An interview with a card scammer

Several months ago I fell victim to a huge card skimming scam. Ok, it was only £20 that they managed to steal from my card, but still... I was furious at myself more than towards the little fraudsters. I should have known better as I never really trusted those contact-less cards.

I was mentioning this incident to an absolute stranger I met in a coffee shop a few weeks ago. We got onto this topic as I overheard him telling the waitress that the card she was trying to tap was not contact-less, “never trust them” he said to her. I looked at him, smiled and interjected that I never liked contact-less cards either as I had been scammed before.

We started a conversation, as you do, and mentioned that I was still confused as to how they scammed me. He then went into full details on what he thinks could have occurred. This was becoming interesting and I started to realise that this guy knew a little more than he should, I then had to ask him how he knew all of this?

He smiled back, replying that it was something "he used to do".


Now, you don't just leave it there when you hear someone make a statement like this, especially in that context.
Offering him another latte, I took the liberty to ask him if he would mind me asking him a few more questions so I could publish this information online?

He was more than happy to chat, just not use his real name, use Calvin instead. Calvin? Sure.
Having met some interesting characters in my life, I was intrigued that I was now about to “interview” an ex-card snatcher. We chatted for another 2 hours over 5 coffees.

Going back to my incident. I thought I was scammed with a card reader when I was using the London tube that day. Having bent and broken my Oyster travel card for the 4th time, instead, I had to use my one and only contact-less card, one which I only used for emergencies. I also remember being suspiciously bumped in the tube station in a very peculiar way (which I would recall being suspicious later), but at the time I felt nothing of it, it’s not unusual to have some weirdo bump into you for no clear reason - This is London Underground after all.

Because I hardly use this contact-less card, I never paid much attention to the bank statements. It was only 4 months later when I went through the statement by chance and noticed that there was a suspicious payment. I had used this card 18 times the entire year, mainly for travel and coffees, so seeing a £1.50 here and £ 4.50 there on the statement was reasonably normal, but when I noticed a £20 transaction, it raised some flags.

I gave Calvin a theatrical demonstration on how I was bumped that day. Was it possible that they skimmed my card which was in my pocket?

"Unlikely," he said, "a bump is too quick to do a successful 'read', instead, [they] would usually do it in busy places where you have to stand close to someone - like a busy station, escalator, a queue or packed bus.” He also added, "there is no signal underground, so they wouldn't have tried it then".

So, how did someone scam me?

Calvin asked me if I had used the card anywhere before I went to the tube. I could only remember going to a coffee shop on my way to the station (I drink a lot of coffee it would seem).
"That's where they probably 'riffed'' it", was his reply.
"Riffed?"  It's a slang term for RFID'ing a card apparently.

Before we went on to speak about the “riffing”, he added that they must have been amateurs. “Amateurs?” I asked. Calvin continued; "’Professionals’ steal £2, £5 and maybe £10 at a time, and never round numbers, more like £4.29 which seems like you bought a sandwich when it pops up on your bank statement”.

It made perfect sense, how often do we notice a £5 expense we made at the beginning of the month? we would be more inclined to notice a £20 transaction as it's a significant number, I did, but it was too late.
"It's the greedy amateurs who try for the big score and often end up getting caught. People notice larger amounts".

These seem like small numbers to steal, but do this 50 to 150 times each day at £4.29 a shot, and you're almost earning more than a Doctor would, tax-free.

Turns out that it's usually the amateurs that raise flags, sure there are convictions, but only the random amateur here and there. Perhaps it's enough to keep the banks feeling happy because the conviction statistics for fraud are showing positive results, while the real pros are still out there increasing fraud cases exponentially.
"it's not only big syndicates either, it can be anyone with the right equipment for about 600 quid (£) and a little training..." he added. "It's easier and safer than selling drugs, just don't be greedy".

Good to know.

Back to my transaction, it was too late to report it as it was months later, but I thought what if it happened again? 

Could I just report the transactions?

