But of course, as those new forms of payment evolved, so did the fraudulent means of exploiting them. Today, while cheque fraud is pretty much non-existent, credit card fraud is booming. In fact, according to figures from the Australian Bureau of Statistics, credit card fraud more than doubled from $1 billion in 2010-11 to $2.1 billion in 2014-15 (1).
As we move ever-forward towards a cashless society, we use cards to pay for everything from our morning coffee to our next overseas adventure. We tap-and-go with our smartphones and smartwatches, we use payment wearables supplied by our card providers, and we shop online seemingly endlessly, for biscuits and barbeques, moisturiser and mountain bikes.
While paying this way may be convenient, it’s not without risk. Analysis of fraud statistics from the Australian Payments Network found ‘card-not-present’ fraud rose 76% in the 12 months to June 30, 2018, increasing from 10.2 million transactions in 2017 to 18 million in 2018. The value of this type of crime rose 7.8% to $478 million, and now accounts for 85% of all credit card fraud (2).
So, what can we do about it? Apart from wringing our hands, of course. While some changes need to be made by the higher-ups – think of the Sony debacle, there wasn’t much we could do about that from down here – we need to take steps to protect ourselves if we are going to continue down this path to cashlessness.
In this article, we’re going to look at the various types of credit card fraud, and what criminals are currently doing in the attempt to part you with your hard-earned cash. Then, we’re going to get into the various anti-fraud security features your credit card offers, and the ways you can protect yourself. Too late for that? We’ll also go over what you need to do if you have been a victim of credit card fraud.
Common types of credit card fraud
Knowledge, as they say, is power. The more you know about credit card fraud, the more you can do to protect yourself. So, with that in mind, let’s have a look at the most common types of credit card fraud and how they work.
- Card-not-present fraud: With card-not-present fraud, your credit card is used to make online and over-the-phone transactions, where there is no need for a physical card, a PIN or a signature, just the details on the card itself.
- Counterfeit card fraud: With this type of fraud, criminals use your credit card data to create a counterfeit card, which can then be used for any type of transaction.
- Not-received fraud: With not-received fraud, your card is intercepted before you receive it, most commonly this involves having it taken from your mailbox after you have applied for a new card, or are receiving a replacement.
- Application fraud: With application fraud, someone applies for a credit card in your name using your personal info. Often going hand-in-hand with further identity theft issues, this type of fraud can go undetected for some time, as the victim would have no idea these extra credit card accounts exist, and would have no way of tracking payments.
Getting that info
Information is key to credit card fraud. Without your personal and credit card info, fraudsters have nothing. So, how do they go about getting the info they need to carry out credit card fraud?
Credit card skimming
Credit card skimming involves fitting small electronic devices to ATMs to steal users’ credit card details. By attaching false panels that contain cameras and skimming devices to an ATM or other payment device, fraudsters can record card and PIN info, which can then be used in card-not-present fraud, or to clone counterfeit cards.
It seems anti-fraud measures – think chip-and-PIN – are working here in Australia, where statistics show instances of card skimming and replication fell 45% in the year to June 2018 (3). Over in the United States, the numbers don’t look so pretty. Swipe and signature is still the predominant method used during over-the-counter transactions there, and chip-and-PIN is yet to take hold.
According to security vendor, Gemini Advisory, it used telemetry data collected from illegal web-based market places and found that at least 60 million US cards were compromised in the past year (4). The company estimates that three-quarters of compromised cards were likely compromised through skimming card data, and point of sale breaches at merchants.
The unfortunate fact is that the majority of those incidents could have been prevented. Data shows that nine out of ten records – 41.6 million – stolen during card-present transactions were from cards with the EMV security chip. Meanwhile, despite large-scale hacks and breaches of e-commerce databases, the research shows far fewer compromised card-not-present records up for sale on the internet, at just 14.2 million in the past year.
Phishing is used as a way to access account information. Scammers may contact victims by email, text message, social media or phone, pretending to be someone they’re not in order to ‘phish’ for information. While we all now know to stay away from Nigerian princes and their phishing scams, scammers are continuously becoming more intelligent in their attacks.
