Street thieves who specialize in cashing out stolen credit and debit cards are increasingly using Fuze cards to conduct fraud and theft, the U.S. Secret Service has warned in a memo to companies in the financial sector.
Fraud rings use Fuze cards to avoid suspicions that could arise by carrying dozens of cards when attempting to draw cash or conduct purchases. Fuze cards allow them to store information for up to 30 stolen cards. The thief can simply use the controls on the Fuze card to swap through the card numbers.
Brian Krebs, a cybersecurity expert and investigative reporter, received a copy of the memo, which said that, “The transaction may also appear as a declined transaction but the fraudster, with the push of a button, is changing the card numbers being used,” the memo notes.
“Fraud rings often will purchase data on thousands of credit and debit cards stolen from hacked point-of-sale devices or obtained via physical card skimmers,” Krebs explains. “The data can be encoded onto any card with a magnetic stripe, and then used to buy high-priced items at retail outlets — or to withdrawn [sic] funds from ATMs (if the fraudsters also have the cardholder’s PIN).”
The Secret Service memo underscores that, “while this smart card technology makes up a small portion of fraudulent credit cards currently, investigators should be aware of the potential for significant increases in fraud loss amounts with the emergence of this smart card technology.”
Fuze Card, the company behind the technology, plans to extend Fuze functionality to include transactions with virtual currencies, like Bitcoin. When that happens, fraudsters might further increase their reliance on Fuze to conduct illicit transactions.
Last year, two independent security researchers discovered a grave flaw in the Fuze Bluetooth-pairing functionality which allowed anyone with brief physical access to tamper with the data stored “securely” on the cards. The researchers disclosed the flaw to Fuze Cards responsibly, holding off a public announcement until the company patched the bugs – which it did, in a timely fashion.