar of fraud detection thresholds. Card cracking has remained one of these subtle schemes, and it is picking up momentum throughout the U.S. Originating from the South Side of Chicago, according to the FBI, the tactic is used by organized crime syndicates to defraud financial institutions of millions of dollars, albeit one account at a time.

Card Cracking?

Card cracking, also commonly referred to as card popping, is a debit card fraud scheme in which the perpetrators convince bank account owners to give up their debit card and PIN in exchange for a kickback. The orchestrators of the scheme often employ money mules to deposit counterfeit checks or money orders into the consumer’s account at an ATM or over the counter in a bank branch. Armed with the account holder’s debit card and PIN, the mules visit ATMs, currency exchanges or retailer point-of-sale terminals to extract the funds the bank makes available from the deposited counterfeit items. The organizers of the scheme instruct the account holder to file a lost or stolen report with the bank, which provides the consumer with protection from fraud losses under Regulation E of the Code of Federal Regulations, according to the American Bankers Association.

The Lure

Card-cracking fraudsters leverage the sharing culture of today’s social media community to assist with perpetrating the fraud. Social media platforms provide continuous access into our lives through text, pictures and video. The fraudsters use the platforms to depict a life of luxury, posting pictures and videos of expensive cars, jewelry and clothing. What really draws the interest of complicit account holders are the pictures of stacks of cash posted to social media accounts. Reports have suggested popular hip-hop artists from the South Side of Chicago have also raised awareness to the scheme through song lyrics.

The Recruitment

With sometimes tens of thousands of social media followers, the fraudsters’ prominence in the social media community provides an expansive network of potential recruits to participate in the card cracking scheme. From a digital marketing perspective, the costs per impression are materially insignificant, with high return on investment potential. Recent warnings coming out of Chicago cautioned college students to avoid becoming complicit participants in the scheme. However, as card cracking has spread to other large cities in the U.S., the profile of the willing participant has expanded.

After establishing the image of a luxurious life filled with free-flowing piles of cash and expensive cars historically reserved for celebrities and the independently wealthy, the fraudsters invite their social media followers to participate in the lifestyle. They openly solicit their followers to join the scheme by posting messages such as, “If you wanna make 1900 all u would have to do is open up a citi bank account n they will give u a temp card we would be able to do it the next day.” Another common recruitment message is: “interested in making 2k-10k in 24-48 hours DM or Text Me ###-###-#### All you need is an activity checking account could be slightly negative or empty.” Conversations are then taken out of the public eye as the fraudsters provide instructions to the recruit.

Combating Card Cracking

Card cracking remains an unsophisticated yet lucrative fraud scheme for organized crime groups. The fraud is usually committed one account at a time, which often dissuades financial institutions from performing the necessary link analysis to identify the organized attack. The account holders file lost or stolen fraud claims with the banks, and the activity flies under bank thresholds that would trigger deeper investigations.

One way financial institutions can start fighting back against card-cracking rings is by performing content analytics on their lost or stolen fraud claims databases. Counter-fraud management solutions can automate the data mining of fraud claims databases and surface insights that remain undetected due to internal service level agreements and investigation thresholds. Card-cracking rings are often identified through link analysis on the phone channel of financial institutions. However, most organizations look at the fraud as one-off claims and don’t perform the necessary investigative work.

More from Banking & Finance

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today