The festive season usually boils down to be the peak season for card fraud.
Fraud #1 Non-Received Card (NRC)
The most common card fraud that I have encountered from 2013-September 2017 was Non-Received Card when I was a card fraud investigator. NRCs are basically replacement cards or new cards that are sent to consumers but are being intercepted in the mail or once it is delivered. Usual reasons for NRCs occurrence is due to unlocked mailboxes, theft by courier personnel and addresses that are not updated.
Fraud #2 Stolen/Lost
Stolen cards are different from NRC as it means that you had the card in your possession and someone else took your card without permission. Lost can be either due to negligence as in leaving your card lying around, or you did not realize it was stolen or dropped.
Note: Even though consumers have zero liability laws protecting you, do remember if you lose your card due to negligence, you can still be liable.
Fraud #3 Counterfeit
Counterfeit cards are cards that are being cloned/duplicated from actual cards. Counterfeited cards will, later on, be used to make purchases and will be charged to the actual card owner’s account. This card fraud type is currently only achievable on magnetic stripe cards (non-chip) cards.
Currently, chip-based cards cannot be duplicated thus, the trend is slowing down. Banks have stepped up their fraud prevention systems to include the last used location range for the next transaction. For example, if you are based in the USA but your card is being used in Thailand, the transaction is most likely to be blocked by the bank. You will either receive a text message or an email in regards to the fraud transaction.
Fraud #4 Identity Take Over (IDTO)
IDTO is one of the more difficult and dangerous kinds of card fraud. In 2016, IDTO was ranked as the highest fraud risk in the world and is believed to rise. Data breach is a serious and persistent issue these days even with major service providers.
It is common for all of us to key in our real information for social media registration purposes. However, every time you key in your actual information, you are increasing your risk to have your ID taken over.
Fraud #5 Account Takeover (ATO)
ATO and IDTO are 2 different card fraud types. ATO is when your card account is being “hijacked” either through phishing, hacking, spyware and malware scams. It can also be due to pure consumer negligence. In other words, the fraudster has full access to your online banking system and even email. ATO is basically the more painful evolution of IDTO.
Fraud #6 Fraud Application
This is probably the toughest fraud to defend yourself against. It is another evolution of IDTO. Your information is being stolen and used to apply for new cards. The most vital information will be your ID card number. If you do not have an ID number like in the US, Singapore or Malaysia, your driver’s license will be the replacement.
Other vital information will be your payslip, tax ID and any bills. Fraud application is on the steady rise trend. It has doubled since 2015-2016 and by the time I left my job in September, it has tripled.
Fraud #6 Card Not Present (CNP)
An excerpt from PYMNTS.com that was published in January 2017:
“In November, ACI Worldwide issued a report in which it found CNP fraud attempt rates are expected to increase by 12 percent by volume. ACI said fraud is moving more online partly because of the adoption of EMV chip cards in the U.S. The study also found fraudsters are targeting cosmetics, cordless headphones, sneakers and other lower-priced items that can be resold on the black market or through auction websites.”
My experience as a fraud expert resonates with the above statement. Usually, fraudsters will do a test charge of 1USD-10 USD to see if the transactions will be successful. They will then push their luck further by trying transactions that are about 100USD-500USD. Frankly speaking/writing, small amounts and recurring transactions are harder to track for banking systems still.
Other examples of CNP that is happening rapidly in the last year will be online transportation services, online merchandise, and food delivery.
Fraud #7 Multiple Imprints/Skimming
Multiple imprints of your card is an old way of skimming using a tacky credit card terminal. Thus, this type of fraud has reduced significantly.
“Skimming has historically been the number one fraud issue for the ATM channel, so it’s always been, on top of mind for our folks. The financial institutions generally do quite a bit in the way of countermeasures for skimming,” said David Tente, executive director in the U.S. for ATMIA, the ATM industry trade group.
Here is a detailed infographic published by New Jersey Cyber Crime division on ATM skimming:
How To Prevent Yourself:
1. Secure your mails and personal information.
The first step to safety will be to lock your mailbox. If your neighbourhood is known for missing mails, it is best to set up a secondary mailing address. You can use a PO BOX address or a company address to lower your risk. Company addresses usually have a dedicated postman or delivery person in charge.