"No, you're fucked there too..." was Calvin’s eloquent reply, as it turns out that many of the mobile contact-less PDQ's used by criminals are legitimately registered. So proving that they "stole" money is going to be a task and a hassle on its own.

PDQ? Process Data Quickly is the official abbreviated term for a card reader or "card machine" as some like to call it.

"Just be smart next time" Calvin said as he laughed at me.

Fair enough.

I proceeded to ask Calvin to educate me then. And he sure did. It was as if I was doing my crash course apprenticeship in riffing, skimming and cloning cards, I was even using the lingo by now. I was almost tempted to switch to a new career, but before I made the decision, I had to ask what made him "retire"?

"Guilt" was his surprising reply. He started feeling guilty about the fact he was technically a criminal.

Technically? I thought.

Although he came from an average middle-class family, he was doing it to score extra cash. Parties, drugs, booze, chicks, travel, trendy clothes... and because he could.

Calvin had all the equipment; modified PDQ readers (or pebbles as he called them), scanners, modified cameras and a smart little operation going on. He would recruit waitresses, specifically in hospitality as it was easier to distract the customer for a few seconds while they 'riffed' the cards. A little training, some light equipment, a small cut out of the deal, and they're good to go.

He mentioned he preferred females as they smile more often and are easier to trust (from the customer's perspective). Besides, they can flirt to distract a customer without coming across as creepy or suspicious.

Right, so we’ve got the crew, now what?

The hardware.

You need a registered PDQ card reader. This portable card reader was registered in a legitimate account. In 

Calvin's case, he registered it as a contracting company, which coincidentally, was the same trade his father was in. So setting this up as a "tradesman" under some arbitrary name was simple enough. The card reader he used was standard, except there were a few modifications to extend and conceal the sensors, while the "major hardware" was left in a pocket, bag or apron - it now became a “pebble”.

Then there is the modified camera that can enable the lens hardware to be concealed while the power pack was left in a pocket or apron too. The purpose of the camera is to take a recording of the card number, expiry date, account holder and a quick flip would reveal the card CVV. This would be used later for a few online purchases, but not yet.

The job.

His insider who would work in a restaurant, let's call her the "riffer", would take the bill to a customer along with a legitimate PDQ owned by the restaurant. As the customer taps their contact-less card to pay, the "riffer" would cancel or interrupt the transaction saying it has just been declined or there was a problem.

We have all been there and do not like that feeling when the card reader starts screwing around, especially when it’s in front of a date or friends. You know there is cash, but there is always that thought... Is there still cash!? as a trickle of sweat appears and respond with that awkward “er… try again, there is cash!?” followed by a silly giggle.

Sure, so the "riffer" takes the card saying that they will try another PDQ instead. The customer still feeling a little awkward now focuses on playing it cool in a nonchalant sort of way and pays no attention. As the "riffer" walks away, she swipes the card on the 'pebble' without anyone noticing.

The illegal transaction is now done.

Now, this is the part where it becomes an interesting psychology.

Calvin explains that they usually waited a few minutes for the card "to cool off" just in case the bank detects sudden or repetitive card activity. In the meantime, the "riffer" either looks at the client from afar while shaking her head or she returns to the customer apologising that the card has been declined - again or there is an apparent issue. This is just a distraction to buy more time for the “cool off" and to not appear too suspicious.
While there is some awkwardness in the air (for the customer that is), and trying a few times more, perhaps another card is used, which is prefered as it will guarantee that no flags will be raised from the bank… and suddenly and magically the legit transaction works.

Done, the customer's round of lattes and bacon sandwiches have been settled and the scam has paid off. No one suspects a thing. And when the bank statement comes at the end of the month, there is only a £4.29 transaction and one for few pounds at “Sloppy Joe’s Cafe”, which by then they have either forgotten what they bought or it just slips by unnoticed.

Oh, before I forget, the bank statements are not always accurate with dates and times either. Sometimes there is a delay, so don't count on that to help jog your memory.

One second, what if the customer asks for a receipt for a failed transaction?

