拿到一個人的身份信息,僅用125秒,就可以“憑空”復制出他的信用卡。廣州警方最近公布的一起信用卡盜刷案,揭開集“重制、盜刷、銷贓”為一體的新型信用卡詐騙犯罪內幕,警示了針對芯片信用卡的新風險。
If you get a person’s identity information, you can “empty” his credit card in 125 seconds. A recent credit card theft case published by the Guangzhou police revealed a new form of credit card fraud, “relaying, scavenging, scavenging,” warning of a new risk to chip credit cards.
125秒騙過銀行重制一張信用卡
125 seconds tricked a bank to rewrite a credit card
“你好,我卡的芯片壞了,可以幫我補發一張嗎?”“請問預留手機號還在用嗎?地址要改嗎?請輸入卡片的服務密碼……感謝您配合。我給您重新寄張新卡過來。”
"Hello, my card's chip is broken. Can you help me with a new one?" "Can you change the preset number? Do you want to change the address? Please enter the service code for the card?" Thank you for your cooperation. I'll send you a new one."
這是廣州一家銀行的客服電話錄音。這通2分05秒的電話,竟牽扯出一宗跨多省份的新型信用卡盜刷大案。
This is a phone recording from a bank in Guangzhou. This is a 2-minute 05-second call that involves a new credit card theft case across several provinces.
2023年的一天,該銀行向公安機關反映,銀行客服短時間內突然接到大量要求重制信用卡的申請,情況異常。
On a day in 2023, the bank reported to the public security authorities that it had suddenly received a large number of requests for credit cards for short periods of time.
該行信用卡中心欺詐風險管理部工作人員說,這些人打來電話,自稱是該行客戶,要求重制信用卡並修改信用卡郵寄地址。銀行通過查驗持卡人身份証號碼和電話服務密碼完成身份核實,按客戶要求制作新卡。
According to the credit card center fraud management staff, these people call and claim to be clients of the business, demanding that the credit card be recreated and that the credit card mail address be changed. The bank completes the identification by checking the card holder’s identification number and telephone service password, making the new card as requested by the client.
“這些人收到新卡后,通過手機再次致電客服,驗証卡片交易密碼並激活,然后在外地大額刷卡購買黃金等。現已發現有6個客戶的信用卡被盜刷,金額約61萬元。”該工作人員說。
“These people, when they get the new card, call the customer again via their cell phone, verify the card trade code and activate it, then buy gold, etc. in large amounts of off-site brush cards. Six clients have now been found to have their credit cards stolen, amounting to about $610,000.” The employee says.
廣州市公安局成立專案組。經查,該團伙自2022年10月至2023年3月間,共對7家商業銀行的900余張信用卡展開攻擊,成功補辦信用卡500余張,成功激活並盜刷230余張,涉案金額1100萬元。該局經偵支隊辦案民警說,受害者受損金額少則1萬元,多則10萬元,“甚至有的人信用卡被刷爆后,還被開通20多萬元網貸。”
From October 2022 to March 2023, the group launched an attack on more than 900 credit cards in seven commercial banks, successfully replenished more than 500 credit cards and successfully activated and stole more than 230 in the amount of US$ 11 million. According to the Civil Police, the unit was working with a police detective unit and said that the victims suffered less than US$ 10,000 in damages and more than US$ 100,000, and that “even some of them had their credit cards blown up, they were also opened up with more than US$ 200,000 in net credit.”
經過偵查,廣州警方在海南、福建、江西等地抓獲犯罪嫌疑人12名,解除潛在被盜刷風險金額超10億元,打掉一個集“重制、盜刷、銷贓”為一體的新型信用卡詐騙團伙。
As a result of the investigation, the Guangzhou police captured 12 suspects in Hainan, Fujian and Jiangxi, released their potential for theft of more than $1 billion in venture capital, and eliminated a new group of credit card frauds with a collection of “recording, scavenging, scavenging and displacing”.
