What Is Credit Card Cloning?

Credit card cloning refers to making an unauthorized copy of a credit card. This practice is also sometimes called skimming. Thieves copy information at a credit card terminal using an electronic device and transfer the data from the stolen card to a new card or rewrite an existing card with the information.

Unfortunately, cloning and related forms of theft have become increasingly widespread in recent decades. Thankfully, security improvements—such as the use of personal identification numbers (PINs) and chip cards—have helped to protect against these types of attacks.

Key Takeaways

  • Cloning is a type of credit card theft in which the thief makes a digital copy of the credit card information using a concealed or disguised electronic scanner.
  • Security improvements—such as the use of chip cards—have helped disrupt this type of theft.
  • Successful thieves can sell the cloned information on the underground market, or download it onto other credit cards in order to make unauthorized purchases.

How Credit Card Cloning Works

From the perspective of the thieves, cloning can be a very effective way to obtain credit card information, because it does not require the physical credit card to be stolen. Instead, they simply use an electronic device to covertly scan the card's information and copy it into the device’s memory. The thieves can then access that information digitally, or else download the information onto a separate credit card that is already in their possession.

Once the information is recorded it can be transferred onto the magnetic strip of a new card or can be used to overwrite data on an already stolen credit card. For cards that use a personal identification number (PIN) number in addition to a magnetic strip, such as debit cards, the PIN would need to be observed and recorded. This is sometimes difficult to accomplish, adding additional protection against having your card compromised.

Of course, modern security enhancements have made it more difficult for would-be thieves to carry out cloning. Modern chip cards—which have embedded microchips that contain their sensitive information—are much harder to compromise because the data they contain is encrypted within the chip itself. This means that even if the thieves successfully access the chip card, they would not be able to use the information they stole. But even this type of technology isn't foolproof.

Still, older models of credit cards that only have magnetic stripes make for much easier targets.

In recent years thieves have figured out how to target chip cards through a practice called shimming. Fraudsters insert a paper-thin device, known as a shim, into a card reader slot that copies the information on a chip card.

Example of Cloning

A popular method that thieves use is installing hidden scanners onto legitimate card-reading devices such as gas station pumps, automated teller machines (ATMs), or the point-of-sale (POS) machines common in most retail stores.

What makes these attacks particularly insidious is that they do not require the cooperation of the personnel working at those stores. Instead, those orchestrating the attack can simply collect data on an ongoing basis from the hidden scanners, without the customers, employees, or business owners being aware of the source of the breach.

How to Protect Yourself Against Credit Card Cloning

You can defend against credit card cloning by taking the following precautions:

Inspect any card reader you use

Take a moment to inspect the card reader. If something looks suspicious, don’t use it. For example, some skimming devices can be bulky.

Monitor your credit card account

Monitor your accounts for fraud. Check your balance and recent transactions online often, even daily.

Sign up for alerts

Sign up for alerts with your bank or card issuer. Your bank will then contact you by email or text message when certain activity occurs on your accounts, such as a withdrawal or charge exceeding an amount you specify.

Stick to bank ATMs

Only use ATMs that are associated with a bank. Avoid potential “skimming” locations such as gas stations and deli kiosks.

Use a chip reader

Always use a chip reader rather than swiping your card. While cloning is still possible with a chip card, it is less likely to occur.

Opt for contactless payment

If your credit or debit cards have a contactless payment feature, use it instead of inserting your card into a terminal.

Chip cards are also known as EMV cards—short for Europay, MasterCard, and Visa. These three companies collaborated to produce a global protocol for credit card security that is widely used today.

What to Do When Your Credit Card Is Cloned

If you believe your card has been cloned, your credit card company or bank should be the first call you make. The more quickly you cancel the card, the less time thieves have to rack up charges.

The good news is that consumers are not typically responsible for the amounts lost in cases of credit card fraud. The Fair Credit Billing Act limits the liability to $50 if the theft is reported.