Hacker Predicts AMEX Card Numbers And Bypasses Chips And Pins With Scary Accuracy

Hacker Predicts AMEX Card Numbers And Bypasses Chips And Pins With Scary Accuracy

A hacker named Samy Kamkar has recently created a worrisome device that is able to predict and store the numbers of hundreds of American Express credit cards. The device costs only $10 to make, and the numbers can be used for wireless transactions and at payment terminals anywhere in the world. Needless to say, criminals could use the device for highly illegal purposes. The device is called Magspoof by Kamkar.

Kamkar was able to develop the Magspoof device by determining how American Express selects replacement credit card numbers and by breaking down how exactly the magnetic stripe functions and stores data. If criminals manage to get their hands on the device, they would be able to place transactions on cards that have since been canceled. However, the device wouldn’t work in transactions that require the security digits on the back. American Express has already been informed about this security issue, and the company is currently working on developing a fix.

Kamkar explains, “Magspoof is a device that can spoof any mag stripe or credit card entirely wirelessly, can disable chip and PIN protection, switch between different credit cards, and accurately predict the card number and expiration on American Express credit cards. You can put it up to any traditional point of sales system and it will believe that a card is being swiped.”

Kamkar then discussed how he managed to accurately determine credit card numbers.

“I pulled up the numbers for several other AMEX cards I had and compared to more than 20 others and found a global pattern that allows me to accuracy predict replacement numbers and expiration dates,” he said.

People who are curious about the device can download the associated code and follow Kamkar’s instructions on how to create one of their own digit stealing devices. However, the device will not work as intended, because Kamkar did not reveal how he was able to bypass pin protection, and he has not released the American Express number algorithm. Still, the device can be used to emulate cards, and it can assist researchers in developing better credit card technology.

Stay Connected