What Is Cloning?

Cloning refers to the practice of making an unauthorized copy of a credit card. This practice is also sometimes called skimming. It requires copying information at a credit card terminal using an electronic device or software, then transferring the information from the stolen card to a new card or rewriting an existing card with the information.

Unfortunately, cloning and related forms of theft have become increasingly widespread in recent decades. Thankfully, security improvements—such as the use of personal identification numbers (PINs) and chip cards—have helped to protect against these types of attacks.

Key Takeaways

  • Cloning is a type of credit card theft in which the thief makes a digital copy of the credit card information using a concealed or disguised electronic scanner.
  • Security improvements—such as the use of magnetic chip cards—have helped disrupt this type of theft.
  • Successful thieves can sell the cloned information on the black market, or download it onto other credit cards in order to make unauthorized purchases.

How Cloning Works

From the perspective of the thieves, cloning can be a very effective way to obtain credit card information, because it does not require the physical credit cards to be stolen. Instead, the thieves simply use an electronic device to covertly scan the contents of the card and copy them into the device’s memory. The thieves can then access that information digitally, or else download the information onto a separate credit card that is already in their possession.

Once the information is recorded it can be transferred onto the magnetic strip of a new card or can be used to overwrite data on an already stolen credit card. For cards that use a personal identification number (PIN) number in addition to a magnetic strip, such as debit cards, the PIN would need to be observed and recorded. This is sometimes difficult to accomplish, adding additional protection against having your card compromised

Of course, modern security enhancements have made it more difficult for would-be thieves to carry out this type of theft. For one thing, many cards today require PINs, meaning the thieves would need to correctly guess or observe the victim’s PIN in order to make use of the stolen credit card data. By contrast, older models of credit cards that only have magnetic stripes would make for much easier targets. Similarly, modern chip cards—which have embedded microchips that contain their sensitive information—are much harder to compromise because the data they contain is encrypted within the chip itself. This means that even if the thieves successfully access the chip card, they would not be able to use the information they stole.

Chip cards are also known as “EMV cards”—short for Europay, MasterCard, and Visa. These three companies collaborated to produce a global protocol for credit card security which is still being widely used today.

Example of Cloning

In addition to recruiting accomplices to help them clone customer credit cards, another popular method that thieves use is installing hidden scanners onto legitimate card-reading devices such as gas station pumps, automated teller machines (ATMs), or the point-of-sale (POS) machines common in most retail stores.

What makes these attacks particularly insidious is that they do not require the cooperation of the personnel working at those stores. Instead, those orchestrating the attack can simply collect data on an ongoing basis from the hidden scanners, without the customers, employees, or business owners ever becoming aware of the source of the breach.