Lord777
Professional
- Messages
- 2,576
- Reaction score
- 1,577
- Points
- 113
Five fraudulent schemes that you need to be able to recognize!
Against the background of the growing popularity of the use of bank cards, cases of fraud related to the theft of money from customer accounts have become more frequent. The methods of deceiving people and stealing money from their bank cards are varied - from banal peeping over the shoulder when a client uses an ATM and the subsequent theft of his card to hacker attacks on software. At the same time, cybercriminals constantly come up with new ways to steal money as the old ones stop working. This is why it is important to be vigilant and follow basic safety rules.
We have prepared a short overview of the most common methods of fraud with bank cards today. We hope that the knowledge of these techniques will allow the owners of bank cards to avoid troubles when using them.
1. Theft of card data during the calculation
How does it work?
In fraudulent schemes, not only outside criminals can participate, but also those who are usually trusted: representatives of the trade and services sector, bank employees. Under no circumstances should you lose your vigilance: theft of money from bank cards can occur even where you would not expect it.
Attackers often use the following scheme. A cashier, a waiter, a petrol station worker, a bank employee or any other employee to whom a citizen handed over a plastic card for payment can take a photo, rewrite its data, or simply remember them, so that later they can easily pay with a card on the Internet.
This can happen completely unnoticed. For example, a video recording device (it can be an ordinary CCTV camera) is turned on in advance, on the recording from which the card is visible from both sides. In this case, fraudsters can only rewind the record for the required time and rewrite the card data.
What to do?
Do not transfer the card to third parties when paying for the purchase or provision of services.
Monitor the behavior of the employee performing the operation (you need to be wary if he behaves suspiciously - for example, photographs your card on a mobile phone under the guise of dialing a number or SMS).
If there is such an opportunity, create a separate card for payments via the Internet, which will be stored in a place inaccessible to unauthorized persons, and block the possibility of making purchases via the Internet on the card used for purchases through POS terminals.
2. Double transaction
How does it work?
Another simple way of fraudulent transactions with bank cards is double operations (transactions). When making a payment in a retail and service network, the buyer hands over the card to the operator, he passes it through the reader, the buyer enters the PIN code (if required), and the employee reports that an error has occurred. Then the steps are repeated once more, and the transaction is successful, and after some time, the cardholder discovers that the money for the purchase has been debited twice.
At the same time, many cardholders do not notice this even in the presence of SMS informing, considering the second SMS about writing off funds as an error or a duplicate, since the amounts are the same.
It is easy to protest such transactions and get your money back, but it is difficult to prosecute the perpetrators, since everything can be attributed to a system failure or operator error.
Nevertheless, it should be borne in mind that a double transaction may indeed turn out to be not a fraud, but a malfunction of the payment terminal. Such situations often arise, and practically no one is immune from them.
What to do?
Connect the option of SMS notifications for your card transactions. If the first transaction is successful, the cardholder will immediately receive the corresponding SMS message and will be able to demonstrate it to the employee insisting on the repeated transaction as confirmation of the payment already made.
If you have received two messages about the withdrawal of the same amount, you should immediately call the bank and check whether there really was a double withdrawal of funds from the account.
3. Stealing money from cards equipped with contactless payment technologies
How does it work?
Contactless payment technologies have been developed by Visa (PayWave) and Mastercard (PayPass) payment systems to speed up and simplify non-cash payments for purchases. This is a convenient method that saves time for buyers and users of various services in places where people do not stay for a long time. Contactless payment terminals are most often equipped with vending machines, toll roads, turnstiles, gas stations, supermarkets and cafes. PayPass and PayWave are used on chip and magnetic stripe cards. When making payments with such a card, you do not need to enter a PIN code, as well as put a signature on the check if the purchase amount is small (how much this amount depends on the acquiring bank - the bank that serves payments through a specific POS terminal, but it should not exceed $ 15, this limitation was introduced by MasterCard / Visa payment systems). If the specified amount is exceeded, confirmation (signature or PIN code) will be required, in some cases the payment may be rejected - this decision depends on the issuing bank (the bank that issued the card). The terminal reads the information from the card at a distance and makes it clear with a sound or visual signal that the amount required for payment has been debited from it, which means that the purchase has been made (the service has been paid for).