Often pretending to be a bank or financial institution, the phone company or an internet provider, a government agency or education provider, these scammers will try to convince their victims that they need to update their personal info with them. This involves sharing their personal details, bank account numbers, credit card info and even passwords.
But, getting you to share your info isn’t all they can do. They could send a link to click on, perhaps saying there has been a security breach, and their security software needs to be downloaded. However, clicking on this link actually installs a Trojan virus, which infects the device and either gives someone else control of it, or allows them to track keystrokes to get all the info they need.
It’s a good idea to be wary of any unsolicited contact you receive, even if it does look or sound like it’s from a company you know and trust. It may be a phishing scam if it’s an email or text message that:
- contains a link that requires you to update personal info,
- claims to be from a provider you don’t have an account with,
- states your details are needed for security or maintenance upgrades, or to ‘verify’ your account,
- is a survey that offers you a reward or prize for filling it in,
- says you’re due a refund for a fee or amount you were mistakenly charged,
- has spelling errors or typos,
- does not address you by your full name.
Other examples of phishing scams include those that contact victims pretending to be a certain provider, saying there are suspicious charges on their account, or that they are behind on their payments. Alternatively, they may offer great credit card deals, or pretend to be from the ATO.
Fraud can even occur on holiday, when scammers call holidaymakers on their hotel phone saying there is a problem with the hotel’s computer system, and guests are required to provide their credit card details again.
Hacking personal and business devices can provide criminals with a wealth of information that can be used on both large and small scale enterprises. While there have been several headline-grabbing data breaches over the past few years, hacking can also occur on a much smaller scale. We already mentioned viruses and spyware that can be used to provide access to outside users, but there are other methods as well.
While using a Wi-Fi hotspot may seem harmless enough, by using the wrong Wi-Fi hotspot, users may be putting their personal and financial info at risk. Scammers create free Wi-Fi hotspots that can be accessed without a password, but if you connect to one and access your credit card online, they may be able to steal your login details, and even your card info if you make a purchase.
While perhaps not as sophisticated as other methods, mail theft can provide fraudsters with all the info they need. Stealing mail could provide them with personal info, bank account details, financial info and even physical credit cards. They may look for further information in documents thrown away in the rubbish or recycling bin.
Again, not exactly sophisticated or technologically advanced, but pick-pocketing still happens. Here, thieves steal wallets out of purses or pockets, often in crowded areas such as train stations and busy shops. At least with this method, victims usually realise what’s happened quickly and can either freeze their cards or cancel them.
Unfortunately though, you are not the only source of your personal information. As we share our details with various providers and other companies, as we make purchases and payments, our information is stored and recorded. Criminals can buy this information from other criminals and unscrupulous merchants, they can steal physical records, or hack systems to get everything they need.
Credit card security: What does your card offer?
As credit card fraud advances, credit card security steps forward to protect cardholders. There are a number of anti-fraud security features included on credit cards as standard these days, which work both to prevent fraud from occurring, and to limit cardholders’ liability if they become victims of credit card fraud.
- Chip-and-PIN technology: Back in 2014, Australia moved to chip-and-PIN only transactions, meaning cardholders had to start using their PIN to confirm purchases rather than their signature. All cards now feature a security chip that encrypts the cardholder’s data, helping to protect against technology that tries to copy card data, such as skimming devices. Used in conjunction with the card’s PIN, this can make transactions more secure.
- Credit card security codes: Generally referred to as a CVV, CVC or CSC number, these three or four-digit security codes are printed on the signature strip of each card, and are used to verify payments made online or over the phone.
- Verified by Visa and Mastercard SecureCode: As services that must be activated by the accountholder, Verified by Visa and Mastercard SecureCode can add an extra level of security to online transactions, requiring the cardholder to enter a code or certain security details when making a purchase online with participating retailers.
- One-time text message codes: Adding another layer of security, some credit card providers send cardholders a text message security code to verify online transactions, such as payments or internet banking transfers.
- Fraud monitoring: Most credit cards now offer fraud monitoring services, which work to detect suspicious transactions, to then freeze the card or notify the cardholder.
- Emergency overseas card replacement: Cardholders who lose their card or have it stolen overseas may be able to benefit from an emergency card replacement, making it less of an issue to cancel the card while still enjoying access to their money. Fees may apply.
