Archive for the ‘CREDIT CARDS’ Category

Chick-fil-A Restaurant chain investigates hack into credit card payment data

child hacker on line at screen image

Chick-fil-A is investigating a possible breach of credit card data that occurred in mid-December.

Chicken sandwich chain Chick-fil-A is investigating a possible data breach at some of its restaurants, the company announced Friday, saying it was working with cybersecurity firms and federal law enforcement to determine whether its payment system was hacked.

In a terse statement, the fast food company said “payment industry contacts”, likely meaning credit card companies and banks, had reported suspicious activity on 19 December. After those initial reports, Chick-fil-A contacted authorities and cybersecurity companies to help investigate the activity, which it described only as “involving payment cards at a few restaurants”.

A spokesperson for the company declined to comment; the company’s statement declares it “premature for us to comment further given the pending investigation”.

Cybersecurity journalist and expert Brian Krebs first reported a possible breach in mid-December, saying that several financial institutions had traced the common point-of-purchase on cards with suspicious activity to Chick-fil-A locations. An anonymous source told Krebs that most of the restaurant locations affected were in a handful of states, including Pennsylvania, Maryland, Virginia, Georgia and Texas.

Krebs believes a breach of Chick-fil-A’s locations would likely have affected only a fraction of the company’s nearly 2,000 restaurants. He compared the breach to those of other medium-sized chains, such as Dairy Queen, that use third-party companies to manage their purchase systems. In those cases, hackers installed malware in the third party’s point-of-sale (POS) software — the technology in a credit card terminal — allowing the thieves to steal data encoded on the back of cards.

If confirmed, the December breach would add to a year of similar attacks on major US corporations. In November, hackers installed malware on Home Depot’s self-checkout systems, netting them 53m emails and compromising 56m credit and debit card numbers. In December 2013, Krebs revealed a data breach of Target’s system; the company discovered that criminals had compromised personal information of about 110 million customers, and also likely used POS infiltration.

In the digital arms race between authorities and hackers, corporations and security firms are struggling to keep pace. In September, the Ponemon Institute, a data protection research group, found that 43% of US firms had experienced a data breach in the past year. In October, a majority of experts told Pew Research they expected major cyber attacks to cause widespread harm in the next 10 years. And nearly two years ago, Symantec, the world’s largest antivirus software company, admitted that its technology could no longer defend against the most sophisticated cyber attacks.

With a wealth of credit card data and personal information, hackers can either create counterfeit cards or sell the information to others. Chick-fil-A said that if investigation confirms a data breach, customers will not be held liable for relevant charges, adding that it would arrange identity protection services for affected customers.

Krebs knocked down that offer “as a means of placating nervous customers”, and both he and Chick-fil-A encouraged customers keep a close eye on bank and card statements to look out for suspicious activity and possible identity theft. (8)



Henry Sapiecha

How Hackers Found a Way to Thwart Chip and PIN Credit Cards

Make no mistake, the tech is not invulnerable.

credit card closeup blue image

After years of preparation, chip and PIN credit cards are finally arriving in the United States. But while a chip and PIN might be much more secure than a signature, hackers have shown that it’s not invulnerable, and now we know how they pulled it off.

As Ars Technica reports, a number of chip and PIN cards were stolen in France back in 2011, and somehow, the fraudsters who took them were able to start using them in Belgium, despite the security enhancements that credit card companies are wont to hold up as unimpeachable. Security researchers expressed their doubts about the tech as early as 2010, but the incident in Belgium was the first (and so far only) instance of an actual exploit.

Now, the researchers behind the investigation have published a paper that explains how the hack worked. At least as well as they can tell; the actual cards are still untouchable due to being evidence in a criminal proceeding. As Ars Technica explains:

The fraudsters were able to perform a man-in-the-middle attack by programming a second hobbyist chip called a FUN card to accept any PIN entry, and soldering that chip onto the card’s original chip. This increased the thickness of the chip from 0.4mm to 0.7mm, “making insertion into a PoS somewhat uneasy but perfectly feasible,” the researchers write.

Essentially, that small extra chip would sit between the card’s actual chip and the point of sale, and assure both sides that everything about the transaction was on the up-and-up, even though it wasn’t.

The problem is solvable, the regulators behind the chip and PIN system say it’s already been solved. But that a vulnerability was present at all is still troubling. The all-around weakness of signature based authentication meant that credit card companies had little choice but to eat the cost of plausible and frequent fraud. But if those same companies hold up chip and PIN as infallible, it could make claiming fraud much harder or virtually impossible.

