What Is Cloning?

Cloning is the copying of stolen credit or debit card information to a new card. Cloning is also called skimming and requires copying information at a credit card terminal using an electronic device or software, then transferring the information from the stolen card to a new card or to rewrite an existing card with the information.

Key Takeaways

  • Cloning, also called skimming, is the copying of credit or debit card info to a new card. 
  • The card information is stolen at the credit card terminal using software or electronic device and copied onto a new card. 
  • With cloning the physical card isn’t stolen, merely copied. 
  • Chip cards, or EMV cards, were created to prevent cloning. 

How Cloning Works

Cloning employs an electronic device to scan the card, so it does not require the physical card to be stolen. An employee would use a portable reader to scan the card prior to inserting it into a credit card terminal. This allows the information on a magnetic stripe card, which is typically encrypted during the transaction process, to be recorded in the device memory.

Once the information is recorded it can be transferred onto the magnetic strip of a new card or can be used to overwrite data on an already stolen credit card. For cards that use a personal identification number (PIN) number in addition to a magnetic strip, such as debit cards, the PIN would need to be observed and recorded. This is sometimes 

Special Considerations

A chip card is a standard-size plastic debit card or credit card that contains an embedded microchip as well as a traditional magnetic stripe. Chip cards also are referred to as smart cards or EMV cards. EMV stands for Europay, MasterCard, Visa. It is the global standard for chip-based debit and credit transactions. The chip encrypts information to increase data security when making transactions at terminals or ATMs that are chip-enabled. 

Chip card technology provides an additional layer of security when used at a chip-enabled terminal. Chip technology may help reduce certain types of fraud resulting from data breaches; however, it will not prevent a data breach. The chip makes the transaction more secure by encrypting information when completing a transaction at a chip-enabled terminal. As a result, both chip and pin as well as chip and signature transactions offer enhanced security against counterfeiting.

EMV cards employ an authentication protocol that requires point-of-sale (POS) terminals or automated teller machines (ATMs) to generate a nonce, called the unpredictable number, for each transaction to ensure it is new. Some EMV implementers have used simple counters, timestamps or algorithms to supply this number. This exposes them to a so-called pre-play attack that is indistinguishable from card cloning because it accesses the logs available to the card-issuing bank, and can be carried out even if it is impossible to clone a card physically, extracting the account information and loading it into another card. Card cloning is the type of fraud that EMV was designed to prevent.