Debit cards and credit cards have become an integral part of our daily lives. In September 2016, there were 1.3 billion card transactions which amounted to £57.4 billion. But, what exactly makes up our payment cards and how secure are they when we use them?

There are three different things a potential fraudster would be looking to get their hands on:

  • The magnetic strip
  • The chip
  • The long card number (PAN), along with the expiry date and 3 digit security code.

Front of a payment card:

Back of a payment card:

The magnetic strip

The magnetic strip is located on the back of the card, at the top. The magnetic strip contains everything a criminal needs to be able to clone your card. Within the data stored is your long card number, the expiry date and your 3 digit security code. 

Before the days of chip and PIN, merchants would swipe your card down the side of a machine. The data was then transmitted away to complete a transaction. If this transmission was intercepted by a third party, they would be able to steal your cards data. 

They could do this by manipulating the physical point of sale terminal. The introduction of chip and PIN all but wiped out this form of payment fraud.

The chip

The chip carries an equivalent to what’s on the magnetic strip. When you put the chip into a machine to make a payment, that information is then transmitted the same way as a magnetic strip. If the data is not properly protected in transit, it can be stolen.

Luckily, companies such as Verifone ensure that everything is encrypted as it travels. They're very difficult to hack or physically manipulate, which makes them less of a target for criminals.  These chip and PIN machines have so much effort put into protecting them that they are basically bullet proof.

Long card number/Expiry date/Security code

The easiest way for fraudsters and hackers to get this data is to simply wait for us to input it into a website. Using different types of Malware, Webshells, Keyloggers, Spyware and more, they’re able to obtain our private data and use it for their benefit. 

Online based fraud is rife in todays world. In 2016, 277 banks and businesses recorded 173,000 instances of fraud in the UK, which equates to 473 cases every single day. 

Face to face fraud where you clone a card and then go on a shopping spree, doesn’t happen as much in this country anymore. A lot of the UK’s fraud is online; advancements and integration of technology has made things easier for fraudsters. 

Gone are the days where they would have to pretend to be a waiter, hijack all the cards and then put themselves at risk with being seen. 

They used to have to physically take the card and then spend it. Now somebody can sit in a cave with a WiFi connection and steal as much data as they like. It's much more difficult to prosecute them and they can't be seen because its all done remotely.