Yes, chip and PIN will hopefully make credit card fraud much rarer, but if credit card companies continue to treat it as fool-proof when it very well may not be, the next vulnerability could prove very expensive for the victims. (5)


Henry Sapiecha


new credit and debit cards image

Millions of Americans are getting new credit and debit cards with more secure chip technology, and that’s already leading to headaches for companies that rely on working cards to charge their customers every month.

Video and music streaming companies, dating websites, gyms and other subscription-based companies can take a hit when customers don’t update their accounts after receiving a new card. It’s always been a hassle, but with millions of cards carrying the new being mailed out all at once it’s creating bigger problems.

Netflix this week said large numbers of cards that weren’t updated were partly to blame for slower subscriber growth in their most recent quarter.

The video steaming site said Wednesday that an unusual number of accounts were cancelled during the three months that ended in September. Netflix Inc., which has 69 million members around the world, expects the issue to continue into the next quarter as more new chip cards roll out.

With subscription services gaining in popularity, where customers have funds automatically withdrawn from checking accounts every month for a service, it has become increasingly noticeable when people don’t update the cards that they use for those services, or are unaware that they need to.

Often, the number on the card is still the same, but the expiration date has changed, said Matt Schulz, a senior analyst at credit card comparison site Typically, payments won’t go through if the expiration date is different.

Recurly, a San Francisco company that manages bill payments for more than 1,900 subscription businesses, said it has seen a slight increase in card declines. Recurly uses a service for its clients that automatically updates when new card numbers are issued, so the customer doesn’t have to do it themselves, said CEO Dan Burkhart, though not every bank participates in the service. Burkhart said subscription companies will face some “turbulence” as customers get new cards, but those issues typically resolve within a few months.

The problem has hurt Netflix before.

A year ago, the Los Gatos, California, company said a number of customer’s accounts were put on hold due to The Home Depot data breach, which forced many customers who shopped at the home improvements store to get new credit cards.

Similarly, IAC/InterActiveCorp, a New York company which owns dating websites such as and OkCupid, said last year that credit that were not updated after major security breaches at Target and Home Depot cost it about $5 million in earnings for the year before interest, taxes, depreciation and amortization.



Henry Sapiecha

Apple Pay bridging bricks-and-mortar and online credit card fraud

The Apple Watch will be able to make payments using Apple Pay.

The Apple Watch will be able to make payments using Apple Pay. Photo: Reuters

Lost amid the Apple media firestorm these past few weeks is a stark and rather unsettling reality.

Apple Pay – the company’s answer to a mobile (and wearable) wallet – makes it possible for cyber thieves to buy high-priced merchandise from bricks-and-mortar stores using stolen credit and debit card numbers that were until now only useful for online fraud.

To understand what’s going on here, a quick primer on card fraud first: If you’re a fraudster and you wish to walk into a big retailer and walk out with a big screen TV or Xbox console on someone else’s dime, you’re going to buy “dumps” which are data stolen straight off the magnetic stripe on the backs of cards.

Typically, dumps are stolen via malware planted on point-of-sale devices, as in the breaches at brick-and-mortar stores like TargetHome Depot and countless others over the past year. Dumps buyers encode the data onto new plastic cards, which they then use in-store at retailers and walk out with armloads full of high-priced goods that can be easily resold for cash. The average price of a single dump is between $US10-$30, but the payoff in stolen merchandise per card is often many times that amount.



When fraudsters want to order something online using stolen credit cards, they go buy what the crooks call “CVVs” — card data stolen from hacked online stores. CVV stands for “card verification code,” and refers to the three-digit code on the back of cards that’s required for most online transactions. Fraudsters buying CVVs get the credit card number, the expiration date, the card verification code, as well as the cardholder’s name, address and phone number. Because they’re less versatile than dumps, CVVs cost quite a bit less — typically around $US1-$5 per stolen account.

So in summary, dumps are stolen from main-street merchants, and are sought after by crooks mainly for use at main street merchants. CVVs, on the other hand, are stolen from online stores, and are useful only for fraud against online stores.

Enter Apple Pay, which potentially erases that limitation of CVVs because it allows users to sign up online for an in-store payment method for their iPhone or Watch using little more than a hacked card account and CVVs. That’s because most banks that are enabling Apple Pay for their customers do little, if anything, to require that customers prove they have the physical card in their possession.

