Credit card fraud

From Wikipedia, the free encyclopedia

Credit card fraud is a kind of fraud where a merchant (business, service provider, seller, etc.) is "tricked" into releasing merchandise or rendering services, believing that a credit card account will provide payment for goods/services. The merchant later learns that they will not be paid, or the payment they received will be reclaimed by the card's issuing bank.

Typically, the fraudster causes a credit card of another person to be charged for a purchase. Today, half of all credit card fraud is conducted online, meaning that the fraudsters make online purchases with the credit card details of other people.^{[citation needed]}

Contents 1 Types of Fraud 1.1 Stolen Card Fraud 1.2 Account Takeover Fraud 1.3 Credit Card Mail Order Fraud 1.4 Skimming 1.5 Carding 2 Credit Card Crime Profits, Losses & Punishment 2.1 Losses 2.2 Credit Card Companies 2.3 The Criminals 3 Reporting Credit Card Fraud 4 Tips to help you avoid credit card fraud 5 See also 6 External links

[edit] Types of Fraud

[edit] Stolen Card Fraud

When a card holder loses or has their credit card stolen, it is possible for the thief to make unauthorized purchases on that card up until the card is cancelled. A thief can potentially purchase thousands of dollars in merchandise or services before the card holder or the bank realize that the card is in the wrong hands. Self-serve payment systems such as gas stations are also highly prone to accepting a stolen credit card, as there is no verification of the card holder's identity, however many stations are trying to prevent this by adding a check requiring the user to key in a zip code. The zip code must match the code registered to the credit card or the transfer will fail.

[edit] Account Takeover Fraud

Fraud perpetrators call in and impersonate actual cardholders using stolen personal information. They have the address and other information of the cardholder changed to an address they control. Additional cards and possibly PIN mailers are requested and issued to the new address and used by the fraudsters to make purchases and/or obtain cash advances.

Sometimes the fraudster will attempt to add themselves or an alias that they control as an authorized user to the account in order to make it easier to commit the fraud.

[edit] Credit Card Mail Order Fraud

Using a stolen credit card number, or computer generated card number, a thief will order stolen goods.

[edit] Skimming

Skimming is the theft of credit card information by a dishonest employee of a legitimate merchant, manually copying down numbers, or using a magnetic stripe reader on a pocket-sized electronic device. Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim's credit card out of their immediate view. The skimmer will typically use a small keypad to unobtrusively transcribe the 3 or 4 digit Card Security Code which is not present on the magnetic strip.

Many instances of skimming have been reported where the perpetrator has put a device over the card slot of a public cash machine (Automated teller machine), which reads the magnetic strip as the user unknowingly passes their card through it. These devices are often used in conjunction with a pin-hole camera to read the user's pin number at the same time.

To prevent Cards in countries such as the UK are issued featuring a smart chip with public key encryption. The chip cannot be copied, but the card number, expiry date and security code can be, and this set of data is often sufficient to use the victim's credit card account for fraudulent purposes with so-called "card not present" transactions, e.g., manual input, over the telephone or internet.

[edit] Carding

Carding is a term used by fraudsters for a process they use to verify that sets of stolen credit card data are still valid. The fraudster will present each set of credit card details in turn on a website that has real-time transaction processing, making a purchase for a very small monetary amount so as not to use up the card's credit limit, and so as not to attract the attention of a human reviewer to the transaction.

Often, an online donation site for a charity is used instead of an eCommerce merchant, since there is no need to find an item of a suitable price to put in the virtual shopping cart, nor to supply shipping details. The carder may do this manually with a web browser, or may write automated software to interface to the website's checkout or billing forms.

In the past, carders used to use computer programs called "generators" to produce a sequence of credit card numbers, and then test them to see which were valid accounts. However, this process is no longer viable due to widespread requirement by internet credit card processing systems for additional data such as the billing address, the 3 to 4 digit Card Security Code and/or the card's expiry date. Nowadays, carding is more typically used to verify credit card data obtained directly from the victims by Skimming or Phishing.

A set of credit card details that has been verified in this way is known in fraud circles as a phish (see Phishing). A carder will typically sell data files of phish to other individuals who will carry out the actual fraud. Market price for a phish ranges from US$1.00 to US$50.00 depending on the type of card, freshness of the data and credit status of the victim.

[edit] Credit Card Crime Profits, Losses & Punishment

[edit] Losses

U.S. Federal Law can hold the cardholder victim responsible for up to $50. Merchants in high-risk industries, like unattended automated fuel pumps or Internet sales, anticipate a certain amount of credit card fraud, and set prices accordingly. These higher costs are then passed onto the customer.

