Why your credit card’s magnetic strip is vulnerable

Scott Tong May 10, 2013

Why your credit card’s magnetic strip is vulnerable

Scott Tong May 10, 2013

By now, you’ve heard about a global ATM heist for the ages; this complicated operation did $45 million worth of withdrawals.

The high-tech part involved hacking into financial accounts. The low-tech part: making homemade debit cards that get away with it in one important country: ours.

To simplify, this was a two-part crime. The bad guys stole debit card information online, and then pasted that info onto magnetic stripe debit cards. The kind you and I use.

Easy peasy, says fraud analyst Julie Conroy at the Aite Group. You can buy the equipment to do it for $25.

“So you can take any ordinary plastic card,” Conroy says. “It can be an old gift card you’ve gotten. Create your own magnetic stripe. And then use it like any other ATM card.”

This magnetic stripe technology is older than the Ford Pinto. Its vulnerabilities let the presumed crooks in this case make duplicate debit cards to use all at once.

“It was really choreographed,” says financial researcher Brian Riley with CEB Tower Group. “Within the course of ten hours, thousands of transactions passed through. And if you saw the map that was released, it showed a map going straight down Broadway.”

The U.S. is the world’s only advanced economy using magnetic stripes. Every other member of the G20 group of industrialized countries uses a newer technology.

“That puts a chip on the cards,” says fraud consultant Jerry Silva. “And now you had kind of a double layer of security.”

Cards with chips embedded are harder to copy. And they generate a unique code for each transaction, for additional security.

Ideally, American consumers and banks want that.

“But the cost of replacing all of the plastic in this country, the cost of upgrading every ATM to date has exceeded the cost of the fraud itself,” says Silva.

By one estimate, the hardware upgrade would cost around $4 billion. That puts this $45 million case in some perspective.

One reason Americans are in this situation is, we invented credit cards. So we have old infrastructure, a bit like the New York City subway system.

“A lot of times the early adopters are stuck with a generation 1.0 system,” says cybersecurity analyst Chris Wysopal of Veracode. “And I think that’s what we have here.”

Still, higher-tech cards are coming to the U.S. in the next few years, analysts say. They’ve started to hit the market for global travelers, though financial firms still have to work out details of the chip format.

When the new cards do come, no one in the industry believes our fraud problems will be resolved. The hackers will just need to get a little more creative.

We’re here to help you navigate this changed world and economy.

Our mission at Marketplace is to raise the economic intelligence of the country. It’s a tough task, but it’s never been more important.

In the past year, we’ve seen record unemployment, stimulus bills, and reddit users influencing the stock market. Marketplace helps you understand it all, will fact-based, approachable, and unbiased reporting.

Generous support from listeners and readers is what powers our nonprofit news—and your donation today will help provide this essential service. For just $5/month, you can sustain independent journalism that keeps you and thousands of others informed.