Avivah Litan, a fraud analyst with Gartner, explained in a blog post published earlier this month that Apple provides banks with a fair amount of data to aid in their efforts at “identity proofing” the customer, such as the customer’s device name, its current geographic location, and whether or not the customer has a long history of transactions with iTunes.

All useful data points, of course, unless the iTunes account that all of this information is based on is hijacked by fraudsters. And as we know from previous stories, there is a robust cybercrime underground trade for hijacked iTunes accounts, which retail for about $US8 each.


Litan’s column continues:

“Interestingly, neither Apple nor the banks get any useful identity information out of the mobile carriers – at least that I know or heard of. And mobile carrier data could be particularly helpful with identity proofing. For example the banks could compare the mobile service’s billing address with the card account holder’s billing address.

“For years, we have been briefed by vendors offering a plethora of innovative and strong user authentication solutions for mobile payments and commerce. And for years, we have been asking the vendors touting them how they know their mobile app is being provisioned to a legitimate user rather than a fraudster. That always appeared to me to be the weakest link in mobile commerce –making sure you provide the app to the right person instead of a crook.

“Identity proofing in a non-face-to-face environment is anything but easy but there are some decent solutions around that can be stitched together to significantly narrow down the population of fraudulent transactions and identities. The key is reducing reliance on static data – much of which is PII data that has been compromised by the crooks – and increasing reliance on dynamic data, like reputation, behavior and relationships between non-PII data elements.

“This problem is only going to get worse as Samsung’s LoopPay and the MCX/CurrentC (supported by Walmart, BestBuy and many other major US retailers) release their mobile payment systems, without the customer data advantages Apple has in their relatively closed environment.”

Sure, the banks could pressure Apple Pay to make their users take a picture of their credit cards with the iPhone and upload that data before signing up. That might work for a short while to deter fraud, at least until the people at underground document forgery sites like Scanlab see a new market for their services.


But in the end, most banks coming online with Apple Pay are still using customer call centers to validate new users, leveraging data that can be purchased very cheaply from underground identity theft sites. If any of you doubt how easy it is to buy personal data on just about anyone, check out the story I wrote in December 2014, wherein I was able to find the name, address, Social Security number, previous address and phone number on all current members of the US Senate Commerce Committee.

The irony here is that while Apple Pay has been touted as a more secure alternative to paying with a credit card, the way Apple and the banks have implemented it actually makes card fraud cheaper and easier for fraudsters.

Even more deliciously ironic, as noted in Cherian Abraham’s insightful column at Droplabsis how much of the fraud stemming from crooks signing up stolen credit cards with Apple Pay was tied to purchases of high-dollar Apple products at Apple’s own brick-and-mortar stores. That banks end up eating the fraud costs from this activity is just the cherry on top.

Abraham said the banks are in this mess because they didn’t demand more transparency and traceability from Apple before rushing to sign customers up (or “provision” them, in banker-speak) for Apple Pay.

“One of the biggest gripes I have heard from issuers is the lack of transparency from Apple (what did they expect?) and the makeshift reporting provided to issuers that is proving to be woefully inadequate,” Abraham wrote. “As long as issuers fall back on measures easily circumvented by freely available PII – this problem will continue to leech trust and large sums of cash. And alongside of the latter, there is much blame to go around as well.”

Both Abraham and Gartner’s Litan say banks need to take a step back and take the time to develop more robust, thoughtful and scalable solutions to identity proofing customers, particularly as other mobile providers begin rolling out their mobile payment systems without the customer data advantages that Apple has in their relatively closed environment.

“The vendors in the mobile user authentication space have consistently answered that they are leaving account provisioning policies to the banks or other consumer service providers provisioning the apps,” Litan wrote. “Well maybe it’s time for them to reconsider and start helping their client banks and service providers by supporting identity proofing solutions built into their apps. Whoever does this well is surely going to win lots of customer support… and revenue.” (5)

Henry Sapiecha


Data: Credit card fraud isn't always apparent to card holders, and banks don't always share information about an incident.

Data: Credit card fraud isn’t always apparent to card holders, and banks don’t always share information about an incident. Photo: Karl Hilzinger
Unaware of credit card fraud until the statement arrives or the bank rings? Here are eight ways tech-savvy criminals can get your details from shops, ATMs and other systems.

Card issuers like Visa and MasterCard often know if merchants have suffered a breach before even the banks or the merchant itself, but they rarely reveal their names to the banks. Rather, in response to a breach, card issuers will send each affected bank a list of compromised card numbers often triggering their cancellation.

Banks may be able to work backwards from that list to the breached merchant, however, in cases where hacked merchants are known rarely is that information shared with their customers.

