Blog & Save
The best bargain brains on the web come together to share money saving tips to finely tune your
personal finance in a coupon blog
you can't miss. Join us on our quest of living well – while spending less!
Credit Card Fraud: Scanning, Skimming and Phishing
By Guest_BloggerGuest Blogger(view all posts by Guest_Blogger)
at 10:55AM Friday January 28, 2011
under
Personal Finance
This is the first of three posts in which we will explore all the issues around credit card fraud, including how fraudsters steal credit card details, how they use this information, how you are protected and the action you can take to protect yourself. Part one details the techniques that fraudsters employ to maliciously access data and steal money, techniques that we should all be aware of in order to help protect ourselves from such criminality.
Fraud has existed for as long as people have interacted financially, and has developed in parallel to the technologies used to carry out these transactions. As banks, businesses and services create new ways to protect themselves and their customers from fraud, so too criminals have invented new ways to steal information and money. In today's world, with most financial transactions taking place electronically, the focus of this type of crime has fallen on identity theft, credit card fraud and Internet scams.
Handheld Skimmers
Skimming a credit card's details is principally the technique of swiping the card through a card reader to copy the details contained in its magnetic strip, information which is ultimately be used to generate cloned cards to be used fraudulently.
Handheld skimmers, as the name suggests, are small devices for skimming that can fit into a criminal's hand and pocket, such as the example we see above. This type of deception takes place when a transaction allows the fraudster to swipe the card out of view of the owner, so potential perpetrators may include waiters and waitresses, bar staff and gas pump attendants.
Cashiers may use sleight-of-hand techniques to swipe a card during a payment. It is also possible for a skilled thief to discreetly steal a credit card from a wallet, swipe the data and return the card to its unsuspecting owner, who only becomes aware of the crime when money is drained from their bank account using a duplicate cloned card.
A handheld skimmer can store the details of hundreds of cards, so the scope for abuse is huge, even through the actions of a single criminal. According to convicted credit card fraudster Dan DeFelippi, who was found guilty of fraud and ID theft in 2004, once a thief has collected card details "they sell the data online. I'd pay $10 to $50 for the information from one card. Then I'd use an encoder to put that data on a fake card, go into a store and purchase stuff."
ATM Skimmers
Credit card details are also illegally copied by means of skimmers deviously attached to ATMs. The skimmer is fitted over the card slot, disguised to appear like a genuine piece of the ATM, and may be used in combination with a pinhole camera to record victims entering their PIN, or a false keypad placed over the real digits to record and wirelessly transmit the numbers to the criminal. The technology used in this type of crime has become incredibly sophisticated and difficult to detect by the untrained eye.
A recent example of this type of fraud is the case of a gang of five Bulgarian men arrested and incarcerated in Montgomery County, Pennsylvania, accused of scanning ATMs around the district. According to Montgomery County DA Risa Ferman the men used high tech scanning devices to copy victims' card details and proceeded to steal nearly $135,000 from as many as 143 ATM customers. Ferman says the authorities do not always catch this type of fraudster: "It is not until sometime after the fact that victims even learn that they've been compromised. And by that time, the likelihood is that these fellows just completely disappear."
Fake Websites
The webpage we see above looks totally convincing as an online shopping store offering superb prices on Canon photography equipment, complete with an address and postcode in an expensive part of London, UK telephone numbers; and different emails addresses for each of the store's departments, which provide prompt and professional responses to customer inquiries. Fortunately photographer and blogger Kris Koster spotted small discrepancies in the payment options and the website's privacy policy while he was shopping online for a camera. Koster had detected that this online store was an example of a fake website set up by criminals to steal victims' details for credit card fraud and identity theft.
This is just one example of fake websites, which are becoming ever-more sophisticated in luring unsuspecting customers to hand over their essential personal information. Convicted fraudster DeFelippi states that "it is really easy to create a fake online store or to create a store that sells stuff, but its real purpose is to collect credit card information. If a deal is way too good to be true, it's probably a scam and they just want your information."