[edit] Credit Card Companies

In 2003 the Wall Street Journal estimated that the credit card industry generated $500,000,000 in annual revenue in research and investigation fees paid by consumers and businesses. This additional revenue offsets some of the costs incurred by credit card issuing and processing companies' when investigating chargeback claims. Some merchants believe the high revenue generation by the banks from the crime victims, reduce the incentive for the credit card banks to implement procedures to reduce credit card crime. However, the companies which collect these fees are not capable of dictating fraud prevention policies to the rest of the world. Payment transfer associations, like Visa and Mastercard, receive profit from transaction fees calculated as a percentage of the amount of money they transfer. These associations are motivated to enact policies which increase the amount of money transferred by their systems. Credit card fraud has a chilling effect on merchant acceptance of credit cards, motivating merchants to not accept credit card payments to mitigate their risk of loss. These payment transfer associations are therefore motivated to enact policies and enforce regulations which reduce credit card fraud.

Merchants have begun to request changes in State and Federal Laws to protect consumers and merchants from fraud, but the credit card industry has opposed many of the requested laws.

Because all card-accepting merchants and card-carrying customers are bound by contract law, according to the agreements they sign with their processing / issuing banks, respectively, State and Federal law has a smaller role in preventing merchants from being tricked. Payment transfer associations enact regulatory changes, and issuing / acquiring banks, merchants, and cardholders are contractually bound to these new regulations.

[edit] The Criminals

In the US, persons that commit credit card crime largely go unpunished and repeatedly victimize consumers and businesses. The Secret Service handles crimes involving the US money supply, they have a limit of $2,000 before investigating each crime. Most credit card criminals know this and keep purchases from any one business below $2,000. With credit card crime occurring across state lines, criminals often are never prosecuted because the dollar amounts are too low for local law enforcement to pay for extradition.

In the United Kingdom the law has been slow to deal with criminals who participate in this type of crime. However, on 15 January 2007 the United Kingdom brought into force the Fraud Act 2006. This Act has several provisions which directly target criminals. Sentences carry imprisonment up to a maximum of 10 years. A more thorough explanation of this Act can be found at Wikicrime which deals exclusively with English Criminal Law.

[edit] Reporting Credit Card Fraud

If you lose or have had your credit card stolen, you should immediately report it to your card issuer. Once you report the incident, you are no longer responsible for unauthorized charges made on your card.

In the US, credit card fraud can be reported to the Federal Trade Commission (FTC) and to local and regional authorities. It is the standing policy of the FTC not to investigate reports where the value of fraud does not exceed $2000. Local law enforcement may or may not further investigate a credit card fraud, depending on the amount, type of fraud, and where the fraud originated from.

If you are a merchant and you suspect orders have been placed for your products/services using stolen credit card information you will need to contact VISA/MC/AMEX/DISCOVER to obtain the issuing bank's phone number then call the bank to report that you suspect that their customer's credit card information has been stolen.

[edit] Tips to help you avoid credit card fraud

• Don't carry credit cards you don't use and never leave them unattended in a purse, briefcase or wallet.
• Always make sure you get your credit card receipt because it just may include your credit card number. Never toss it in a public trash bin. You'll need that receipt later anyway to tally things up when your statement arrives.
• Shred all documents that might include your credit card number before disposing of them - old slips, credit card statements, bills, anything.
• Never give your number over the phone to someone that you do not know. It's OK if you initiate the call but if you get a call at home from anyone that you do not know by name do not give them your credit card number.
• Never respond to an e-mail asking for your number, no matter how official or legitimate it looks. These bogus e-mails are the #1 fraud right now on the Internet.
• Review your monthly statement as soon as it comes and report any problems right away. To insure your rights, follow-up by filing a written complaint form.
• If using a bank card where you have the option to use credit or debit, ALWAYS USE THE CREDIT OPTION as this may prevent the skimmer device from accessing your four digit pin number.
• If possible, apply for a Photo Credit card as an added security measure which could help your identity from being impersonated in Merchant establishments.

[edit] See also

• Internet fraud
• Phishing
• Carder
• Predictive analytics
• Chargeback insurance
• Friendly Fraud
• Credit card hijacking
• Identity theft

[edit] External links

• Reporting Credit Card Fraud over the Internet
  • [[1] The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).

• General Fraud Information
  • APACS The UK Payments Association monitors online and card fraud in the UK.
  • Consumer Sentinel Fraud tips, reporting, trends and other general information.
  • Description of ATM cameras and phantom withdrawals
  • International Association of Financial Crimes Investigators (IAFCI)