Here’s a look at some of the most common forms of credit card fraud:

1. Hacked bricks-and-mortar merchant, restaurant:

Here criminals capture credit card details most often by remotely installing malicious software on point-of-sale systems – the software that controls a shop’s payments and inventory.

Distinguishing characteristic: Most common and costly source of card fraud. Losses are high because crooks can take information from multiple cards and produce counterfeit cards that can be used in big box stores to buy gift cards and/or expensive goods that can be easily resold for cash.

Chances of consumer learning source of fraud: Low, depending on customer card usage.

2. Processor breach:

This is a network compromise at a company that processes transactions between credit card issuing banks and merchant banks. One such breach occurred in 2012 and involved some 10 million card numbers.

Distinguishing characteristic: High volume of card accounts can be stolen in a very short time.

Chances of consumer learning source of fraud: Virtually nil. Processor breaches are rare compared to retail break-ins, but it’s also difficult for banks to trace back fraud on a card to a processor. Card issuers/banks generally don’t tell consumers when they do know.


3. Hacked point-of-sale service company/vendor:

This is a compromise at the supplier of the point-of-sale system, not the merchant.

Distinguishing characteristic: Can be time-consuming for banks and card issuers to determine vendor responsible. Fraud is generally localised to a specific town or geographic region served by vendor.

Chances of consumer learning source of fraud: Low, given that compromised point-of-sale service company or vendor does not have a direct relationship with the card holder or issuing bank.

4. Hacked e-commerce merchant:

A database or website compromise at an online merchant.

Distinguishing characteristic: Results in online fraud. Consumer likely to learn about fraud from monthly statement, incorrectly attribute fraud to merchant where unauthorised transaction occurred. Bank customer service representatives are trained not to give out information about the breached online merchant, or address information associated with the fraudulent order.

Chances of consumer learning source of fraud: Nil to low.

5. ATM or other skimmer:

Thieves attach physical fraud devices to ATMs, gas pumps and other card readers to steal card numbers and PINs. For more on skimmers, see All About Skimmers series.

Distinguishing characteristic: Fraud can take many months to figure out. Often tied to gang activity.

Chances of consumer learning source of fraud: High. Banks often disclose to cardholder the source of the fraud.


6. Crook employee:

A case often associated with small car hire outlets, motels and restaurants, it involves an employee using a hidden or handheld device to copy card for later counterfeiting.

Distinguishing characteristic: Most frequently committed by restaurant workers. Often tied to a local crime rings, or seasonal and transient workers.

Chances of consumer learning source of fraud: Nil to low.

7. Lost or stolen card:

Distinguishing characteristic: The smallest source of fraud on cards. Consumer generally knows immediately or is alerted by bank to suspicious transactions, which often involve small fraudulent test transactions to see if the card is still active – such as at automated gas station pumps in the US.

Chances of consumer learning source of fraud: High.

8. Record theft:

Merchant, government agency or some other entity charged with storing and protecting card data improperly disposes of card account records.

Distinguishing characteristic: Usually not high-volume. A form of fraud less common than it used to be.

Chances of consumer learning source of fraud: Nil to low.

It’s clear from the above that most consumers are unlikely to discover the true source or reason for any card fraud. It’s far more important for cardholders to keep a close eye on their statements for unauthorised charges, and to report that activity as quickly as possible.


Henry Sapiecha


eftpos machine in use image

Retailers would reportedly be limited to charging consumers 12 cents or 0.5 per cent of the transaction value, whichever is less. Photo: Pat Scala

Exorbitant credit card surcharges could soon be a thing of the past.

The financial services inquiry led by David Murray is reportedly calling for a ban on all outrageous surcharges on credit and debit card transactions.

Instead, retailers would be limited to 12 cents or 0.5 per cent of the transaction value, whichever is less, News Corp reports on Friday.

Many now charge two or three per cent on top of the purchase price if customers pay with credit card.

Treasurer Joe Hockey said recommendations around the payments system are more likely to be matters for independent regulators APRA and the Reserve Bank to consider.

The government would focus on consumer protection and education.

The Murray inquiry will be released publicly on Sunday.

Mr Murray, a former chief of the Commonwealth Bank and head of the Future Fund, and his team have been working on the inquiry for almost a year.

They have received more than 6,500 submissions since their interim report, 5000 of which touched on the issue of credit card surcharges.

Consumer advocate Choice says businesses, particularly in hospitality and the entertainment industry, have long been gouging consumers.