- Zero liability: For the most part, card providers in Australia offer a zero liability stance on credit card fraud. That means as long as cardholders follow the terms set out by the provider, they will not be held responsible for fraudulent charges. While these terms vary by provider, to be protected against liability for fraudulent transactions cardholders will usually have to sign their card, keep their PIN safe, contact their provider immediately regarding suspicious payments, and provide further details as needed throughout the investigation.
Credit card security: What can you do to protect yourself?
While providers offer a variety of features that may help to protect you against credit card fraud, there are more things you can do to help protect yourself. Let’s look at the top 10 ways you can protect yourself against credit card fraud.
1. Destroy personal documents
Never throw away any paperwork that contains personal information such as your full name, birthday, address, credit card details and tax file number. Instead of putting it in the rubbish bin or the recycling, be sure to destroy it either by shredding it or soaking it in water so it’s not longer readable. Shredders are pretty cheap these days, and can be purchased from office supply stores and supermarkets. Documents you may consider destroying could include:
- Correspondence from your bank, credit card provider or financial services provider.
- Letters or documents received from the government.
- Any paperwork that contains personal or identifying information.
2. Secure your mailbox
To keep your mail secure, you may want to buy a lock for your mailbox or invest in a mailbox with a locking system. Using a PO Box service could be an alternative solution. It can also be a good idea to put your mail on hold while you are on holiday, as this prevents anyone stealing your mail while you’re away.
If you move house, be sure to update all financial providers and other important bodies with your new address to make sure credit cards and any other personal information comes to you and not the occupiers of your previous address.
3. Check your financial statements
Checking your bank and credit card statements is never fun. But, it can help you to identify suspicious transactions and report them in a timely manner. By running through each transaction made on your debit and credit cards, you can make sure each one was made by you (or any additional cardholders). If you are unsure of a particular transaction, it may help to Google the merchant to identify it, or simply contact your provider to ask for more info.
4. Check your credit history
Your credit file holds plenty of info about you and how you deal with credit. By regularly checking your credit file, you not only make sure your credit is in good health, you can also make sure there are no applications for credit made in your name that you are not aware of. If a scammer has applied for credit in your name, running up a list of defaults, your credit file may be the first indication you get of the problem.
5. Be smart when using the ATM
When using the ATM, always use your hand to cover your PIN as you enter it. If there is a skimming device on the ATM working in conjunction with a camera, at least you can prevent your PIN being recorded along with your card details. Before withdrawing cash, take time to check the ATM for anything that shouldn’t be there, such as loose-fitting pieces.
6. Never let your card out of your sight
Skimming information from cards has become easier than ever thanks to contactless payment technology. If you hand your card over to make a transaction, keep it in sight at all times. You shouldn’t keep your card behind the bar to keep a tab running, and you shouldn’t hand over your card to a server to process at the till while you remain at the table in a restaurant or cafe. Where your card goes, you go.
7. Avoid giving out credit card details over the phone
If an organisation calls you, perhaps as a charity asking for a donation or as a company asking you to update your details, never give away personal info over the phone. A safer way to update details or donate would be to do so online via a secure site or payment method. You could also Google the organisation’s phone number and call them back to make sure they are who they say they are.
8. Take care when buying online
When shopping online, be aware of the site you are using. If you are unsure of the site, you may want to check for a security certificate, or https:// at the beginning of the website address instead of http://. You could also check for online reviews of the merchant to see if there have been any complaints made about them. Using a secure payment facility such as PayPal can help to minimise risk.
9. Stay protected on your devices
Aside from avoiding phishing emails, protecting yourself in the digital world means running systems checks and virus scans on your devices. As viruses and spyware can infiltrate your computer via general web browsing and downloading infected files, these checks can help root out any potential issues, allowing you to get rid of them.
10. Keep up-to-date with scams
As we become more savvy about scams, scammers work harder to fool us. Keeping up-to-date with the latest scams could help you to identify a new scam should it come your way, and also to warn others as well.
Above all else, being observant and being aware could help you avoid becoming a victim of credit card fraud. This means being on the lookout for anything unusual at the ATM, taking note of any suspicious devices when making a payment, and knowing what to be wary of when someone contacts you asking for information.