Next, update your mailing addresses and ensure that there is someone trustworthy to receive your card. If you are still feeling unsafe, request for the card to be sent by courier. I understand that not all financial institutions would send your card by courier but it is still worth giving a shot in requesting. The representative might be able to provide you with some other options as well.
Avoid providing any personal information such as full name, date of birth, birthplace and even partial address. Secure your social security number, ID number, medical ID, passport and driver’s license. Even your child’s birth cert can be stolen and misused. Always take a step back and think further if it was truly necessary for them to ask any personal information.
Financial institutions will not request for your personal information through emails prior to contacting you on your known number. It is always safest to give the bank a callback and request to speak to whichever department that required your information. Call the number behind of your card or the bank’s known number that you can Google search.
If you are in a public area, avoid using Free Wifi especially in unusual spots. Scammers may provide a free hotspot network for you to use while they hack through your accounts. It is always best to use only secure connections and your personal devices. Always log out of your banking or financial accounts even if it is on your own device.
Put a password lock on your mobile and other devices to avoid hacking. Scan through all your emails and think carefully before you open/click on any email links.
Be extra mindful. My personal habit is to double check my possessions and look around the area that I have sat before I leave. Also, look around before you key in your PIN to the ATM or EFTPOS machine. Use your bag to cover and hands to cover the keypad while you key your PIN in. Better safe than sorry.
And, my precaution doesn’t only start when I am on the road. It starts with the planning itself without taking for granted of the area no matter how many times I have been around. My guts and intuition usually help me most when it comes to avoidance of losing any of my possessions.
Do not let anyone have your card information especially the 3 digit CVC/CVS or 4 digits (for American Express). Many consumers are victims preyed by people close to them. Make sure your card is constantly in your possession or somewhere you can see. If you are paying a bill in the restaurant and is paying your bill with your card, go over to the counter to make the payment.
If you save your card information on any of your devices for easy access, make sure your device is only accessible to you. Do not save your CVC number anywhere else other than in your mind. The best option is to never save your financial information and make sure your card is in your possession. Always double or even triple check your possessions.
2. Change your card to a CHIP card.
Most banks in the world have changed their cards to chip cards. If you are still holding a card with magnetic strip, please contact your bank to have it changed as soon as possible.
Note: There are 2 types of chip cards: Chip-PIN and Chip-Sign. Chip-PIN is common in most European card issuers and, Chip-Sign is more common in Asia. Chip-PIN is definitely the safer version as it makes it harder for fraudsters to use your card. Chip-Sign simply avoids duplication but anyone can still sign the receipt on your behalf. Where else Chip-PIN requires a 4-6 digit code that you will set up for your own use. Never share out your PIN, never write it down or you can be liable for the fraud transactions!
3. Be wary of your surroundings and devices you use
Avoid withdrawing money from secluded ATM or in tourist destinations. Look for ATMs that are located in the bank branch itself. Double check the machine for alteration before you put in your card based on the above image. Wiggle the card slot and see if it moves. If it does, contact the bank of the ATM and move on to use a different machine even if it is the machine that you commonly use.
Another way to deal with high-end card skimmers is to turn on your Bluetooth when you’re next to an ATM or a gas pump station. If you see any weird networks that are popping up and feels uneasy, do not use your card there. As mentioned before, cover your pin number when entering it. Scammers will not be able to access your bank account unless they have your pin and it is still traditionally aimed with cameras at the keypad.
4. Check your bank/card statements regularly
Sounds like a hassle to you? Trust me, being scammed of your whole bank account would be a bigger issue. This is one of the easiest ways to detect fraud on your own.
What to do if you are a victim of fraud?
The first step, contact your bank and report the fraud. Remember that if you report the fraudulent activities within the first 5 days of it, your bank will be fully liable once you are a confirmed fraud victim.
You may wait longer than 10 days for provisional or full credit if you make a claim on an account that you’ve had for less than 30 days. In such instances, banks have 20 days to complete an investigation. If it takes more than 20 days, banks will need to send you a 42-days extension notification. Banks are also allowed 60 days as long as provisional credit is given at day 20. You will not be expected to pay for the reported fraud transaction while they’re investigating it.
Once you have made the report, you will be requested to file a police report and financial reporting bureau to assist with the fraud investigations. Depending on the fraud type and impact, you may also be required to fill in a statutory declaration form.
In the meantime, your card will be blocked and a new card will be sent to you. If you are a victim of IDTO or ATO, a new account will be set up and the old account will be closed.