While counter-fraud professionals tend to focus on fighting headline-grabbing fraud activity originating from retailer breaches or new mobile payment platforms, it is not irresponsible to suggest some less sophisticated schemes may be flying under the radar of fraud detection thresholds. Card cracking has remained one of these subtle schemes, and it is picking up momentum throughout the U.S. Originating from the South Side of Chicago, according to the FBI, the tactic is used by organized crime syndicates to defraud financial institutions of millions of dollars, albeit one account at a time.
Card cracking, also commonly referred to as card popping, is a debit card fraud scheme in which the perpetrators convince bank account owners to give up their debit card and PIN in exchange for a kickback. The orchestrators of the scheme often employ money mules to deposit counterfeit checks or money orders into the consumer’s account at an ATM or over the counter in a bank branch. Armed with the account holder’s debit card and PIN, the mules visit ATMs, currency exchanges or retailer point-of-sale terminals to extract the funds the bank makes available from the deposited counterfeit items. The organizers of the scheme instruct the account holder to file a lost or stolen report with the bank, which provides the consumer with protection from fraud losses under Regulation E of the Code of Federal Regulations, according to the American Bankers Association.
Card-cracking fraudsters leverage the sharing culture of today’s social media community to assist with perpetrating the fraud. Social media platforms provide continuous access into our lives through text, pictures and video. The fraudsters use the platforms to depict a life of luxury, posting pictures and videos of expensive cars, jewelry and clothing. What really draws the interest of complicit account holders are the pictures of stacks of cash posted to social media accounts. Reports have suggested popular hip-hop artists from the South Side of Chicago have also raised awareness to the scheme through song lyrics.
With sometimes tens of thousands of social media followers, the fraudsters’ prominence in the social media community provides an expansive network of potential recruits to participate in the card cracking scheme. From a digital marketing perspective, the costs per impression are materially insignificant, with high return on investment potential. Recent warnings coming out of Chicago cautioned college students to avoid becoming complicit participants in the scheme. However, as card cracking has spread to other large cities in the U.S., the profile of the willing participant has expanded.
After establishing the image of a luxurious life filled with free-flowing piles of cash and expensive cars historically reserved for celebrities and the independently wealthy, the fraudsters invite their social media followers to participate in the lifestyle. They openly solicit their followers to join the scheme by posting messages such as, “If you wanna make 1900 all u would have to do is open up a citi bank account n they will give u a temp card we would be able to do it the next day.” Another common recruitment message is: “interested in making 2k-10k in 24-48 hours DM or Text Me ###-###-#### All you need is an activity checking account could be slightly negative or empty.” Conversations are then taken out of the public eye as the fraudsters provide instructions to the recruit.
Combating Card Cracking
Card cracking remains an unsophisticated yet lucrative fraud scheme for organized crime groups. The fraud is usually committed one account at a time, which often dissuades financial institutions from performing the necessary link analysis to identify the organized attack. The account holders file lost or stolen fraud claims with the banks, and the activity flies under bank thresholds that would trigger deeper investigations.
One way financial institutions can start fighting back against card-cracking rings is by performing content analytics on their lost or stolen fraud claims databases. Counter-fraud management solutions can automate the data mining of fraud claims databases and surface insights that remain undetected due to internal service level agreements and investigation thresholds. Card-cracking rings are often identified through link analysis on the phone channel of financial institutions. However, most organizations look at the fraud as one-off claims and don’t perform the necessary investigative work.
Financial Crimes Intelligence Specialist, IBM