Card skimming gang stole 3M euros using ghost PoS terminals

French police supported by Europol’s European Cybercrime Centre (EC3) have arrested 18 members of a criminal gang who were illegally using modified, ’ghost’ point-of-sale (POS) terminals.

The terminals were used to copy and store magnetic strip card data and confidential PIN codes, and then to steal at least EUR 3 million from victims’ accounts. Of the 18 arrestees, 12 were imprisoned after the final raids last week.

The ghost POS terminals were modified by the criminal gang who skimmed and then cloned the cards of unsuspecting customers. The customers handed over their cards, thinking that they were making payments; however the fake devices were off-line and had never been connected to a bank payment network. Instead, the devices copied the customers’ card data, printed fake receipts for them and their cards were then cloned. Alternatively, the customers were not given a fake receipt but informed of a ‘connection error’. Their card was still skimmed and they were then asked for another means of payment.

Forensic analysis of the devices has revealed a highly sophisticated crime. French investigators have disclosed the technical manipulation of the hardware and POS software which actually enables the use of POS as a ghost terminal and for data compromising.

The fake terminals were used in taxi cabs and discount stores to skim card data, and then fraudulent money withdrawals were later made using cloned cards in the Miami area of the United States, Dubai, and in Thailand.

EC3 at Europol provided analytical support including on-the-spot assistance during the final arrests in France. Europol initiated the case at the end of 2013 and also organised a forensic experts’ coordination meeting and training session at its headquarters in The Hague in June 2014.

EC3’s aim at this session was to share knowledge and make Member States’ experts aware of, amongst others, the phenomenon of POS ‘ghost’ terminals. Experts learned about proactive techniques developed to examine equipment used by cybercriminal groups as well as the latest developments in the manipulation of payment devices and terminals.

To reduce the risk of becoming a victim of this type of electronic crime, check your banking transactions regularly and immediately inform your bank of anything suspicious, which could also include a transaction not being debited from your account after you have used your card.