今年4月,該案被公安部和中國銀聯銀行卡安全合作委員會評為2023年“打擊涉銀行卡犯罪精品案例”。目前,檢察機關已以涉嫌信用卡詐騙罪對涉案嫌疑人批捕起訴。
In April of this year, the case was criticized by the Ministry of Public Security and the Committee for Security Cooperation in Bank Cards of the Federation of Chinese and Chinese Banks as a 2023 case of “assaulting a bank card-related crime.” At present, the prosecutor's office has sanctioned the arrest of the suspect on suspicion of credit card fraud.
購買公民個人信息充當“破關彈藥”
Buys citizen's personal information as "Closing off bomb"
本案警示針對芯片信用卡的新風險。辦案民警表示,該團伙作案手法新穎,通過三招繞開了信用卡的安全防線。
The case warns of a new risk to the chip credit card. According to the Civil Police, the group was new in its modus operandi and bypassed the credit card security line by three moves.
購買公民個人信息充當“破關彈藥”。該團伙通過“黑灰產”渠道購買大量公民信息用於盜刷。據主要犯罪嫌疑人劉某高供述,該團伙2019年花5000元通過境外社交群組購買了一批“料”,共計61萬條公民個人信息,包括姓名、身份証號、信用卡號、手機號,及一串6位數字的密碼。
The group buys a large amount of citizen information via the Black Ash product. According to the main suspect, Liu Kao, in 2019, the group purchased a package of “materials” for 610,000 citizens' personal information, including names, identification numbers, credit cards, cell numbers, and a set of six-digit passwords.
有了“料”,還得有話術。“我冒充他人身份,跟銀行客服說卡壞了、丟了,申請補辦,然后變更收卡地址。”劉某高說,一般來說客服不願意得罪顧客,會盡量滿足需求﹔如果遇到有經驗的客服不停地問,他就“爆粗口”嚇唬對方,最終成功幾率接近50%。
"I pretended to be someone else's, lost my card to the bank, applied for it, and then changed the card's address." Yoo-Hung said that, in general, customers who don't want to be offended, they do as much as they can to satisfy their needs; if they do not stop asking about experienced guests, he scares each other, with the ultimate chance of success being close to 50 per cent.
信號屏蔽、短信轟炸、呼叫轉移三管齊下,防止卡主察覺。為了讓卡主忽略或收不到銀行的短信提醒,該團伙先是冒充卡主身份,撥打通信運營商電話,開通短信屏蔽功能﹔此計若不成,就會購買短信轟炸服務,把銀行提醒信息淹沒在垃圾短信裡。有的卡主對此毫無察覺,甚至警方取証時還被認為是騙子。
Signal shielding, SMS blasting, and call-and-checking to prevent the card owner from detecting it. In order for the card owner to ignore or fail to receive the bank’s SMS alert, the group first pretends to be the card owner, dials the communication operator’s phone and opens the SMS shield; if it fails, it buys a SMS bombing service and drowns the bank’s alert in the trash text message. Some of the card owners are not aware of it, and even are considered liars when the police take evidence.
“在新卡快遞派送時,開通卡主手機號呼叫轉移,最終拿到新卡並激活。”劉某高供述,有時不得已也利用“電話回撥”軟件,在銀行客服處虛假顯示為卡主原預留號碼,以便順利激活。
“When a new card is delivered, the main phone number of the open card is transferred, and the new card is eventually obtained and activated.” Liu's statements, sometimes using the “telephone call back” software, are falsely displayed as a pre-set number in the bank's customer service so that they can be activated properly.
領卡、盜刷、套現由不同的人分開操作,互不相識,通過虛擬幣完成分贓。
The cards, the brushes, and the holsters are operated by different people, with no knowledge of each other, and are divided by virtual coins.
據辦案民警介紹,犯罪團伙買來社交媒體賬號或者群組,發布“銀行卡快錢工作”兼職信息,很快會有閑散人員聯系上門,這些人被稱作“車手”。不同的“車手”完成領卡、盜刷、套現,在扣除報酬后,換成虛擬幣交給犯罪團伙。
According to the Civil Police, criminal groups buy social media accounts or groups, issue “bank card fast-paying” information on a part-time job, which will soon be contacted by dispersed people, who are called “car drivers.” Different “car drivers” complete the cards, the brushes, the displays, and replace them with virtual coins to be given to the criminal groups after deduction of remuneration.
