In Portugal, a new scam in the banking system is gaining ground without resorting to traditional methods such as phishing or skimming. The growing digitization of payments, combined with the sophistication of schemes, has made it more difficult to identify the moment when card data is compromised in a scam, often through seemingly normal operations in multibanco terminals.
According to provisional data provided to Lusa, GNR and PSP registered, in 2024, a total of 3735 complaints related to abusive use or cloning of bank cards. Although the amount of occurrences does not represent a significant climb over previous years, experts point to a significant transformation in the way the burles are perpetrated.
The adaptation of schemes to the new digital reality now requires greater vigilance by users, especially in the routine use of credit and debit cards.
Cloned Cards and Silent Bonds
GNR revealed that between 2020 and 2024, 5884 occurrences were recorded by card cloning, affecting more than six thousand victims. In the last year alone, 933 cases were counted, the lowest number of the period under analysis.
According to the security force, many of these crimes arise precisely when the victim realizes strange movements in the account, never having lost the card or accessed malicious links.
Bonds often occur in a physical environment, but using previously compromised data, often obtained through channels such as Dark Web. The use of multibanco terminals to validate or test this data is one of the phases of the burla scheme, explains GNR.
PSP records an increase in occurrences
Public Security Police reported in 2024 a total of 2802 occurrences related to card abusive use, almost duplicating the inquiries opened by the Judicial Police (PJ). According to the data provided to Lusa, this climb is attributed to the combination of legislative changes and the proliferation of more subtle scout techniques.
Carlos Cabreiro, director of the National Cybercrime and PJ Technological Crime Unit, said that at the beginning of last year 3401 investigations were underway, to which 1433 new inquiries were added. The total number of processes pending at the end of 2024 was 3518.
A BURLA WITHOUT DIRECT CONTACT
Contrary to the best known practices, such as phishing (using fake links) or skimming (with physical changes in the ATMs), the new scam does not require the victim to enter the data on a fake site or use an adulterated machine. Many of the data used are collected in other contexts and later applied to legitimate transactions without immediately lifting suspicions.
According to PSP, the evolution of the phenomenon is directly linked to the digitization of the payment means and the dematerialization of cards, making it more difficult for users to detect anomalous changes in their accounts.
This trend is also aggravated by the use of virtual cards and mobile payments, which open new doors to the burns.
Schemes hidden in real establishments
Carlos Cabreiro told Lusa that, in addition to digital schemes, there are also reports of scams in physical establishments where traders collaborate with criminal networks, collecting data from customer credit cards without their realization.
In these cases, the card is used in a seemingly legitimate transaction, but the data is copied or transmitted for later use on online purchases or surveys in ATMs.
The victim only realizes the problem days later, when confronted with unrecognized movements in the bank statement.
Essential protection measures
Deco Proteste recommends that, when detecting an improper bank movement, the consumer immediately contacts the bank or SIBS, as well as complaining to the authorities. It is essential to act quickly to avoid further damage.
At the level of prevention, it stresses that users should check carefully the multibanco terminals before inserting the card, cover the introduction of PIN by hand, and never leave the cards out of the field of vision in commercial establishments.
Online shopping and virtual cards
In digital transactions, the recommendation is to avoid direct use of credit card number, favoring the multibanco references or virtual cards with limited balance. According to the same source, ensuring that the site is true and uses encrypted connections also reduces the risk of exposure.
This type of scam, albeit less visible, can be as or more harmful than classic methods. By involving legal channels and legitimate movements, it is harder to detect and slower to lock, making consumer active surveillance essential.
Also read:
