While counter-fraud professionals tend to focus on fighting headline-grabbing fraud activity originating from retailer breaches or new mobile payment platforms, it is not irresponsible to suggest some less sophisticated schemes may be flying under the radar of fraud detection thresholds. Card cracking has remained one of these subtle schemes, and it is picking up momentum throughout the U.S. Originating from the South Side of Chicago, according to the FBI, the tactic is used by organized crime syndicates to defraud financial institutions of millions of dollars, albeit one account at a time.

Card Cracking?

Card cracking, also commonly referred to as card popping, is a debit card fraud scheme in which the perpetrators convince bank account owners to give up their debit card and PIN in exchange for a kickback. The orchestrators of the scheme often employ money mules to deposit counterfeit checks or money orders into the consumer’s account at an ATM or over the counter in a bank branch. Armed with the account holder’s debit card and PIN, the mules visit ATMs, currency exchanges or retailer point-of-sale terminals to extract the funds the bank makes available from the deposited counterfeit items. The organizers of the scheme instruct the account holder to file a lost or stolen report with the bank, which provides the consumer with protection from fraud losses under Regulation E of the Code of Federal Regulations, according to the American Bankers Association.

The Lure

Card-cracking fraudsters leverage the sharing culture of today’s social media community to assist with perpetrating the fraud. Social media platforms provide continuous access into our lives through text, pictures and video. The fraudsters use the platforms to depict a life of luxury, posting pictures and videos of expensive cars, jewelry and clothing. What really draws the interest of complicit account holders are the pictures of stacks of cash posted to social media accounts. Reports have suggested popular hip-hop artists from the South Side of Chicago have also raised awareness to the scheme through song lyrics.

The Recruitment

With sometimes tens of thousands of social media followers, the fraudsters’ prominence in the social media community provides an expansive network of potential recruits to participate in the card cracking scheme. From a digital marketing perspective, the costs per impression are materially insignificant, with high return on investment potential. Recent warnings coming out of Chicago cautioned college students to avoid becoming complicit participants in the scheme. However, as card cracking has spread to other large cities in the U.S., the profile of the willing participant has expanded.

After establishing the image of a luxurious life filled with free-flowing piles of cash and expensive cars historically reserved for celebrities and the independently wealthy, the fraudsters invite their social media followers to participate in the lifestyle. They openly solicit their followers to join the scheme by posting messages such as, “If you wanna make 1900 all u would have to do is open up a citi bank account n they will give u a temp card we would be able to do it the next day.” Another common recruitment message is: “interested in making 2k-10k in 24-48 hours DM or Text Me ###-###-#### All you need is an activity checking account could be slightly negative or empty.” Conversations are then taken out of the public eye as the fraudsters provide instructions to the recruit.

Combating Card Cracking

Card cracking remains an unsophisticated yet lucrative fraud scheme for organized crime groups. The fraud is usually committed one account at a time, which often dissuades financial institutions from performing the necessary link analysis to identify the organized attack. The account holders file lost or stolen fraud claims with the banks, and the activity flies under bank thresholds that would trigger deeper investigations.

One way financial institutions can start fighting back against card-cracking rings is by performing content analytics on their lost or stolen fraud claims databases. Counter-fraud management solutions can automate the data mining of fraud claims databases and surface insights that remain undetected due to internal service level agreements and investigation thresholds. Card-cracking rings are often identified through link analysis on the phone channel of financial institutions. However, most organizations look at the fraud as one-off claims and don’t perform the necessary investigative work.

More from Banking & Finance

How the ZeuS Trojan Info Stealer Changed Cybersecurity

4 min read - Information stealer malware is a type of malicious software designed to collect sensitive information from a victim’s computer. Also known as info stealers, data stealers or data-stealing malware, this software is true to its name: after infecting a computer or device, it’s highly adept at exfiltrating login credentials, financial information and personal data. Info stealers typically operate by monitoring keyboard input, capturing screenshots and intercepting network traffic. They may also search a hard drive for specific types of data. The…

4 min read

2022 Industry Threat Recap: Finance and Insurance

5 min read - The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…

5 min read

How to Spot a Nefarious Cryptocurrency Platform

4 min read - Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

4 min read

Kronos Malware Reemerges with Increased Functionality

6 min read - The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

6 min read