Phishing Scams
Anyone in possession of an email account will have encountered examples of phishing, messages sent by criminals in the hope of the recipient handing over sensitive information, mistakenly thinking the request for data has come from a genuine source. The name for the practice originates from the mid-1990s when hackers sent false messages to AOL customers, fraudulently posing as staff members to gain access to customer accounts.
Over the years scammers have sent emails under the guise of all types of businesses, often using big banks such as Citibank, Bank of America, or Internet services such as PayPal and eBay as cover. Although it is relativity unusual for a victim to pass their personal details to criminals as a result of phishing, the vast numbers of such emails sent everyday mean that even if a only a small percentage of victims fall for the trick it remains a rewarding enterprise for fraudsters.
Perhaps the most famous and widespread example of phishing is the "Nigerian email scam," which comes in a variety of forms, but usually involves a message of African origin offering a million US dollars in exchange for helping an individual transfer the inheritance form a dead relative. Despite the often-laughable quality of the messages and the impossibility of receiving a single cent, people do continue to give in to their naivety and greed, fall for the scam and lose their savings.
Unauthorized Leaks From Companies and Hackers
Other means for criminals to gain access to victims' sensitive data is through accidental and unauthorized leaks and security breaches by hackers. Customers entrust a huge amount of personal information to an increasing of companies and services. As many people currently perform most of their financial transactions online there are many points at which leaks may occur. A recent high profile case of this was in Australia where Vodafone managed to allow thousands of customers' details including names, credit card details, home addresses and driver's license numbers to become freely available to view on the Internet.
While Vodafone seeks to reassure customers that there data is safe, the Australian Privacy Commissioner is set to investigate whether the leak constitutes a breach of the country's Privacy Act. Such cases should cause us to reflect on the amount of information we trust to supposedly "respectable" companies and the level of care taken in handling our personal data.
Foolish Customer Behavior
Finally, it's worth considering a couple of cases where credit card fraudsters have gained access to bank accounts by the actions of their victims, actions that could be thought of as foolhardy to say the least.
In 2007, Todd Davis, the CEO of identity theft protection company LifeLock, decided to demonstrate the security of the company's systems by displaying his social security number on Internet and billboard advertising. Apparently the systems were not as reliable as Davis would have liked, and criminals took the ads as an invite to access his bank accounts. The Phoenix New Times reported that between 2007 and May 2010 Davis had his identify stolen and bank account compromised no less than 13 times, a clear lesson in the importance of protecting your personal data.
The second example involves British broadcaster and writer Jeremy Clarkson, who presents a motoring show for BBC Television. In 2007, Clarkson's credit card was cloned after he stopped to fill up at a gas station in California during a trip to the US. Fraudsters emptied around $56,000 from his bank account. The following year, in an act of bravado to prove that money is safe with banks he published his account details in a newspaper article, along with information on how to find his address and what car he drives. Clarkson was forced to concede he was wrong about the level of safety when someone used the data to fraudulently access his bank account. Fortunately for him, the prankster was far more kind-hearted that your usual credit card criminal, only using the information to arrange a direct debit to make monthly payments of £500 from Clarkson's account to a UK charity.
The criminal techniques explored above demonstrate that fraudsters will exploit any possibility to gain access to card user's details by ever-more cunning means, and the increasing importance for us all to protect our essential personal data. In part two of this series we explore how fraudsters use stolen information, and the ways in which your data is protected.
Fraud has existed for as long as people have interacted financially, and has developed in parallel to the technologies used to carry out these transactions. As banks, businesses and services create new ways to protect themselves and their customers from fraud, so too criminals have invented new ways to steal information and money. In today's world, with most financial transactions taking place electronically, the focus of this type of crime has fallen on identity theft, credit card fraud and Internet scams.
Handheld Skimmers
Handheld skimmers, as the name suggests, are small devices for skimming that can fit into a criminal's hand and pocket, such as the example we see above. This type of deception takes place when a transaction allows the fraudster to swipe the card out of view of the owner, so potential perpetrators may include waiters and waitresses, bar staff and gas pump attendants.
