French police (OCLCTIC)1 supported by Europol’s European Cybercrime Centre (EC3) have arrested 18 members of a criminal gang who were illegally using modified, ’ghost’ point-of-sale (POS) terminals. The terminals were used to copy and store magnetic strip card data and confidential PIN codes, and then to steal at least EUR 3 million from victims’ accounts. Of the 18 arrestees, 12 were imprisoned after the final raids last week.

The ghost POS terminals were modified by the criminal gang who skimmed and then cloned the cards of unsuspecting customers. The customers handed over their cards, thinking that they were making payments; however the fake devices were off-line and had never been connected to a bank payment network. Instead, the devices copied the customers’ card data, printed fake receipts for them and their cards were then cloned. Alternatively, the customers were not given a fake receipt but informed of a ‘connection error’. Their card was still skimmed and they were then asked for another means of payment.

Forensic analysis of the devices has revealed a highly sophisticated crime. French investigators have disclosed the technical manipulation of the hardware and POS software which actually enables the use of POS as a ghost terminal and for data compromising.

The fake terminals were used in taxi cabs and discount stores to skim card data, and then fraudulent money withdrawals were later made using cloned cards in the Miami area of the United States, Dubai, and in Thailand.