“Consider that on a flight you’re not just paying by transaction, $7 or $8, you’re paying per passenger,” spokesman Tom Godfrey told ABC radio.

“Airlines for a very long time have been profiteering on the back of credit card surcharges.”



Henry Sapiecha


Consumers are being warned about fraud possibilities with pay-and-go credit cards.


Good quality tin foil could be the difference between losing money to credit card fraud or keeping your cash secure.

Contactless card technology might make going through the checkout slightly faster but it also exposes people as it can be used by fraudsters to covertly steal money from a card while it is in a pocket or handbag.

Edith Cowan’s digital forensics lecturer Peter Hannay said that while Mastercard was not aware of any cases happening he would not be surprised if it was happening but there were ways to protect yourself.

Contactless cards have several different names but they are bank cards that are placed next to a machine in order to carry out a quick transaction – rather than swiping or inserting the card.

Mr Hannay said ECU research showed it was possible for people to use technology to interact with the radio frequency identification microchip that makes the contactless cards work.

He believed current technology would allow interaction within close proximity of those carrying the tap-and-go cards, which would allow card details to be obtained.

The technology required would be obvious but could be hidden within a large briefcase.

“Brushing up against someone on a train, it’s not difficult to achieve on a train in peak hour, it’s not that obvious,” Mr Hannay said.


He said employing the technology from a distance of several metres would require much larger and obvious antennas.

Mr Hannay said the only thing that could block signals between contactless bank cards and other devices was magnetic metal.

He suggested good quality foil, not the cheap stuff found in local supermarkets, was best to use.

Several products were already on the market, such as shields or sleeves, and they had tested well.

Mr Hannay said that while he did not expect technology to make it any easier for criminals to access people’s bank cards, he did expect such fraud cases to become more common as the technology was embedded in new cards.

“A couple of my colleagues who have got new cards have asked about it and they’ve been told that if they want a bank card, they have no choice,” Mr Hannay said.

Mastercard Australasia’s head of global fraud management Joseph Vukasovic said the company had not been made aware of any incidents of electronic pick-pocketing anywhere in the world.

He said that data drawn from a card in someone’s pocket was “effectively rendered useless” because additional information was required to use those details to make an online purchase, including the CVV code.

While major retailers and most other online outlets require the buyer to enter the CVV code to make a purchase, not all do.

Mr Vukasovic questioned why thieves would go to such lengths to obtain details from a card electronically.

“Every time you shop, that data is on there anyway, why would someone invest so much to get these details that are available to anyone who sees that card,” he said.

Mr Vukasovic said technology called CVC3 was built into the chip to increase a card’s security.

Mastercard’s security factsheet on their PayPass technology describes how the CVC3 technology makes it nearly impossible to “replay transactions because a code that accompanies an authorisation request changes every time an authorisation request is made”.

“There is a discrete authentication code that changes after each transaction,” the factsheet states.

“Without the proper code the transaction will not be authorised.” (5)

Henry Sapiecha




A bank in the Isle of Man — a possession of the British Crown located in the Irish Sea between Scotland, England, Ireland and Wales— is offering a 14-carat gold credit card to customers who have at least $168,000 (£100,000) of metal bars in their vault.

The Bullion Visa card, issued by IMGold, is the world’s first solid gold credit card backed by the precious metal itself that allows users to effectively borrow against their bullion possessions, reports (subs. required).

it is not the first time a bank decides to issue a credit card made of the yellow metal. In 2012 Visa teamed up with Russian bank Sberbank-Kazakhstan and launched a solid gold credit card studded with 26 diamonds

However, it is not the first time a bank decides to issue a credit card made of the yellow metal. In 2012 Visa teamed up with Russian bank Sberbank-Kazakhstan and launched a solid gold credit card studded with 26 diamonds, equal to 0.17 carats.

“There are people who invested in 2011 at $1,900 an ounce and now [gold] is worth less than $1,300 an ounce. They are sitting on losses and don’t want to sell. Now they can spend and get some liquidity,” Ed Pearce, managing director of IMGold, told

The interest rate on the exclusive card, available later this year, is expected to be below 10%.

Holders may think twice about handing this credit card to a waiter.


Henry Sapiecha




Mr Argarkov’s version of the contract contained a zero per cent interest rate, no fees and no credit limit. Every time the bank failed to comply with the rules, he would fine them 3 million roubles.

It has to be the best credit card scam ever – and it worked.

When Dmitry Argarkov was sent a letter offering him a credit card, he found the rates not to his liking.

