Everything around us changes and evolves, adapts and transforms. Even fraud. Once upon a time, cheque fraud was the one to worry about. People wrung their hands, wondering what they could do to stop this menace to society. Naturally, new procedures were put in place to slow cheque fraud, and over time, technology advanced to introduce new forms of payment that left that old faithful, the chequebook, almost completely obsolete.
But of course, as those new forms of payment evolved, so did the fraudulent means of exploiting them. Today, while cheque fraud is pretty much non-existent, credit card fraud is booming. In fact, according to figures from the Australian Bureau of Statistics, credit card fraud more than doubled from $1 billion in 2010-11 to $2.1 billion in 2014-15 (1).
As we move ever-forward towards a cashless society, we use cards to pay for everything from our morning coffee to our next overseas adventure. We tap-and-go with our smartphones and smartwatches, we use payment wearables supplied by our card providers, and we shop online seemingly endlessly, for biscuits and barbeques, moisturiser and mountain bikes.
While paying this way may be convenient, it’s not without risk. Analysis of fraud statistics from the Australian Payments Network found ‘card-not-present’ fraud rose 76% in the 12 months to June 30, 2018, increasing from 10.2 million transactions in 2017 to 18 million in 2018. The value of this type of crime rose 7.8% to $478 million, and now accounts for 85% of all credit card fraud (2).
So, what can we do about it? Apart from wringing our hands, of course. While some changes need to be made by the higher-ups – think of the Sony debacle, there wasn’t much we could do about that from down here – we need to take steps to protect ourselves if we are going to continue down this path to cashlessness.
In this article, we’re going to look at the various types of credit card fraud, and what criminals are currently doing in the attempt to part you with your hard-earned cash. Then, we’re going to get into the various anti-fraud security features your credit card offers, and the ways you can protect yourself. Too late for that? We’ll also go over what you need to do if you have been a victim of credit card fraud.
Common types of credit card fraud
Knowledge, as they say, is power. The more you know about credit card fraud, the more you can do to protect yourself. So, with that in mind, let’s have a look at the most common types of credit card fraud and how they work.
Getting that info
Information is key to credit card fraud. Without your personal and credit card info, fraudsters have nothing. So, how do they go about getting the info they need to carry out credit card fraud?
Credit card skimming
Credit card skimming involves fitting small electronic devices to ATMs to steal users’ credit card details. By attaching false panels that contain cameras and skimming devices to an ATM or other payment device, fraudsters can record card and PIN info, which can then be used in card-not-present fraud, or to clone counterfeit cards.
It seems anti-fraud measures – think chip-and-PIN – are working here in Australia, where statistics show instances of card skimming and replication fell 45% in the year to June 2018 (3). Over in the United States, the numbers don’t look so pretty. Swipe and signature is still the predominant method used during over-the-counter transactions there, and chip-and-PIN is yet to take hold.
According to security vendor, Gemini Advisory, it used telemetry data collected from illegal web-based market places and found that at least 60 million US cards were compromised in the past year (4). The company estimates that three-quarters of compromised cards were likely compromised through skimming card data, and point of sale breaches at merchants.
The unfortunate fact is that the majority of those incidents could have been prevented. Data shows that nine out of ten records – 41.6 million – stolen during card-present transactions were from cards with the EMV security chip. Meanwhile, despite large-scale hacks and breaches of e-commerce databases, the research shows far fewer compromised card-not-present records up for sale on the internet, at just 14.2 million in the past year.
Phishing is used as a way to access account information. Scammers may contact victims by email, text message, social media or phone, pretending to be someone they’re not in order to ‘phish’ for information. While we all now know to stay away from Nigerian princes and their phishing scams, scammers are continuously becoming more intelligent in their attacks.
Often pretending to be a bank or financial institution, the phone company or an internet provider, a government agency or education provider, these scammers will try to convince their victims that they need to update their personal info with them. This involves sharing their personal details, bank account numbers, credit card info and even passwords.
But, getting you to share your info isn’t all they can do. They could send a link to click on, perhaps saying there has been a security breach, and their security software needs to be downloaded. However, clicking on this link actually installs a Trojan virus, which infects the device and either gives someone else control of it, or allows them to track keystrokes to get all the info they need.
It’s a good idea to be wary of any unsolicited contact you receive, even if it does look or sound like it’s from a company you know and trust. It may be a phishing scam if it’s an email or text message that:
Other examples of phishing scams include those that contact victims pretending to be a certain provider, saying there are suspicious charges on their account, or that they are behind on their payments. Alternatively, they may offer great credit card deals, or pretend to be from the ATO.
Fraud can even occur on holiday, when scammers call holidaymakers on their hotel phone saying there is a problem with the hotel’s computer system, and guests are required to provide their credit card details again.
Hacking personal and business devices can provide criminals with a wealth of information that can be used on both large and small scale enterprises. While there have been several headline-grabbing data breaches over the past few years, hacking can also occur on a much smaller scale. We already mentioned viruses and spyware that can be used to provide access to outside users, but there are other methods as well.
While using a Wi-Fi hotspot may seem harmless enough, by using the wrong Wi-Fi hotspot, users may be putting their personal and financial info at risk. Scammers create free Wi-Fi hotspots that can be accessed without a password, but if you connect to one and access your credit card online, they may be able to steal your login details, and even your card info if you make a purchase.
While perhaps not as sophisticated as other methods, mail theft can provide fraudsters with all the info they need. Stealing mail could provide them with personal info, bank account details, financial info and even physical credit cards. They may look for further information in documents thrown away in the rubbish or recycling bin.