Cashiers may use sleight-of-hand techniques to swipe a card during a payment. It is also possible for a skilled thief to discreetly steal a credit card from a wallet, swipe the data and return the card to its unsuspecting owner, who only becomes aware of the crime when money is drained from their bank account using a duplicate cloned card.
A handheld skimmer can store the details of hundreds of cards, so the scope for abuse is huge, even through the actions of a single criminal. According to convicted credit card fraudster Dan DeFelippi, who was found guilty of fraud and ID theft in 2004, once a thief has collected card details "they sell the data online. I'd pay $10 to $50 for the information from one card. Then I'd use an encoder to put that data on a fake card, go into a store and purchase stuff."
ATM Skimmers
A recent example of this type of fraud is the case of a gang of five Bulgarian men arrested and incarcerated in Montgomery County, Pennsylvania, accused of scanning ATMs around the district. According to Montgomery County DA Risa Ferman the men used high tech scanning devices to copy victims' card details and proceeded to steal nearly $135,000 from as many as 143 ATM customers. Ferman says the authorities do not always catch this type of fraudster: "It is not until sometime after the fact that victims even learn that they've been compromised. And by that time, the likelihood is that these fellows just completely disappear."
Fake Websites
The webpage we see above looks totally convincing as an online shopping store offering superb prices on Canon photography equipment, complete with an address and postcode in an expensive part of London, UK telephone numbers; and different emails addresses for each of the store's departments, which provide prompt and professional responses to customer inquiries. Fortunately photographer and blogger Kris Koster spotted small discrepancies in the payment options and the website's privacy policy while he was shopping online for a camera. Koster had detected that this online store was an example of a fake website set up by criminals to steal victims' details for credit card fraud and identity theft.
This is just one example of fake websites, which are becoming ever-more sophisticated in luring unsuspecting customers to hand over their essential personal information. Convicted fraudster DeFelippi states that "it is really easy to create a fake online store or to create a store that sells stuff, but its real purpose is to collect credit card information. If a deal is way too good to be true, it's probably a scam and they just want your information."
Phishing Scams
Anyone in possession of an email account will have encountered examples of phishing, messages sent by criminals in the hope of the recipient handing over sensitive information, mistakenly thinking the request for data has come from a genuine source. The name for the practice originates from the mid-1990s when hackers sent false messages to AOL customers, fraudulently posing as staff members to gain access to customer accounts.
Over the years scammers have sent emails under the guise of all types of businesses, often using big banks such as Citibank, Bank of America, or Internet services such as PayPal and eBay as cover. Although it is relativity unusual for a victim to pass their personal details to criminals as a result of phishing, the vast numbers of such emails sent everyday mean that even if a only a small percentage of victims fall for the trick it remains a rewarding enterprise for fraudsters.
Perhaps the most famous and widespread example of phishing is the "Nigerian email scam," which comes in a variety of forms, but usually involves a message of African origin offering a million US dollars in exchange for helping an individual transfer the inheritance form a dead relative. Despite the often-laughable quality of the messages and the impossibility of receiving a single cent, people do continue to give in to their naivety and greed, fall for the scam and lose their savings.
Unauthorized Leaks From Companies and Hackers
Other means for criminals to gain access to victims' sensitive data is through accidental and unauthorized leaks and security breaches by hackers. Customers entrust a huge amount of personal information to an increasing of companies and services. As many people currently perform most of their financial transactions online there are many points at which leaks may occur. A recent high profile case of this was in Australia where Vodafone managed to allow thousands of customers' details including names, credit card details, home addresses and driver's license numbers to become freely available to view on the Internet.
While Vodafone seeks to reassure customers that there data is safe, the Australian Privacy Commissioner is set to investigate whether the leak constitutes a breach of the country's Privacy Act. Such cases should cause us to reflect on the amount of information we trust to supposedly "respectable" companies and the level of care taken in handling our personal data.
Foolish Customer Behavior
Finally, it's worth considering a couple of cases where credit card fraudsters have gained access to bank accounts by the actions of their victims, actions that could be thought of as foolhardy to say the least.