This technology came and scammers quickly learned how to work with it. In crowded places (crowded public transport, markets, shops), the attacker leans a proximity reader or POS terminal against clothing pockets, bag walls and steals money from cards from unsuspecting victims. It is enough for an attacker to bring the reader closer to the card at a distance of 5–20 centimeters to write off. Fraudsters can also record the information received on clone cards for further theft of funds from real bank cards.
What to do?
Use special shielded wallets (the card is placed in a compartment shielded with protective material).
Make sure that the PIN-code request, and not the signature of the check, is required to confirm the write-off of an amount over $ 15. If you do not plan to pay by a contactless method for purchases in excess of $ 15, it is recommended (if the issuing bank has such an opportunity) to set an individual spending limit on the card and limit the size of possible transactions.
4. Making a duplicate SIM card
How does it work?
One of the most difficult and least obvious for a cardholder, and therefore the most dangerous way to steal money from an account, is to make a duplicate of a SIM card. At first glance, this is not about money, but in fact, in this way, scammers can gain full control over the victim's accounts, since bank card accounts are usually tied to a phone number and can be controlled remotely using it.
This method of fraud with bank cards is used simultaneously with others, after the attackers have already managed to get hold of the card data and they need to confirm the money transfer transaction to the desired account using the SMS code. Attackers can find out the phone number of the cardholder from social networks, from acquaintances, while performing their official duties, etc.
The diagram looks like this. The mobile phone receives calls from unknown numbers and SMS messages from unknown people with a request to call back. Most often the senders of messages are the Central Bank, the Security Service of the Bank, Visa, Mastercard, Mir - all these names are associated with the Central Bank or payment systems. If the client calls back on the specified phone number and provides his data, fraudsters can withdraw money from the card by making a fake analogue of it. Theoretically, in order to receive a duplicate card at the operator's office, you need to indicate the date of the first call or the balance on the account, as well as present your passport. In practice, office workers are not always scrupulous, and fraudsters can present a fake passport.
Issuance of a duplicate SIM card, as a rule, must be paid for, so the card holder's phone may receive a message about the account replenishment or withdrawal of funds, after which the number will soon be blocked.
Then the fraudsters transfer money from their victim's card to their cards or pay for goods on the Internet, confirming the operations using the code received in the SMS. For the victim, the situation is complicated by the fact that he often discovers the disappearance of money only a few days after the incident: after all, he can no longer receive an SMS message about the withdrawal of funds, and he may not immediately remember linking a mobile card number to a bank account.
What to do?
If you receive a sudden notification of a change in the account status after calls from unknown numbers or to unknown numbers, immediately block all your plastic cards linked to this phone number by calling the hotlines of the banks, the numbers of which are indicated on the cards themselves.
Contact your mobile operator to unlock your SIM card and at the same time block the duplicate received by fraudsters.
Apply to law enforcement.
5. Social Engineering
How does it work?
In recent years, scammers have begun to realize that it is not always worth spending time and money on hacking operating systems and bypassing security programs. Using psychological techniques to control a person's actions is often a much easier way to steal money from his card.
Fraudsters can act as buyers of puppies, cars, land plots, garages, etc. on free classified sites or in groups on social networks. They call sellers and convince them of their readiness to purchase the offered product. These “buyers” have one thing in common: they are somewhere far away, but in order to prevent the desired product from being purchased by someone else, they are ready to transfer part of the cost or even the full cost immediately to the seller's bank card.
The "Buyer" asks the seller to provide him with the card details (CVV2 / CVC2 code, expiration date, full name of the owner) in order to transfer money to it. After a gullible seller informs the fraudster of this information, money is debited from his card for paying for goods and services, transfers to other accounts, etc. Fraudsters do not always ask for all the data necessary for settlements: some of the information may already be known to them. In some cases, the attacker tries to find out the code from the SMS that comes to the mobile phone, which means that fraudulent actions are already being performed with the plastic card and only the transaction confirmation code is missing. Having received such data, criminals steal money.
What to do?
Do not disclose card data, personal data and codes sent via SMS to unauthorized persons.
Do not under any circumstances give anyone access to your card through online banking.
In any suspicious situations, call the credit institution that issued the card at the number indicated on the back of the card.
Against the background of the growing popularity of the use of bank cards, cases of fraud related to the theft of money from customer accounts have become more frequent. The methods of deceiving people and stealing money from their bank cards are varied - from banal peeping over the shoulder when a client uses an ATM and the subsequent theft of his card to hacker attacks on software. At the same time, cybercriminals constantly come up with new ways to steal money as the old ones stop working. This is why it is important to be vigilant and follow basic safety rules.
We have prepared a short overview of the most common methods of fraud with bank cards today. We hope that the knowledge of these techniques will allow the owners of bank cards to avoid troubles when using them.
1. Theft of card data during the calculation
How does it work?
In fraudulent schemes, not only outside criminals can participate, but also those who are usually trusted: representatives of the trade and services sector, bank employees. Under no circumstances should you lose your vigilance: theft of money from bank cards can occur even where you would not expect it.
Attackers often use the following scheme. A cashier, a waiter, a petrol station worker, a bank employee or any other employee to whom a citizen handed over a plastic card for payment can take a photo, rewrite its data, or simply remember them, so that later they can easily pay with a card on the Internet.
This can happen completely unnoticed. For example, a video recording device (it can be an ordinary CCTV camera) is turned on in advance, on the recording from which the card is visible from both sides. In this case, fraudsters can only rewind the record for the required time and rewrite the card data.
What to do?
Do not transfer the card to third parties when paying for the purchase or provision of services.
Monitor the behavior of the employee performing the operation (you need to be wary if he behaves suspiciously - for example, photographs your card on a mobile phone under the guise of dialing a number or SMS).
If there is such an opportunity, create a separate card for payments via the Internet, which will be stored in a place inaccessible to unauthorized persons, and block the possibility of making purchases via the Internet on the card used for purchases through POS terminals.
2. Double transaction
How does it work?
Another simple way of fraudulent transactions with bank cards is double operations (transactions). When making a payment in a retail and service network, the buyer hands over the card to the operator, he passes it through the reader, the buyer enters the PIN code (if required), and the employee reports that an error has occurred. Then the steps are repeated once more, and the transaction is successful, and after some time, the cardholder discovers that the money for the purchase has been debited twice.
At the same time, many cardholders do not notice this even in the presence of SMS informing, considering the second SMS about writing off funds as an error or a duplicate, since the amounts are the same.
It is easy to protest such transactions and get your money back, but it is difficult to prosecute the perpetrators, since everything can be attributed to a system failure or operator error.
Nevertheless, it should be borne in mind that a double transaction may indeed turn out to be not a fraud, but a malfunction of the payment terminal. Such situations often arise, and practically no one is immune from them.
What to do?
Connect the option of SMS notifications for your card transactions. If the first transaction is successful, the cardholder will immediately receive the corresponding SMS message and will be able to demonstrate it to the employee insisting on the repeated transaction as confirmation of the payment already made.
If you have received two messages about the withdrawal of the same amount, you should immediately call the bank and check whether there really was a double withdrawal of funds from the account.
3. Stealing money from cards equipped with contactless payment technologies
How does it work?
Contactless payment technologies have been developed by Visa (PayWave) and Mastercard (PayPass) payment systems to speed up and simplify non-cash payments for purchases. This is a convenient method that saves time for buyers and users of various services in places where people do not stay for a long time. Contactless payment terminals are most often equipped with vending machines, toll roads, turnstiles, gas stations, supermarkets and cafes. PayPass and PayWave are used on chip and magnetic stripe cards. When making payments with such a card, you do not need to enter a PIN code, as well as put a signature on the check if the purchase amount is small (how much this amount depends on the acquiring bank - the bank that serves payments through a specific POS terminal, but it should not exceed $ 15, this limitation was introduced by MasterCard / Visa payment systems). If the specified amount is exceeded, confirmation (signature or PIN code) will be required, in some cases the payment may be rejected - this decision depends on the issuing bank (the bank that issued the card). The terminal reads the information from the card at a distance and makes it clear with a sound or visual signal that the amount required for payment has been debited from it, which means that the purchase has been made (the service has been paid for).
This technology came and scammers quickly learned how to work with it. In crowded places (crowded public transport, markets, shops), the attacker leans a proximity reader or POS terminal against clothing pockets, bag walls and steals money from cards from unsuspecting victims. It is enough for an attacker to bring the reader closer to the card at a distance of 5–20 centimeters to write off. Fraudsters can also record the information received on clone cards for further theft of funds from real bank cards.
What to do?
Use special shielded wallets (the card is placed in a compartment shielded with protective material).
Make sure that the PIN-code request, and not the signature of the check, is required to confirm the write-off of an amount over $ 15. If you do not plan to pay by a contactless method for purchases in excess of $ 15, it is recommended (if the issuing bank has such an opportunity) to set an individual spending limit on the card and limit the size of possible transactions.
4. Making a duplicate SIM card
How does it work?
One of the most difficult and least obvious for a cardholder, and therefore the most dangerous way to steal money from an account, is to make a duplicate of a SIM card. At first glance, this is not about money, but in fact, in this way, scammers can gain full control over the victim's accounts, since bank card accounts are usually tied to a phone number and can be controlled remotely using it.
This method of fraud with bank cards is used simultaneously with others, after the attackers have already managed to get hold of the card data and they need to confirm the money transfer transaction to the desired account using the SMS code. Attackers can find out the phone number of the cardholder from social networks, from acquaintances, while performing their official duties, etc.
The diagram looks like this. The mobile phone receives calls from unknown numbers and SMS messages from unknown people with a request to call back. Most often the senders of messages are the Central Bank, the Security Service of the Bank, Visa, Mastercard, Mir - all these names are associated with the Central Bank or payment systems. If the client calls back on the specified phone number and provides his data, fraudsters can withdraw money from the card by making a fake analogue of it. Theoretically, in order to receive a duplicate card at the operator's office, you need to indicate the date of the first call or the balance on the account, as well as present your passport. In practice, office workers are not always scrupulous, and fraudsters can present a fake passport.
Issuance of a duplicate SIM card, as a rule, must be paid for, so the card holder's phone may receive a message about the account replenishment or withdrawal of funds, after which the number will soon be blocked.
Then the fraudsters transfer money from their victim's card to their cards or pay for goods on the Internet, confirming the operations using the code received in the SMS. For the victim, the situation is complicated by the fact that he often discovers the disappearance of money only a few days after the incident: after all, he can no longer receive an SMS message about the withdrawal of funds, and he may not immediately remember linking a mobile card number to a bank account.
What to do?
If you receive a sudden notification of a change in the account status after calls from unknown numbers or to unknown numbers, immediately block all your plastic cards linked to this phone number by calling the hotlines of the banks, the numbers of which are indicated on the cards themselves.
Contact your mobile operator to unlock your SIM card and at the same time block the duplicate received by fraudsters.
Apply to law enforcement.
5. Social Engineering
How does it work?
In recent years, scammers have begun to realize that it is not always worth spending time and money on hacking operating systems and bypassing security programs. Using psychological techniques to control a person's actions is often a much easier way to steal money from his card.
Fraudsters can act as buyers of puppies, cars, land plots, garages, etc. on free classified sites or in groups on social networks. They call sellers and convince them of their readiness to purchase the offered product. These “buyers” have one thing in common: they are somewhere far away, but in order to prevent the desired product from being purchased by someone else, they are ready to transfer part of the cost or even the full cost immediately to the seller's bank card.
The "Buyer" asks the seller to provide him with the card details (CVV2 / CVC2 code, expiration date, full name of the owner) in order to transfer money to it. After a gullible seller informs the fraudster of this information, money is debited from his card for paying for goods and services, transfers to other accounts, etc. Fraudsters do not always ask for all the data necessary for settlements: some of the information may already be known to them. In some cases, the attacker tries to find out the code from the SMS that comes to the mobile phone, which means that fraudulent actions are already being performed with the plastic card and only the transaction confirmation code is missing. Having received such data, criminals steal money.
What to do?
Do not disclose card data, personal data and codes sent via SMS to unauthorized persons.
Do not under any circumstances give anyone access to your card through online banking.
In any suspicious situations, call the credit institution that issued the card at the number indicated on the back of the card.