That's already covered. "A fake one is already printed by using a card with no cash, we tap the card and print the 'void transaction' receipt. IF they ask for the receipt we just hand them the fake one... no one ever reads the receipt details, anyways they grab it and hide it". Calvin emphasises the IF, that's because according to his statistics, 1 out of 20 customers would actually ask for the receipt. I meticulously wrote this down and made a mental note for next time I receive the dreaded-decline-card warning.

I asked Calvin if there were any instances where the bank contacted his "company" for suspicious activity or asking him to clarify a transaction? "No, never, but they did contact me once because my own card was cloned" he replied. We both burst out laughing, it was too ironic.

He added that the amounts were too small to ever raise concerns or suspicion with either the "mark" or banks and thus could continue doing his business without interruptions.

One question I had to ask...
"How much do you think you pulled?"

His reply? "Around 75k"

My response? "...!"

Now, £75k is a good return on investment for an outfit that only cost about £600 to set up, but it's not even 0.0000...1% of this multi-million £ fraud industry.

He spent most of his share travelling, paid off his debts and managed to help a few students and struggling moms get back on their feet - well, that's how he put it.

Noble? Not really, well maybe, but he just found a loophole in the system and exploited it.
To follow-up with Calvin, after he "retired" from the skimming game, he managed to transfer his criminal skills to a new career path as an estate agent. Let's see how long it takes for guilt to catch up.

Thanks to Calvin for providing a wealth of knowledge, a few tips on how to keep your card transactions safe can be read here,
In the meantime, happy shopping.article end

Read more on taintedguava.com.
Location: London, UK

Comments

Post a Comment

Popular posts from this blog

The night I spent with a prostitute, eating chicken wings

Image
Eating chicken wings with a prostitute, hardly a euphemism but an actual evening that occurred, in yet another unexpected random London night. Anyone familiar with what sights and sounds Kilburn High Road has to offer, especially after dark, will understand and possibly appreciate the circumstances and events that could unfold when hanging about long enough.  Besides the wall to wall vomit and the familiar vagrant shouting, "hey bruv, got any change?" It wasn't unusual for me to have another adventure, except this night may have been the most interesting. With a dead mobile phone, I stood at the bus stop at 12 am waiting for that damn bus, which now and then gets cancelled or rescheduled for no reason, and this night was no exception. It's famous for being the most unreliable route. As I stood waiting and being lied to by the automated bus schedule, another 15 minutes went by. A woman approached the bus stop, she stopped to look at the signboard
Read more

'86, a good year for bad sex

Image
One of the perks of dating or seeking solace in the embrace of a younger lover is the exciting thought of being attractive to a younger model. Then there is the eye-candy factor; toned body, perky boobs, firmer bums, tighter... But there is a price to pay for all the aesthetics and appealing attributes, and that is enduring the risk of having really bad sex. It’s not uncommon to hear the gripes from a more mature demographic, both male and female, who openly discuss their sexual encounters about post-1986’ers, and laying out their complaints and grievances about “the youth of today”. Lack of imagination, terrible sex, poor effort, too “porny”, low stamina - are just some of the complaints. The sense of millennial entitlement overlooks the natural essence by adopting the attitude of bragging rights, self-obsession, the illusion of being a good lover and where having good gag reflexes is celebrated as an achievement. 1986’ers? Those that are born post 1986, which in today
Read more

The 'C' word

Image
Commitment, the stigma attached to this dreaded word which often gets circulated at the beginning of a relationship isn’t exactly getting easier with the emerging scourge of online dating apps. The bounty of desperate single people out there all looking to get laid or find the right one is also not helping the cause of being with the right person if the commitment isn’t at the forefront. The good news is, men aren’t the only assholes. Commitment issues are not entirely gender-specific as they were apparent before. Although men have generally been known to carry the blame of owning commitment issues, in all honesty, women are overtaking that statistic as they are becoming more empowered and more independent. The old practices of courtship no longer apply, encouraged by society and social norms by submerging ourselves into meaningless one-night stands, the pursuit of an emotionless “no-strings-attached” relationship and hoping to find fulfilment with another frivolous
Read more