10 different ways hackers use to clone EMV chip credit and debit cards in 2021

Electronic fraud can come in multiple forms, although the most popular variant is still credit and debit card fraud. In these malicious operations, cybercriminals manage to steal card information to extract cash or pay for products and services not authorized by affected users.

This information theft process is also known as card cloning, and its main goal is to access the user’s card number, expiration dates, security numbers, and PIN. On this occasion, we will show you the most popular methods to clone banking cards, plus some security recommendations to prevent these attacks.


This is the most common method and, depending on the variant, may be the least sophisticated. This attack requires a hidden camera near a compromised ATM or point of sale (PoS), as well as a device known as a skimmer, capable of copying the magnetic stripe or chip of a card.

Using a computer, hackers dump the compromised data on a blank card, thus creating the copy of the affected user’s card. These attacks are more common at ATMs, as it is relatively easy to hide a skimmer in these machines.

Fortunately, it is very simple for users to prevent these attacks. You can cover the ATM keypad at the time of entering your PIN; even if hackers manage to clone your card, this information will be practically useless if they do not have access to the security key. Remember also that you should never accept help from strangers at the cashier or leave your vouchers forgotten.

Finally, in cases where an ATM does not return the card, report the incident immediately to your bank, as this may be an indication that the machine has been compromised by a threat actor.

Fake payment devices

Sometimes threat actors infiltrate between workers in establishments such as department stores, restaurants or gas stations with the aim of using malicious points of sale, which will allow them to extract information from the cards entered into these devices, including the victim’s PIN.

Fake payment devices have been a growing threat for some years now, becoming popular as people stopped using cash. In this case, users do not have many options to protect their information, since at first glance and in legitimate shops it is practically impossible to detect one of these malicious devices.

In the face of threats like this, the best protection can be payment with a smartphone. There are mobile apps that allow you to synchronize all the user’s payment cards and have access to them without having them at hand, in addition to the malicious devices will not be able to clone the information contained in these tools.

The use of jamming cases or aluminum wallets can also prove useful, as these materials prevent hackers from properly using their systems to extract information from cards.

Phishing and other similar tactics

This is another very popular hacking technique and is applied for purposes other than the cloning of payment cards. Phishing attacks begin with the target user receiving an email containing an attractive message, usually related to offers, gifts or parcel shipments pending receipt. These messages and their presentation should be as attractive as possible, in addition to containing a link or attachment.

If users fall into the trap and follow the malicious link, they are redirected to a fake website of legitimate appearance where they will be asked to enter some data of interest to the hackers. In addition to ignoring these emails, users are advised to try to verify the legitimacy of the link; malicious links are easily detectable once you learn to distinguish them.

In case the email contains an attachment, the user must simply refrain from downloading these files, either a PDF or Microsoft Office document, or a compressed file.

Adult website scams

This is a trick as old as it is effective. Some porn sites that offer “Premium” subscriptions ask users to enter a credit card number under the guise of verifying their age when in fact they are looking to collect financial information for malicious purposes. Many people may find it implausible that this attack will work, but it is a real threat.

In these cases, the recommendation is simple: never enter your personal or financial data to adult websites, especially those that do not have security measures such as SSL certificates.

If you believe you have been a victim of any of these variants of wire fraud, you should immediately notify your payment card issuing institution, in addition to reporting the compromised card and monitoring your account statements for unauthorized charges.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.