A university teacher in Dhaka, who uses a dual currency credit card, was shocked when he saw a text message on his phone in May.
The message said his card was rejected while trying to make a payment at a store in Houston, Texas. The message stunned him because he was sitting in his Dhaka home, and the last time he made a payment outside the country with his card was three years ago.
Zahirul Hoque Mozumder, an associate professor at Dhaka University, received the message on his mobile phone about the withdrawal attempt against his National Bank Limited credit card in Houston at 7:54pm on May 25.
Zahirul, who has been using this dual currency card for five years, contacted the NBL’s call centre but failed to get any satisfactory answer.
“They later said they would change the card,” he said.
Zahirul wondered why they wanted to change the card before it had expired.
“They then said similar incidents had happened with other cardholders and that’s why they were changing it,” he said.
Later, he came to learn that a fraudster or a professional hacker had tried to withdraw money in the US from his credit card.
[caption id="attachment_75074" align="aligncenter" width="762"]
The frauds set up an encoding device within the card swipe machines so that when a card is swiped, the entire digital information of the card is loaded into the device Dhaka Tribune
Seeking anonymity, an official at NBL’s card division told Dhaka Tribune that some cards of the bank had been hacked. He also said some other banks’ clients had faced the same problem and such hacking incidents happen “often.”
The official, however, claimed that the customers had not been harmed in any of the reported incidents.
“We replaced the hacked cards,” the official said.
Like this university teacher, many users of debit cards, credit cards or ATM cards have been victims of card cloning by some international and local gangs.
The hackers and forgers have reportedly bagged several crore takas from different bank accounts in the last few years using sophisticated techniques. Law enforcement agencies have so far nabbed 18 people, including two foreigners, involved in card forgery.
The investigators found that forgers mainly target the long unused accounts in which large amounts sit idle.
This March, 30 people, including six Bangladeshis, were arrested in Queens, New York and charged for credit card and identity theft. Several business owners were among those indicted.
After the Polish national Piotr Szczepan Mazurek alias Thomas Peter was arrested last year along with three bank officials for payment card forgery, law enforcement agencies stumbled onto information about massive networks of card forgers.
“The associates of Piotr are now operating several gangs in the country,” said the investigator of one such card cloning case.
The Rapid Action Battalion in May last year arrested Chinese national Ju Jian Hui from the capital’s Elephant Road, red-handed, when he was withdrawing money with a cloned credit card.
Dhaka Metropolitan Police’s Detective Branch found out last year that a ring stole the information of 1,200 payment cards, of 36 different types, issued by several banks.
The law enforcement agencies then nabbed Piotr and three senior officials of a private bank in this connection.
In the latest development, RAB 10 caught 11 members of a card forgery gang from Dhaka this March.
The gang has an international contact who provides them with technical data, RAB said.
Intelligence agencies said some nationals from USA, UK, Canada, China, Japan, Poland and some other advanced countries are involved with such forgery rings.
“Since it is riskier to do these crimes in first world countries, they target Bangladesh and similar countries,” said some intelligence reports.
“The recently arrested forgers used to make expensive purchases by cloning different local and international payment cards,” said RAB’s Media and Legal Wing Director Commander Mufti Mahmud Khan.
“They also steal digital information from different cards by setting up skimming devices at ATM booths,” he added.
[caption id="attachment_75076" align="aligncenter" width="762"]
Some of the banks in Bangladesh have already introduced EMV cards, but many are yet to do it. Still many countries in the world use magnetic strip cards, which is vulnerable to frauds Dhaka Tribune
The wily use of gaming cards
Shah Aziz Sohel, 36, was trained in card cloning when he was living in Dubai. There he met US citizen and fraudster Erin Limo. Sohel continued with card cloning after returning to Bangladesh. In collusion with Erin and taking in another man named Rana, 24, Sohel started card forgery and identity theft in Bangladesh. The gang cloned foreigner’s international cards to reduce the risk of capture.
Sohel’s foreign cohorts supplied him with the magnetic strip data of international cards. Sohel wrote the track number in blank cards using MSR (Magnetic Strip Reader) machine and made it ready for use.
MSR allows the reading and writing of data in a magnetic strip on a plastic card. The gang took some dishonest shop owners in Bangladesh on board. The shop owners helped them charge the cards and realise the money.
In the March drive, RAB seized 200 cards from various banks, 1,000 blank cards and six card swiping machines and other equipment for making clone cards.
After examining the blank cards, RAB learned that the white plain cards are being used abroad, said RAB 10 Assistant Superintendent of Police Sohrab Hossain.
He explained that the shape of these cards is almost similar to the debit card, credit card or ATM cards. The international and local frauds use the plain cards to clone the real cards.
Shah Mohammad Abdur Rouf, additional deputy commissioner of Chittagong Metropolitan Police, who first nabbed such international money card forgery gang in the country in 2013, had also seized such plain white cards.
He said: “The white cards are actually used as gaming cards abroad.”
How they do it
The frauds first collect the digital information from genuine international payment cards. For this, they have a large group of secondary associates comprising of taxi drivers, shopkeepers and traders.
These members set up an encoding device within the card swipe machines so that when a card is swiped, the entire digital information of the card is loaded into the device.
In the second stage, the forgers collect the digital information from their associates and write the information into a white plain card by a decoding machine.
When this is done, the plain card becomes a clone of the genuine one. The forgers then use the cloned cards to purchase various expensive goods.
A lot of these cards are copied in the US, the UK, Canada, Europe, China, Japan, Singapore, France and UAE where payment cards are more commonly used. Then the information is sent to members of the gangs in Asian and African countries including Bangladesh.
The same process happens in reverse with Bangladeshi cards.
The cloned cardholders use the cards as genuine ones and bag money from the real accounts of different banks. In most cases, they purchase different high-priced valuables from shopping malls where some shopkeepers collude with them.
The original cardholder usually gets a message when an amount is withdrawn from their account, but it is hard to detect when such withdrawal or usage is made with a cloned card abroad.
By the time the owner realises they have been robbed, the forgers are in the wind.
Ahmad Tabshir Chowdhury, senior executive vice-president and head of IT division at One Bank, said: “Some of the banks in Bangladesh have already introduced EMV cards, but many are yet to do it. Still many countries in the world use magnetic strip cards, which is vulnerable to frauds.
“If fraudsters use a cloned card for buying goods and services or cash withdrawal, mobile message would be sent to the original owner. But foreigners without a roaming phone would not get the message,” he added.