Credit Card Fraud
Credit card fraud and more broadly identification card theft - or identity theft - is the acquisition of credit card and personal details relating to the use of credit cards and other payment cards as a fraudulent source of funds for the purchase of goods and services.
The essence of credit card fraud is taking the victim’s card details, using various techniques, in conjunction with having knowledge of other security checks such as birth dates, personal identification numbers (PIN), passwords, and card security code (CSC) numbers. The criminal requires at least two parcels of information before a successful fraudulent transaction can occur.
The information can be acquired directly through the theft of a credit card, which could allow the immediate use for in-store or online purchases. However, more commonly, the necessary information to carry out a fraudulent purchase is acquired remotely through online contact.
Credit card fraud methods
Some of the more frequently used methods for acquiring your credit card details for fraudulent purpose include:
- Sophisticated devices called skimmers attached to automatic teller machines (ATMs), fuel bowsers or other card readers can read your full credit card number and your PIN. These skimmers are carefully designed to blend into the natural setting and will not raise suspicions unless you are on guard. Most of us use many different card readers during the course of a normal day. They come in a variety of styles and unless you are familiar with a particular type you may find it difficult to spot an anomaly. Skimmers can be purchased easily online and access to the technique is available to any fraudster. Take the time to look carefully at the card reader during ATM or other card reading transactions. This type of fraud is most likely to occur at venues where the card reader is unattended so that a skimmer can be attached when nobody is watching. Take more care in these situations.
- Criminals have well and truly adapted to the internet environment. The internet provides a very attractive opportunity for criminals to steal details with only a small chance of being detected or apprehended. The use of malicious software - or malware - allows dishonest persons to steal credit card details, password and CSC numbers. Malware can be installed at several access points along the electronic purchase pathway.
- Personal computers offer an opportunity for the installation of malware. Personal computers can be attractive targets because the users are frequently not computer experts and may not know of the hazards when operating online. Despite personal computers having security features in place, many malware attacks are successful because the user is not on guard. In most circumstances the malware can only function if the victim mistakenly provides access around their computer security systems. This can happen, for instance, when a user mistakenly responds to a nefarious email, which contains a hyperlink and enables the downloading and installation of malware onto the users computer. This can be achieved without the users knowledge. The malware can then acquire credit card details when an online purchase takes place. Being aware of these scams and having the latest security systems installed will minimise the risk of succumbing to malware attacks through your personal computer.
- Malware can be installed in many other points in the e-purchase pathway including the vendors point of sale facility. A retailer’s system can be infiltrated, which can allow credit card purchases to be recorded and details sent to the fraudster. Counterfeit cards can quickly be produced based on the acquired information. These types of malware attacks can be a productive source of credit card information as multiple users will likely use the retailer’s system. Being aware of your charge records and investigating quickly any unaccounted spending will minimise the damage caused by credit card theft in these circumstances.
- Your credit card details are stored with various legal entities for legitimate purposes. These databases have security systems in place but there have been numerous examples of the databases being breached and credit card details taken. This avenue for credit card theft is independent of the credit card owner and there are few preventative measures to be taken. Checking your charge records regularly will alert you to suspicious spending, which should be examined immediately.
- Lost or stolen cards is becoming a less frequent avenue of credit card fraud. The online acquisition of credit card details offers the fraudster the possibility of obtaining hundreds if not thousands of credit card and personal details. The stealing of a single card has become the realm of the small-time amateur. Nevertheless some precautions will lessen the risk. Stolen credit cards will still require personal details to carry out a successful fraudulent purchase. Personal details are sometimes obtained through scam phone calls where the caller will pretend to be a bank official or possibly a merchant calling to verify personal details by asking you for those details over the phone.
A fictitious but typical example of one type of credit card scam could unfold something like this:
Michelle was expecting a new credit card when she received a call from a woman saying she was from her credit union. The woman apologised for the delay in sending the credit card but said she needed Michelle to confirm the details so the card could be sent. Michelle thought the request was unusual but didn't query it. The woman also asked Michelle for her address and date of birth and she gave this information to her. Michelle started to get suspicious when the woman on the phone hung up on Michelle after she asked the woman why she was after those details.
Michelle immediately called her credit union, who told her that the limit on her credit card had been spent that day and her phone banking had been activated. Michelle had never used phone banking before and had not used the card that day or any other day in fact. The information Michelle had given the woman on the phone was enough for the woman on the phone to answer the credit union’s security questions and activate phone banking. Using phone banking, the scammer had transferred money from Michelle’s credit union savings account to her credit card so that a further cash withdrawal could be taken from her credit card.
Michelle later realised that her mail had been stolen from her letter box, including documents which had her full name and date of birth.
Michelle eventually got her money back from the credit union after reporting the incident to them.
She became very wary of scams and regularly checked her credit union and other financial account statements to ensure all the purchases were her own. She also installed a new letterbox with a combination lock so only she could access her mail.
By now most people know the basics of keeping their details safe – but criminals are getting more deceptive than ever. Lately there has been a rash of phishing scams in which the fraudsters pose as legitimate government sites or your bank in a very convincing way, so it's best to be vigilant at all times while reading your emails or shopping online and to continually exercise password discipline.
Steps to reduce the chance of credit card fraud
Some basic precautionary steps you can take to reduce your chance of being a victim of credit card fraud include:
- Check your charge account statements regularly and follow up with enquiries if there are unaccounted purchases.
- Ensure your personal computer has the latest antivirus software and ensure you are notified of any updates available or new virus threats.
- Some malware comes in the form of legitimate looking phone apps. Do not respond to pop-up advertisements that even offer antivirus protection. It is far safer to seek security software through a search you initiate rather than be directed by an unsolicited pop-up, which could easily be a link to malware.
- Never give your personal or credit card details over the phone to callers who have initiated the phone call. If the call is legitimate then call the institute they claim to represent to determine if the call is for legitimate purposes.
- Do not give your PIN to anyone.
- Take the time to develop complex passwords that cannot be guessed. Strong passwords containing upper and lower case characters as well as numerals and other non-letter symbols offer excellent protection from criminals trying to access your accounts. Also use different passwords for different accounts so in the circumstance where one password becomes known, then only one account can be compromised.
- Many national governments offer a great deal of assistance with updates and information about credit card and online scams. These are good sources of reliable and trusted advice.
- If you receive an official-looking email from your bank or other business – or from what appears to be a government agency – that asks you to click a link to update or verify your details, just don't do it. Look at the senders email address carefully. Quite often it will attempt to appear valid but may have spelling changes or the it will have other indications that it is invalid. This is when the delete button is invaluable.