Again, not exactly sophisticated or technologically advanced, but pick-pocketing still happens. Here, thieves steal wallets out of purses or pockets, often in crowded areas such as train stations and busy shops. At least with this method, victims usually realise what’s happened quickly and can either freeze their cards or cancel them.
Unfortunately though, you are not the only source of your personal information. As we share our details with various providers and other companies, as we make purchases and payments, our information is stored and recorded. Criminals can buy this information from other criminals and unscrupulous merchants, they can steal physical records, or hack systems to get everything they need.
Credit card security: What does your card offer?
As credit card fraud advances, credit card security steps forward to protect cardholders. There are a number of anti-fraud security features included on credit cards as standard these days, which work both to prevent fraud from occurring, and to limit cardholders’ liability if they become victims of credit card fraud.
Credit card security: What can you do to protect yourself?
While providers offer a variety of features that may help to protect you against credit card fraud, there are more things you can do to help protect yourself. Let’s look at the top 10 ways you can protect yourself against credit card fraud.
1. Destroy personal documents
Never throw away any paperwork that contains personal information such as your full name, birthday, address, credit card details and tax file number. Instead of putting it in the rubbish bin or the recycling, be sure to destroy it either by shredding it or soaking it in water so it’s not longer readable. Shredders are pretty cheap these days, and can be purchased from office supply stores and supermarkets. Documents you may consider destroying could include:
2. Secure your mailbox
To keep your mail secure, you may want to buy a lock for your mailbox or invest in a mailbox with a locking system. Using a PO Box service could be an alternative solution. It can also be a good idea to put your mail on hold while you are on holiday, as this prevents anyone stealing your mail while you’re away.
If you move house, be sure to update all financial providers and other important bodies with your new address to make sure credit cards and any other personal information comes to you and not the occupiers of your previous address.
3. Check your financial statements
Checking your bank and credit card statements is never fun. But, it can help you to identify suspicious transactions and report them in a timely manner. By running through each transaction made on your debit and credit cards, you can make sure each one was made by you (or any additional cardholders). If you are unsure of a particular transaction, it may help to Google the merchant to identify it, or simply contact your provider to ask for more info.
4. Check your credit history
Your credit file holds plenty of info about you and how you deal with credit. By regularly checking your credit file, you not only make sure your credit is in good health, you can also make sure there are no applications for credit made in your name that you are not aware of. If a scammer has applied for credit in your name, running up a list of defaults, your credit file may be the first indication you get of the problem.
5. Be smart when using the ATM
When using the ATM, always use your hand to cover your PIN as you enter it. If there is a skimming device on the ATM working in conjunction with a camera, at least you can prevent your PIN being recorded along with your card details. Before withdrawing cash, take time to check the ATM for anything that shouldn’t be there, such as loose-fitting pieces.
6. Never let your card out of your sight
Skimming information from cards has become easier than ever thanks to contactless payment technology. If you hand your card over to make a transaction, keep it in sight at all times. You shouldn’t keep your card behind the bar to keep a tab running, and you shouldn’t hand over your card to a server to process at the till while you remain at the table in a restaurant or cafe. Where your card goes, you go.
7. Avoid giving out credit card details over the phone
If an organisation calls you, perhaps as a charity asking for a donation or as a company asking you to update your details, never give away personal info over the phone. A safer way to update details or donate would be to do so online via a secure site or payment method. You could also Google the organisation’s phone number and call them back to make sure they are who they say they are.
8. Take care when buying online
When shopping online, be aware of the site you are using. If you are unsure of the site, you may want to check for a security certificate, or https:// at the beginning of the website address instead of http://. You could also check for online reviews of the merchant to see if there have been any complaints made about them. Using a secure payment facility such as PayPal can help to minimise risk.
9. Stay protected on your devices
Aside from avoiding phishing emails, protecting yourself in the digital world means running systems checks and virus scans on your devices. As viruses and spyware can infiltrate your computer via general web browsing and downloading infected files, these checks can help root out any potential issues, allowing you to get rid of them.
10. Keep up-to-date with scams
As we become more savvy about scams, scammers work harder to fool us. Keeping up-to-date with the latest scams could help you to identify a new scam should it come your way, and also to warn others as well.
Above all else, being observant and being aware could help you avoid becoming a victim of credit card fraud. This means being on the lookout for anything unusual at the ATM, taking note of any suspicious devices when making a payment, and knowing what to be wary of when someone contacts you asking for information.
Preparing for the worst can also mean having a backup in place, such as an emergency savings account through a separate debit or credit card. If you have to freeze your accounts or cancel your cards after suspicious activity, if there is an ongoing investigation on your accounts following identity theft, it can help to have something put away to live on in the meantime.
Staying ahead of scammers may also mean adopting new technology and new ways of doing things. Banks and credit card providers often introduce new ways for cardholders to protect themselves, so it could be worthwhile checking out the options.
What to do if you suspect credit card fraud
What happens if all that fails? Even if your card has the latest anti-fraud features and you have done everything possible to keep yourself safe, you may still become a victim of credit card fraud. So, what should you do? According to MoneySmart, the key is to act fast if you think you’ve been scammed. This can help to limit the fallout, and prevent further damage being done.
It could be time to take action if:
What happens next?
Even after you have reported the issue, you should continue to monitor your financial statements and your credit file. Fraudulent charges can continue for months, especially if log-in details were also compromised. Also be wary of any follow-up scams, as you may become a target for the same fraudsters, or others who have gotten hold of your details.
You may also want to consider seeking support. Being scammed can be devastating, affecting all areas of your life and putting you under untold pressure. Counselling services and financial support providers are on hand, who can help you through this difficult time. Lifeline and beyondblue can offer counselling services, while the Department of Human Services’ Financial Information Service (FIS) can provide free, independent financial information over the phone or in person.