While counter-fraud professionals tend to focus on fighting headline-grabbing fraud activity originating from retailer breaches or new mobile payment platforms, it is not irresponsible to suggest some less sophisticated schemes may be flying under the radar of fraud detection thresholds. Card cracking has remained one of these subtle schemes, and it is picking up momentum throughout the U.S. Originating from the South Side of Chicago, according to the FBI, the tactic is used by organized crime syndicates to defraud financial institutions of millions of dollars, albeit one account at a time.

Card Cracking?

Card cracking, also commonly referred to as card popping, is a debit card fraud scheme in which the perpetrators convince bank account owners to give up their debit card and PIN in exchange for a kickback. The orchestrators of the scheme often employ money mules to deposit counterfeit checks or money orders into the consumer’s account at an ATM or over the counter in a bank branch. Armed with the account holder’s debit card and PIN, the mules visit ATMs, currency exchanges or retailer point-of-sale terminals to extract the funds the bank makes available from the deposited counterfeit items. The organizers of the scheme instruct the account holder to file a lost or stolen report with the bank, which provides the consumer with protection from fraud losses under Regulation E of the Code of Federal Regulations, according to the American Bankers Association.

The Lure

Card-cracking fraudsters leverage the sharing culture of today’s social media community to assist with perpetrating the fraud. Social media platforms provide continuous access into our lives through text, pictures and video. The fraudsters use the platforms to depict a life of luxury, posting pictures and videos of expensive cars, jewelry and clothing. What really draws the interest of complicit account holders are the pictures of stacks of cash posted to social media accounts. Reports have suggested popular hip-hop artists from the South Side of Chicago have also raised awareness to the scheme through song lyrics.

The Recruitment

With sometimes tens of thousands of social media followers, the fraudsters’ prominence in the social media community provides an expansive network of potential recruits to participate in the card cracking scheme. From a digital marketing perspective, the costs per impression are materially insignificant, with high return on investment potential. Recent warnings coming out of Chicago cautioned college students to avoid becoming complicit participants in the scheme. However, as card cracking has spread to other large cities in the U.S., the profile of the willing participant has expanded.

After establishing the image of a luxurious life filled with free-flowing piles of cash and expensive cars historically reserved for celebrities and the independently wealthy, the fraudsters invite their social media followers to participate in the lifestyle. They openly solicit their followers to join the scheme by posting messages such as, “If you wanna make 1900 all u would have to do is open up a citi bank account n they will give u a temp card we would be able to do it the next day.” Another common recruitment message is: “interested in making 2k-10k in 24-48 hours DM or Text Me ###-###-#### All you need is an activity checking account could be slightly negative or empty.” Conversations are then taken out of the public eye as the fraudsters provide instructions to the recruit.

Combating Card Cracking

Card cracking remains an unsophisticated yet lucrative fraud scheme for organized crime groups. The fraud is usually committed one account at a time, which often dissuades financial institutions from performing the necessary link analysis to identify the organized attack. The account holders file lost or stolen fraud claims with the banks, and the activity flies under bank thresholds that would trigger deeper investigations.

One way financial institutions can start fighting back against card-cracking rings is by performing content analytics on their lost or stolen fraud claims databases. Counter-fraud management solutions can automate the data mining of fraud claims databases and surface insights that remain undetected due to internal service level agreements and investigation thresholds. Card-cracking rings are often identified through link analysis on the phone channel of financial institutions. However, most organizations look at the fraud as one-off claims and don’t perform the necessary investigative work.

More from Banking & Finance

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today