Cybercriminals have come up with a new way to hide stolen credit card data. Disclosed by the U.S. Secret Service, the scammers are now using barcodes affixed to phony rewards cards to hide the stolen card information.
What does the alert say?
The alert sent to law enforcement agencies documented a recent fraud incident in Texas involving a counterfeit club membership card containing a barcode and a card expiration date and CVV printed below the barcode.
The fake card was used to make payment for merchandise.
“They instruct the cashier to select card payment, scan the barcode, then enter the expiration date and CVV. In this instance, the barcode was encoded with a VISA credit card number,” reads the alert from U.S Secret Service, KrebsonSecurity reported.
What’s the catch?
The instructions on the phony rewards card are designed in such a way to make the cashiers believe that it is a payment alternative designed for use at specific stores such as Sam’s Club and Walmart stores.
When the transaction is made through a fake rewards card, it is recorded as card-not-present and the scammer makes away with the purchases.
This new fraudulent activity appears to be an evolution of the traditional card-not-present fraud. The alert further explains that the barcodes can also be used to store a subject’s cell phone number.
“Additionally, the barcodes could be stored on the subject’s cell phone. If barcodes are discovered in the field, it could be beneficial to utilize a barcode scanning app to check the barcode for credit card data,” the alert explains.