While counter-fraud professionals tend to focus on fighting headline-grabbing fraud activity originating from retailer breaches or new mobile payment platforms, it is not irresponsible to suggest some less sophisticated schemes may be flying under the radar of fraud detection thresholds. Card cracking has remained one of these subtle schemes, and it is picking up momentum throughout the U.S. Originating from the South Side of Chicago, according to the FBI, the tactic is used by organized crime syndicates to defraud financial institutions of millions of dollars, albeit one account at a time.

Card Cracking?

Card cracking, also commonly referred to as card popping, is a debit card fraud scheme in which the perpetrators convince bank account owners to give up their debit card and PIN in exchange for a kickback. The orchestrators of the scheme often employ money mules to deposit counterfeit checks or money orders into the consumer’s account at an ATM or over the counter in a bank branch. Armed with the account holder’s debit card and PIN, the mules visit ATMs, currency exchanges or retailer point-of-sale terminals to extract the funds the bank makes available from the deposited counterfeit items. The organizers of the scheme instruct the account holder to file a lost or stolen report with the bank, which provides the consumer with protection from fraud losses under Regulation E of the Code of Federal Regulations, according to the American Bankers Association.

The Lure

Card-cracking fraudsters leverage the sharing culture of today’s social media community to assist with perpetrating the fraud. Social media platforms provide continuous access into our lives through text, pictures and video. The fraudsters use the platforms to depict a life of luxury, posting pictures and videos of expensive cars, jewelry and clothing. What really draws the interest of complicit account holders are the pictures of stacks of cash posted to social media accounts. Reports have suggested popular hip-hop artists from the South Side of Chicago have also raised awareness to the scheme through song lyrics.

The Recruitment

With sometimes tens of thousands of social media followers, the fraudsters’ prominence in the social media community provides an expansive network of potential recruits to participate in the card cracking scheme. From a digital marketing perspective, the costs per impression are materially insignificant, with high return on investment potential. Recent warnings coming out of Chicago cautioned college students to avoid becoming complicit participants in the scheme. However, as card cracking has spread to other large cities in the U.S., the profile of the willing participant has expanded.

After establishing the image of a luxurious life filled with free-flowing piles of cash and expensive cars historically reserved for celebrities and the independently wealthy, the fraudsters invite their social media followers to participate in the lifestyle. They openly solicit their followers to join the scheme by posting messages such as, “If you wanna make 1900 all u would have to do is open up a citi bank account n they will give u a temp card we would be able to do it the next day.” Another common recruitment message is: “interested in making 2k-10k in 24-48 hours DM or Text Me ###-###-#### All you need is an activity checking account could be slightly negative or empty.” Conversations are then taken out of the public eye as the fraudsters provide instructions to the recruit.

Combating Card Cracking

Card cracking remains an unsophisticated yet lucrative fraud scheme for organized crime groups. The fraud is usually committed one account at a time, which often dissuades financial institutions from performing the necessary link analysis to identify the organized attack. The account holders file lost or stolen fraud claims with the banks, and the activity flies under bank thresholds that would trigger deeper investigations.

One way financial institutions can start fighting back against card-cracking rings is by performing content analytics on their lost or stolen fraud claims databases. Counter-fraud management solutions can automate the data mining of fraud claims databases and surface insights that remain undetected due to internal service level agreements and investigation thresholds. Card-cracking rings are often identified through link analysis on the phone channel of financial institutions. However, most organizations look at the fraud as one-off claims and don’t perform the necessary investigative work.

More from Banking & Finance

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today