8 Types of Credit Card Fraud
Plastic money, particularly credit cards, has made our lives easier than it was ever conceivable. Immediate consumption and possession that so very describes how the consumer markets work today could not be possible without credit cards. But, with this come a whole lot of new risks of financial frauds that we, as consumers, need to guard against. The knowledge of what might go wrong is an essential first step towards ensuring your financial safety. Here’s a primer:
- Physical Loss. Lost or stolen cards remain the leading causes of credit card frauds. Each credit card contains enough information required to complete a transaction online, over phone payment systems or through physical swiping. This includes your card number, expiry date, and CVV (Card Verification Value) number. In the beginning, card numbers and expiry dates were sufficient to use a credit card online; but these days, CVV number is essentially required to ensure that you are in the possession of the card. As an added security measure, a number of sites also require billing address of the holder, as registered with the issuing institution. However, this practice is still not widely adopted. To use a credit card for swiping at a billing counter, all one needs is the card. Now, there can be two scenarios – one, where the legitimate cardholder has signed on the reverse of the card and other, where they mention ‘See ID’ or ‘Check ID’. The thief might just copy the original signature while signing on the sales receipt or in case of an unsigned card, they may simply create any sign of their choice. Though none of the options is very secure, a signed card is safer as it is not very easy to imitate someone else’s signatures correctly.
- Phishing Attack. Usually carried out through emails or sms, a phishing attack is a method of illegitimately collecting someone’s information. The most common trap is an email that appears to be coming from an authentic source, such as your bank, and asking to submit some key financial or personal information and/or login details. Often these mails indicate a problem or a potential threat to your account and urge for an immediate action. These mails also carry a link that may appear to be from a ‘real’ source at one glance, but reveals flaws on a careful examination. Some of the typical loopholes are misspelling, different top-level domain (e.g., www.xyz-information.com instead of the legitimate url used by the organization, www.xyz.com), very long domains, @ symbols, negative WOT ratings, etc. Phishing emails may also use url redirect technique, such that when an unsuspecting victim clicks on the provided link, they get redirected to the site owned by the fraudsters, which is designed for collecting information or malware attacks.
- Offline Identity Theft. The identity thieves might give you calls, send sms, or otherwise steal your information. Their target may not essentially be your credit card information, though that is often the main reason. They may collect data, like your name, address, phone number and other personally identifiable information that may be used to create some fake credit accounts in the victim’s name or to impersonate as the victim. Banks often verify the cardholder’s personal information along with the card details to establish the identity of the caller. If this information gets in the hands of a fraudster, it becomes easy to operate the credit card account. Also, legitimate financial institutions do not ask for CVV number or the card’s expiry date to prevent frauds initiated by their own employees. Some users do not shred their card or phone bills before discarding them. Such bills are highly susceptible to crime, providing ready information to the thieves.
- Pseudo-representation. On the basis of collected information, a criminal may create a whole new credit card account in the name of someone else. This way, the trickster spends on the card and the victim is held liable for the bills.
- Skimming. The technique is more common in places, where the customer is not keeping an eye on the card being swiped, e.g., restaurants. The person handling the card ‘skims’ the sensitive information through photocopying or electronic capture. There have also been cases when some cards were smartly skimmed right in the front of the customer without them understanding.
- BIN Attack. This is a method of generating possible credit card numbers through various permutations and combinations. This used to be a bigger threat when the card issuers did not assign randomly generated card numbers.
- Mail Redirect. This works both online and offline, where the criminal intercepts or redirects the mails to his own account or address. In some cases of unauthorized snail mail redirect, the fraudsters redirected some newly issued credit cards to their own addresses! Online, a criminal may redirect ‘password reset’ or other sensitive emails to their id and break into an online account.
- Quantum breach. When it comes to transaction alerts, mostly users set them for amounts beyond a certain limit. This practice has some serious drawbacks as a criminal might simply choose to make very small purchases over a period of time, so as not to come in the notice of the customer or the card issuer.
However, these are not enough reasons to give up on the convenience that credit cards offer. A little more awareness on how to guard yourself from credit card scams can effectively protect you from some of you worst financial nightmares.
Eurion Constellation is a research and consulting firm serving businesses in U.S., Europe and India. The research services have a global reach with focus on industry / market / economic research, financial analysis, equity research, company valuations and report writing. The consulting wing in India focusses on the startup and SME sectors. Please feel free to get in touch for any business requirements. Visit http://www.eurionconstellation.com