The Cloning of Credit Cards: The Dolly of the Electronic Era

JurisdictionSouth Africa
Date27 May 2019
Pages331-346
AuthorCharnelle van der Bijl
Citation(2007) 18 Stell LR 331
Published date27 May 2019
THE CLONING OF CREDIT CARDS: THE
DOLLY OF THE ELECTRONIC ERA
Charnelle van der Bijl
BLC LLB LLD
Senior Lecturer, Department of Mercantile law, University of Stellenbosch
1 Introduction
The long-awaited and much-anticipated EMV (Europay, Mastercard and
Visa) system aimed at combating credit and debit card fraud has recently
been launched by ABSA. VISA branded debit cards will contain a special
chip and transactions will be veried, using a four-digit personal identica-
tion number, which will be keyed in instead of the signing of receipts.1 The
introduction of the EMV bank chip smart card system, which is to replace
magnetic stripe cards with microchip cards, is aimed at eliminating the risks
of unauthorised use.2 A smart card is a plastic card based on cryptography
with a microcomputer chip in it, which is swiped at a payment terminal, or
smart card reader that veries the smart card as being genuine by sending
a random code. This code in turn is responded to by the microchip, which
together with a security access code such as a PIN (Personal Identication
Number), acts as a type of secret key.3 Smart card technology therefore refers
to the microcomputer-embedded technology linked to the card rather than to
the purpose of the card.4
The cloning of payment instruments poses a formidable challenge to banks
and consumers. The cloning of credit and debit cards is often referred to as
skimming, which entails that the magnetic strip on the back of a credit card is
copied using a hand held card reader.5 Magnetic-stripe card technology is there-
fore awed in the sense that the data stored on the stripe can be altered by a per-
son who has access to the device which records the information and the mag-
netic-stripe credit card can be replicated (cloned) on a personal computer.6
1 “ABSA, VISA Launch Pro duct to Curb Card ‘Sk imming’” Busine ss Day Friday May 4 2007 19. See also
Schulze “E Money and Electro nic Fund Transfer s” 2004 16 SA Merc LJ 50 54-56 for a di scussion of the
nature of sma rt cards.
2 Schulze 2004 16 SA Merc LJ 53 and n 21. See further Havenga & Havenga , Kelbrick, McGregor, Schulze ,
Van der Linde & Van der Merwe General Principle s of Commercial Law (2004) 390-391. EMV (Europay,
Mastercar d and Visa) is a global card standard that has bee n accepted by South Africa , but which remains
to be f ully implem ented despit e the imple mentation da te being 1 January 2005. This card has a digital
signatur e, and transac tion slips will no longe r be needed.
3 Havenga et al Komm ersiële Reg 410-411. Schulze 2004 16 SA Merc L J 55. See also Schulze “Sma rtcards
and E-money: New D evelopments Bring New P roblems” 2004 16 SA Merc L J 703 707.
4 Schulze 200 4 16 SA Merc LJ 53.
5 Business Da y Friday May 4 2007 19.
6 Schulze 200 4 16 SA Merc LJ 55.
331
(2007) 18 Stell LR 331
© Juta and Company (Pty) Ltd
Following on from our previous article on cloned cheques,7 the focus of this
article will be on cloned credit cards. It will be investigated whether the EMV
system is a miracle cure to credit card cloning in particular, or whether pitfalls
exist, which need to be guarded against. During the transition period from
the current credit card system to the bank chip smart card, it will no doubt be
important to ensure that both types of credit card are interoperable and that ter-
minals would be able to accept both magnetic stripes and magnetic chips.8 This
in itself will not be without its own challenges, especially as far as the preven-
tion of cloned credit cards is concerned, as has since been discovered in France
and the United Kingdom which already implement the EMV system.9
In France, algorithmic research (ARX) has uncovered security problems
related to the exposure of PIN codes of magnetic stripe and EMV cards used
at ATM’s (Automated Teller Machines).10 Anyone with access to the PIN veri-
cation facility could use hardware to reveal the PIN codes and either perpe-
trate fraudulent transactions or manufacture cards with different PIN codes
to those of the legitimate cards.11 The French system experienced further set-
backs as some electric point terminals used for smart cards still had magnetic
swipe readers. The reason for this is that certain ATM cash terminals were only
able to use data stored on the cards’ magnetic stripe due to incompatibility
problems with cards embedded with chip technology.12 Serge Humpich, a 36
year-old engineer, discovered aws in the smart card microchip system used in
France and actually managed to crack the French banking smart card system
by fabricating a fake smartcard that was recognised by electronic point of sale
terminals.13
A further report on fraud-related EMV payment, perpetrated at petrol sta-
tions with unattended payment terminals, has been made in the United King-
dom. Money has reportedly been stolen from customers after their payment
card data was skimmed (cloned). The reason cited for this is that the cards
were swiped through a magnetic stripe reader, which captured the data. In the
process, the terminal also detected whether a chip was present and the transac-
7 Pretoriu s & Van der Bijl “A New Mode of Forgery: The Ri se of Cloned and Washed Che ques” 2006 18:2
SA Merc LJ 196.
8 Schulze 200 4 16 SA Merc LJ 56.
9 “Card Techn ology” Newsr oom Global Newswatch vol 11 06/01/06 C ard Tech 8 2006 WLN R 9391895;
“French Card Ha cker Convicted” ava ilable at http://ww w.theregister.co.uk/ 2000/02/26/frenc h_card_
hacker_convic ted (accessed 10 May 2007).
10 “Algorithmic Research Reveals PIN Proc essing Weak ness tha t Allow Payment-Card Fraud” available
at http:// www.smartca rdstrends.co m/det_atc.php?idu (accessed 8 M ay 2007). Se e also Dine rs Club SA
(Pty) Ltd v Singh 20 04 3 SA 630 (D).
11 “Algorithmic Re search Reveals PIN Processing Weak ness that Allow Pay ment-Card Frau d” available at
http:// www.sma rtcardstr ends.com/det_a tc.php?idu (accessed 8 May 2007 ).
12 “French Card Ha cker Convicted” ava ilable at http://ww w.theregister.co.uk/ 2000/02/26/frenc h_card_
hacker_convic ted (accessed 10 May 2007).
13 “French Card Ha cker Convicted” ava ilable at http://ww w.theregister.co.uk/ 2000/02/26/frenc h_card_
hacker_convic ted (accessed 10 May 2 007). See fur ther “Secur ity: Hackers Re veal How to Forge a Ban k
Card” available at http:// www.tla.ch /TLA/N EWS/2000sec/20 000317credicard.htm. There it is men-
tioned that the informati on hacked included d eciphered c odes which validated forgeries where micr o-
chip-car rying ca rds were fed into ATM’s, or mo bile phone sty le termina ls where amo unts are i mmedi-
ately debited once t he card has been read a nd the PIN number has b een entered. See f urther “Sma rt Card
Crypto Ge nius Sent to Trial” availa ble at http:// the register.co.u k/2000/01/23/smart- card-cry pto-genius-
sent (accessed 8 May 2 007).
332 STELL LR 2007 2
© Juta and Company (Pty) Ltd

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT