THE festive season beckons, which is a time characterised by a surge in retail transactions. Unfortunately, cases of card fraud also increase during the period. To ensure you are not a victim of the card fraud, it is important to learn the basics.
Card skimming The most common type of card fraud occurs through card skimming. This entails criminals copying information encoded on the magnetic strip of a card and then transferring the information onto lost or stolen cards, counterfeit cards or ‘white plastics’ to create a replica of the card.
Skimming can take place in a number of ways:
- A skimming device may be used to obtain the details on the card’s magnetic strip. The skimming device is attached to the card reader on a machine, such as an ATM, a self-service terminal (SST) or point-of-sale (POS) device. The personal identification number (PIN) is obtained by a camera or a false numeric keypad overlay that is placed over the keypad to record the PIN and allow fraudsters to make withdrawals.
- Skimming could also occur when a client voluntarily hands their card over to make a payment. One of the most common methods used is when the cashier ‘cleans’ a card on his or her clothing, or moves the card below counter height where the POS device is situated. In a matter of moments the card is swiped through a magnetic-strip-card reader. The information on the magnetic strip can then be encoded and the legitimate card can be replicated in moments. To obtain the PIN one of the perpetrators may be observing the client as they enter their PIN on the POS device withd
- Two or more fraudsters may work together to obtain a card. They will tamper with the ATM so that it retains the card and doesn’t start a normal transaction session. While the client is trying to figure out why the machine is not responding, a fraudster will distract them or pretend to be a helpful passerby, usually offering assistance to resolve the problem. While they are distracted, the fraudster will remove the card, skim it using a hand-held device and reinsert it in the ATM. A normal ATM session will be completed and when the client retrieves their card from the ATM, they will not be aware that their card has been skimmed. One of or both the fraudsters will observe their PIN, usually by looking over their shoulder.
Card not present fraud A card not present transaction takes place when neither the card nor card owner are present when the transaction takes place. The service provider is thus not able to physically check the card or the identity of the cardholder so this allows a fraudster to commit the fraud anonymously. This often occurs when a client uses their card to make online or telephonic purchases where their card number, name, expiry date and CCV number are disclosed to a fraudster telephonically or on an internet site that is not secure or legitimate. Once the fraudster obtains the card details they are used to make any number of fraudulent transactions.
Counterfeit card fraud Counterfeit card fraud involves a card that has been illegally manufactured from information stolen from the magnetic strip of a legitimately issued card. The information needed to produce a counterfeit card is usually accessed through ‘skimming’.
Card swapping This is when a fraudster swaps a cardholder’s card for a similar looking card without their knowledge. The card is swapped in one of the following ways:
- Fraudsters tamper with an ATM and then when an unsuspecting client tries to make use of the ATM, they experience difficulties. The fraudster then poses as a helpful bystander offering to assist a client while in the process viewing their PIN and swapping their card.
- A card could also be swapped when a client makes a purchase and pays with their card; another card is handed back to them by the cashier who processes the transaction.
Lost or stolen card fraud This type of fraud occurs with a legitimate card that was either lost by a cardholder or stolen from a cardholder; fraudsters then make fraudulent transaction with the card. It is important to remember that no transactions can be made with a Visa Electron or Maestro card without a PIN. Clients should never compromise their PIN: it is their responsibility to protect their PIN and to ensure that no one observes it while they are making a transaction.
Tips to prevent card fraud
- Never share your PIN with anyone, even family and friends, and never write it down or store it electronically on a phone or laptop. If the card is stolen along with the phone or laptop, your accounts are at risk.
- Never assume your card has been retained by an ATM or SST. Always contact the bank and request that the card be blocked immediately. Do not wait until you get home or return to the office – a trapped or skimmed card can be used immediately.
- Always shield the keypad with your hand or purse when you type in your PIN. This is the most effective way to prevent onlookers from seeing your PIN.
- Sign the back of your card on receipt from the bank – if your card is stolen, the thieves will have to forge your signature instead of just creating one.
- Ensure that you have your original card after each withdrawal or POS transaction.
- Never let your card out of your sight – watch it at retailers where the POS device is situated under the counter. Most restaurants have mobile devices that are brought to the table. If not, take your card to the restaurant machine.
- When you shop online, place orders on a secure website only and never send emails that quote your card number and expiry date.
- Do not believe hoaxes, for example that entering your PIN backwards at an ATM will notify the police that you need assistance. These hoaxes are designed to get you to divulge your PIN.
- Never accept assistance from anyone while using an ATM or SST, even people who may appear to be security staff or bank employees. If you are distracted, even for a moment, consider that your card may have been compromised.
- When disposing of your bank statements or any other financial information, shred the paper to prevent anyone from accessing this information.
‘It is your responsibility to protect your PIN and to ensure that no one observes it while you are making a transaction.’