View Full Version : BOLEH-ISM, the wrong way

19-10-2004, 12:03 PM
from nst

Credit-card fraudsters use creative homegrown device
Koh Lay Chin KUALA LUMPUR, Oct 16:

Imagine a gadget that taps phone lines to steal credit-card information, and
then sends an SMS detailing the data to fraudsters each time there is a

No, the device is not the stuff of movies. It is among the latest inventions
by Malaysian credit-card syndicates to surprise fraud squad officers from
England and other countries.

It is a dubious honour but police have acknowledged that the culprits behind
credit-card syndicates are among "the most creative in the world", having
invented unique gadgets like the digital voice recorder (DVR) to tap phone
lines, and another "rare device" which transfers the tapped data
automatically via SMS to fraudsters.

The latter is so rare that police here have not named the device yet,
calling it a "wire-tapping transmitter" of sorts.

Assistant Superintendent Wooi Kooi Cheang of the Commercial Crime
Investigation Division said the device had been surfacing since May and
functioned like a handphone as it used a SIM card to transmit credit-card
information from the merchant's phone lines to the data thieves.

"With the DVR, the fraudsters connect the device to the merchant's telephone
line, which sends data to the bank. So any transaction conducted by the
merchant is copied by the DVR, which can run for nine hours.

"If you only have the DVR, someone will have to come and get the device to
download the data to a computer. With the wire-tapping transmitter, no one
has to collect the device. As it is SMS-ing the data to a phone, the
fraudster could be relaxing on a beach somewhere getting all the data," he

These two gadgets are more advanced than previous methods of fraud, such as the chip implants placed in terminals or "skimming".

"They get the parts from countries like Taiwan and Hong Kong but the system
is developed here. In fact, one group of London city police, who specialise
in fighting electronic card crime, visited us and said they had never seen
the chip implants, let alone the DVR and the transmitter. They said it was
new to them," he said.

These devices use a weakness in credit-card transactions using point-of-sale
terminals to their advantage, as the information sent to the financial
institution is in clear text and readable to those who know how to get it.

When a merchant dials up a connection to his bank, there is a sound made
that is not unlike the sound when faxes or modems connect. This sound is the
modulation signal with the credit-card information on it. Fraudsters record
this sound and can then demodulate and decode the sound to retrieve the

It is hard to nab the culprits in this case, Wooi said, because someone
could come dressed in a uniform to connect a simple and small black box
containing the DVR or transmitter to the lines, looking perfectly
legitimate. By the time anyone gets wind of this, the gadgets would often
have been removed.

But the police are working hard to catch them and are prepared at
international events like the Sepang Formula One.

Superintendent Sharuddin Abdullah, officer in charge of commercial crime
operations in Bukit Aman, said the latest gadgets were a migration in
methods, with line-tapping now favoured because a lot of information and
"much better dividends" could be obtained than by skimming.

Skimming can net around 100 accounts, while line-tapping could steal data of
up to 10,000 accounts, depending on the phone-line traffic.

But the fraudsters' reign with these gadgets might end soon, he said, as all
banks had agreed to implement two measures by the end of this year - the EMV (Europay MasterCard-Visa) chip card, and encrypting credit-card data to
prevent customers' information from being compromised.

What will happen to Malaysia's creative fraudsters when the EMV and
encryption measures are put in place? They would probably move to other
if these syndicate members were to enter a competition for new & creative inventions, they will surely come out tops... :D