Street
thieves who specialize in cashing out stolen credit and debit cards are
increasingly using Fuze cards to conduct fraud and theft, the U.S. Secret
Service has warned in a memo to companies in the financial sector.

Fraud
rings use Fuze cards to avoid suspicions that could arise by carrying dozens of
cards when attempting to draw cash or conduct purchases. Fuze cards allow them
to store information for up to 30 stolen cards. The thief can simply use the
controls on the Fuze card to swap through the card numbers.

Brian
Krebs, a cybersecurity expert and investigative reporter, received a copy of
the memo, which said that, “The transaction may also appear as a declined
transaction but the fraudster, with the push of a button, is changing the card
numbers being used,” the memo notes.

“Fraud rings often will purchase data on thousands of credit and debit cards stolen from hacked point-of-sale devices or obtained via physical card skimmers,” Krebs explains. “The data can be encoded onto any card with a magnetic stripe, and then used to buy high-priced items at retail outlets — or to withdrawn [sic] funds from ATMs (if the fraudsters also have the cardholder’s PIN).”

The
Secret Service memo underscores that, “while this smart card technology makes
up a small portion of fraudulent credit cards currently, investigators should
be aware of the potential for significant increases in fraud loss amounts with
the emergence of this smart card technology.”

Fuze
Card, the company behind the technology, plans to extend Fuze functionality to
include transactions with virtual currencies, like Bitcoin. When that happens,
fraudsters might further increase their reliance on Fuze to conduct illicit
transactions.

Last year, two independent security researchers discovered a grave flaw in the Fuze Bluetooth-pairing functionality which allowed anyone with brief physical access to tamper with the data stored “securely” on the cards. The researchers disclosed the flaw to Fuze Cards responsibly, holding off a public announcement until the company patched the bugs – which it did, in a timely fashion.