In 2007, Todd Davis, the CEO of identity theft protection company LifeLock, decided to demonstrate the security of the company's systems by displaying his social security number on Internet and billboard advertising. Apparently the systems were not as reliable as Davis would have liked, and criminals took the ads as an invite to access his bank accounts. The Phoenix New Times reported that between 2007 and May 2010 Davis had his identify stolen and bank account compromised no less than 13 times, a clear lesson in the importance of protecting your personal data.
The second example involves British broadcaster and writer Jeremy Clarkson, who presents a motoring show for BBC Television. In 2007, Clarkson's credit card was cloned after he stopped to fill up at a gas station in California during a trip to the US. Fraudsters emptied around $56,000 from his bank account. The following year, in an act of bravado to prove that money is safe with banks he published his account details in a newspaper article, along with information on how to find his address and what car he drives. Clarkson was forced to concede he was wrong about the level of safety when someone used the data to fraudulently access his bank account. Fortunately for him, the prankster was far more kind-hearted that your usual credit card criminal, only using the information to arrange a direct debit to make monthly payments of £500 from Clarkson's account to a UK charity.
The criminal techniques explored above demonstrate that fraudsters will exploit any possibility to gain access to card user's details by ever-more cunning means, and the increasing importance for us all to protect our essential personal data. In part two of this series we explore how fraudsters use stolen information, and the ways in which your data is protected.
James works with www.CreditCardCompare.com.au where he contributes articles to their blog and learning centre. To get in touch, follow @thecreditletter on Twitter.
Latest Posts
- Freebie Corner: 6 free Nescafe Tasters Choice coffee samples
- #SummerSavings Twitter Party 5/23: $500 in Prizes!
- 5 inexpensive gluten free recipes
- How to create a military care package on a budget
- Zact: The best no-contract wireless plan yet?
- How to send expired coupons to the Military
- How to take your couponing to the next level by giving back
- This week in deals: 30% off all baby and toddler at Old Navy
- Archos introduces the ChefPad, a tablet just for cooks
- 5 budget friendly ways to honor a Veteran
When it comes to avoiding online scams, I would just like to add that the best way I know to guard against being ripped off by online sales or auctions, Penny, Craigslist and eBay included—and whether seller or buyer—is to use a bona fide online escrow company. This is especially true for pricier items like antiques, jewelry and autos. Yes, it does add some cost, but it takes the uncertainty out of the transaction, and that is usually a small price to pay for peace of mind.
For my money, the best bona fide online escrow (and there seems to be ten or twenty fraudulent escrow sites for every bona fide one) is Escrow.com (http://escrow.com). In fact, that is the only site that eBay recommends, and is the only online escrow company that is licensed to provide escrow services all across the United States.
PS. You can find more information about battling online scams and frauds at Online Escrow at Wordpress.com (http://onlineescrow.wordpress.com/)
Was this comment helpful? yes| no|
I really enjoy receiving these comments. It keeps me going!!
Was this comment helpful? yes| no|
There is a lot that goes into the pricing of commercial services agreement. Your rates generally depend on the type of business you have, your average monthly volume, average ticket and how to do business. It never seems to be a shortage of merchant services or credit card processing, representatives coming through your door promising to save you money.
Kreditkort
Was this comment helpful? yes| no|
I have been a victim of card fraud twice and was beginning to feel helpless against the card thieves. No matter how careful I seem to be, somehow my card information gets found. I do not want to carry cash but my cards seemed to expose my accounts to unauthorized charges.
I heard about this new card product called a Secure Identity Prepaid Card. It has a security feature that lets you turn your card on and off using your cell phone. You send a text message to activate it before you make a purchase. If your card is ever lost or stolen, the card could not be used. If someone tried to use the card, you would get a text alert telling you the details of where it was used but the charge would not go through. If you wanted to have the purchase go through, you could activate your card and have the merchant swipe it again. This sounds like a very cool concept and I like that I am in control of what transactions can be processed on my card.
I plan on using it instead of my bank debit card. I just enrolled for one and I am waiting to get it in the mail. I can't wait to try it out. At this point, what do I have to lose. I will re-post and let people know how it worked.
Was this comment helpful? yes| no|