Preparing for the worst can also mean having a backup in place, such as an emergency savings account through a separate debit or credit card. If you have to freeze your accounts or cancel your cards after suspicious activity, if there is an ongoing investigation on your accounts following identity theft, it can help to have something put away to live on in the meantime.
Staying ahead of scammers may also mean adopting new technology and new ways of doing things. Banks and credit card providers often introduce new ways for cardholders to protect themselves, so it could be worthwhile checking out the options.
- Use fingerprint sign-in: If you have a phone with fingerprint sign-in or FaceID, you could set up these features to access your banking and credit card apps. Instead of relying on a passcode or PIN log-in, setting up a sign-in that uses fingerprint or facial recognition could be a safer option.
- Opt in for a security token: Your bank or credit card provider may offer a device or token that generates a unique code that must be inputted when accessing online banking. This second password adds an extra layer of security to your account, and can often allow you to perform additional functions, such as setting higher daily payment limits.
- Lock your card: Many banks and card providers allow you to put a temporary ‘lock’ on your card, either over the phone or via online banking or an app. This security measure gives you peace of mind that your card will not be used if you happen to misplace it.
- Utilise a dynamic CCV: With a mini-screen on the back of the card, the Skye Mastercard has a dynamic CCV that makes card-not-present fraud that much harder. As it refreshes the CCV every hour, making a transaction where the CCV is required means having the card physically in your hand. Even if that data ends up in the wrong hands, it quickly becomes unusable. This is the only card that we know of that uses this technology.
What to do if you suspect credit card fraud
What happens if all that fails? Even if your card has the latest anti-fraud features and you have done everything possible to keep yourself safe, you may still become a victim of credit card fraud. So, what should you do? According to MoneySmart, the key is to act fast if you think you’ve been scammed. This can help to limit the fallout, and prevent further damage being done.
It could be time to take action if:
- Your credit card is lost or has been stolen,
- You have given away your credit card details to someone over the phone or online, and you now think that was a mistake,
- You have noticed transactions on your bank or credit card statement that you didn’t make.
What happens next?
- Call your bank or credit card provider to report the issue. They will have a process in place where they freeze your accounts and investigate the case.
- Call the business the scam is pretending to represent to advise them of what happened.
- If you were a victim of a phishing attack, block all contact but keep the email trail as evidence.
- Scan your devices for viruses.
- Change all your passwords and PINs.
- File a police report if the scammer accessed your money.
- Get a copy of your credit report to see how much damage has been done.
- Warn your family and friends about the scam.
- Report the scam to the relevant agency to help stop the scammer.
- For financial and investment scams (including those involving superannuation, managed funds, financial advice, financial products and insurance), contact the Australian Securities and Investments Commission (ASIC).
- For banking and credit card scams, contact your bank or financial institution and your local police.
- For tax scams or identity theft involving tax file numbers, contact the Australian Taxation Office (ATO).
- For scams from overseas or interstate including false billing or chain letter scams, contact the Australian Competition and Consumer Commission (ACCC).
- For scams from within your own state or territory, contact your state’s fair trading or consumer affairs office.
- For spam emails, contact the Australian Communications and Media Authority (note, spam emails that request your personal or banking information should also be reported to your bank).
- For fraud, theft and other crimes, contact your local police station or the Australian Federal Police.
- For cybercrime, contact the Australian Cybercrime Online Reporting Network (ACORN.gov.au).
- If you’re unsure what type of scam it is, contact the Australian Competition and Consumer Commission (SCAMwatch).
Even after you have reported the issue, you should continue to monitor your financial statements and your credit file. Fraudulent charges can continue for months, especially if log-in details were also compromised. Also be wary of any follow-up scams, as you may become a target for the same fraudsters, or others who have gotten hold of your details.
You may also want to consider seeking support. Being scammed can be devastating, affecting all areas of your life and putting you under untold pressure. Counselling services and financial support providers are on hand, who can help you through this difficult time. Lifeline and beyondblue can offer counselling services, while the Department of Human Services’ Financial Information Service (FIS) can provide free, independent financial information over the phone or in person.