But he didn’t throw the contract away or shred it. Instead, the 42-year-old from Voronezh, Russia, scanned it into his computer, altered the terms and sent it back to Tinkoff Credit Systems.

Mr Argarkov’s version of the contract contained a zero per cent interest rate, no fees and no credit limit. Every time the bank failed to comply with the rules, he would fine them 3 million roubles ($A100,000). If Tinkoff tried to cancel the contract, it would have to pay him 6 million roubles.

Tinkoff apparently failed to read the amendments, signed the contract and sent Mr Argakov a credit card.


“The Bank confirmed its agreement to the client’s terms and sent him a credit card and a copy of the approved application form,” his lawyer Dmitry Mikhalevich told the Kommersant newspaper.

“The opened credit line was unlimited. He could afford to buy an island somewhere in Malaysia, and the bank would have to pay for it by law.”

However, Tinkoff attempted to close the account due to overdue payments.

It sued Mr Argakov for 45,000 roubles for fees and charges that were not in his altered version of the contract. This week a Russian judge ruled in Mr Argakov’s favour.

Tinkoff had signed the contract and was legally bound to it. Mr Argakov was only ordered to pay an outstanding balance of 19,000 roubles ($A641).

“They signed the documents without looking. They said what usually their borrowers say in court: ‘We have not read it’,” said Mr Mikhalevich.

But now Mr Argakov has taken matters one step further. He is suing Tinkoff for 24 million roubles for not honouring the contract and breaking the agreement.

Tinkoff has launched its own legal action, accusing Mr Argakov of fraud.

Oleg Tinkov, founder of the bank, tweeted: “Our lawyers think he is going to get not 24m, but really 4 years in prison for fraud. Now it’s a matter of principle for @tcsbanktwitter.”

The court will review Mr Argakov’s case next month.

Daily Telegraph, London


Henry Sapiecha



Fraud involving Australian credit cards, debit cards and cheques reached $285 million in June this year, down from a peak of $302 million in December.

Credit cards still dominate the statistics, accounting for $263 million, or 97 per cent, of all fraud in the 2011-12 financial year. Debit cards accounted for 3 per cent and cheques just 0.05 per cent.
LawCentral Online Australian Legal Doc Shop

This credit card figure includes an estimated $30 million taken over two years by a Romania-based crime ring that was only recently exposed. That syndicate had access to 500,000 Australian credit cards and about 30,000 credit cards were exploited, the Australian Federal Police said when the ring was smashed last month.
Fantasy Footwear

About 15.6¢ out of every $1000 transaction during the year was fraudulent, just a fraction of the $1.8 trillion spent through cards and cheques in total, according to the Australian Payments Clearing Association [APCA].

Transactions that do not require the customers’ presence, such as online, telephone and mail shopping, are the most susceptible and the increasing rate of online shopping is likely to push fraud statistics higher in coming years.

‘‘As people take to online shopping enthusiastically…that is a more challenging fraud environment because you do not know who you are dealing with and you do not know who is watching. That is an ongoing challenge for the entire industry,’’ chief executive of the APCA, Chris Hamilton, said.

However, the average amount stolen during a fraudulent credit card transaction has dropped from $365 to $225 because criminals are ‘‘testing’’ their methods and trying to hide among normal transactions, he added.

About $14 million was stolen using debit cards that require a personal identification number [PIN]. This is down from a peak of $27.9 million in 2009-10 when Australia was targeted by international criminal groups skimming ATMs and eftpos machines. Since the group was busted machines have been updated and more Australian cards fitted with micro-chips that are harder to copy than magnetic strips.  But criminals have found new techniques with debit card fraud rising to $7.7 million between December 2011 and June 2012, compared to $5.2 million in the previous six months.

‘‘We understand there has been an increase in skimming activity at ATMs, in petrol stations and in taxis. Consumers can help stay safe by keeping their card in sight when making payments and always covering their hand when entering their PIN at point-of-sale terminals and ATMs,’’ Mr Hamilton said.

Banks and credit unions usually reimburse card holders, providing the customer is not at fault.

Cheque fraud declined to $7.9 million in 2011-12 from a peak of $18 million in 2010 as fewer people use cheque books. However, it is more damaging with fraud reaching an average value of $11,000.

‘‘The guys who used to be experts at cheque fraud are finding it harder and harder to do that, they are gradually going out of business. So I suspect what you are seeing are the last few people who are trying to engage in cheque fraud going after larger and larger values,’’ Mr Hamilton said

Sourced & published by Henry Sapiecha