“為了躲避偵查,犯罪團伙找A地的‘車手’,前往B地領取重制的信用卡,再到C地盜刷,最后通過虛擬幣轉賬分贓。”辦案民警說。
“In order to avoid detection, the criminal group sought out A-land's `carker', went to B-land to collect a heavy credit card, stole it from C-land, and finally passed a virtual currency transfer." The police officer of the case said.
辦案民警提醒對信用卡單獨設置密碼
CIVPOL alerts to separate passwords for credit cards
公安部不久前通報,2023年全國公安機關共破獲偽造信用卡,竊取、收買、非法提供信用卡信息,妨害信用卡管理,信用卡詐騙、套現類非法經營等犯罪案件近5000起,涉案金額超百億元。從一些公開的典型案例看,信用卡盜刷和非法套現等犯罪案件佔比較大。
The Ministry of Public Security recently reported that, in 2023, public security agencies across the country broke down fraudulent credit cards, stole, bought, illegally supplied credit card information, obstructed credit card management, fraudulent credit cards, and illicitly operated cash-based businesses in nearly 5,000 cases involving more than 10 billion dollars.
在辦案民警看來,信用卡詐騙作案手段看似“巧妙”,究其根本還是鑽了信息安全的漏洞,偽造身份進而層層突破防護網。廣州市公安局經偵支隊一大隊二中隊副隊長李昀璁說,除了嚴打侵犯公民個人信息違法犯罪行為之外,還要提升群眾風險防范意識,避免在生活中、網絡上隨意填報個人身份証、電話、支付賬號、密碼等敏感信息。
According to the Civil Police, credit card fraud appears to be a “smart” approach, but it is still essentially a breach of information security, creating identity and breaking the defense net. The Guangzhou Public Security Bureau, acting through a team of 2nd Lieutenant-in-Chief of the Guangzhou Public Security Bureau, said that, in addition to committing criminal offences against citizens’ personal information, it is necessary to raise public awareness of the risks involved and to avoid randomly filling out sensitive information such as personal identification, phone calls, payment of accounts, passwords, etc. in life and online.
“有的密碼設置過於簡單,或者高度統一,作案團伙隻要掌握其身份証號碼或者其中一串6位密碼,就可猜出其他重要密碼。”李昀璁建議銀行部門加強對用戶的安全提醒服務,提醒群眾對信用卡單獨設置密碼,並開通短信提醒功能,留意異常信息。
“Some of the passwords are too simple or highly uniform, and the crew only needs their ID numbers or a string of six passwords to guess other important passwords.” Li suggested that the bank department strengthen its security alert service to users by alerting the public to separate passwords to credit cards and to open a text-message alarm function to keep an eye on unusual information.
“治理信用卡詐騙犯罪需要多部門綜合治理,這涉及各級職能部門,各大商業銀行等傳統金融機構和第三方支付公司、電商平台等。”廣州市公安局經偵支隊一大隊二中隊隊長何浩建議,應加強警銀企聯系,依托“智慧新經偵”等技術平台,共同發力封堵漏洞、防范風險。
“Managing credit card fraud requires a combination of different levels of competence, traditional financial institutions such as major commercial banks and third-party payment companies, electrical platforms, etc..” The Guangzhou City Public Security Bureau, with the advice of a team of two squadron leaders, should strengthen police and silver links, building on technological platforms such as “new intelligence detectives” to work together to close loopholes and prevent risks.
針對此案中發現的“補辦新卡隻需提交交易密碼,不需要卡主預留手機致電”的情況,以及部分銀行在信用卡安全防護上存在的漏洞,警方建議,銀行升級信用卡安全防護措施,加強對客服人員的培訓,以案說法,增強風險防范意識,依法依規辦事,該拒絕辦理的要明確拒絕。
In response to the finding in this case that “remediate a new card only requires a transaction code and does not require a phone call from the owner of the card” and that some banks have loopholes in credit card security protection, the police advised that bank security measures to upgrade credit card security should be strengthened, training of clients and service personnel should be strengthened, and rejected in a clear manner, in order to present the case, increase risk awareness and comply with the law.
據新華社
According to Xinhua,
分享讓更多人看到 
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论