Posts Tagged ‘credit card fraud’

CREDIT CARD FRAUD & EIGHT WAYS TO GET YOUR INFO HIJACKED

Data: Credit card fraud isn't always apparent to card holders, and banks don't always share information about an incident.

Data: Credit card fraud isn’t always apparent to card holders, and banks don’t always share information about an incident. Photo: Karl Hilzinger
Unaware of credit card fraud until the statement arrives or the bank rings? Here are eight ways tech-savvy criminals can get your details from shops, ATMs and other systems.

Card issuers like Visa and MasterCard often know if merchants have suffered a breach before even the banks or the merchant itself, but they rarely reveal their names to the banks. Rather, in response to a breach, card issuers will send each affected bank a list of compromised card numbers often triggering their cancellation.

Banks may be able to work backwards from that list to the breached merchant, however, in cases where hacked merchants are known rarely is that information shared with their customers.

Here’s a look at some of the most common forms of credit card fraud:

1. Hacked bricks-and-mortar merchant, restaurant:

Here criminals capture credit card details most often by remotely installing malicious software on point-of-sale systems – the software that controls a shop’s payments and inventory.

Distinguishing characteristic: Most common and costly source of card fraud. Losses are high because crooks can take information from multiple cards and produce counterfeit cards that can be used in big box stores to buy gift cards and/or expensive goods that can be easily resold for cash.

Chances of consumer learning source of fraud: Low, depending on customer card usage.

2. Processor breach:

This is a network compromise at a company that processes transactions between credit card issuing banks and merchant banks. One such breach occurred in 2012 and involved some 10 million card numbers.

Distinguishing characteristic: High volume of card accounts can be stolen in a very short time.

Chances of consumer learning source of fraud: Virtually nil. Processor breaches are rare compared to retail break-ins, but it’s also difficult for banks to trace back fraud on a card to a processor. Card issuers/banks generally don’t tell consumers when they do know.

6RKUY

3. Hacked point-of-sale service company/vendor:

This is a compromise at the supplier of the point-of-sale system, not the merchant.

Distinguishing characteristic: Can be time-consuming for banks and card issuers to determine vendor responsible. Fraud is generally localised to a specific town or geographic region served by vendor.

Chances of consumer learning source of fraud: Low, given that compromised point-of-sale service company or vendor does not have a direct relationship with the card holder or issuing bank.

4. Hacked e-commerce merchant:

A database or website compromise at an online merchant.

Distinguishing characteristic: Results in online fraud. Consumer likely to learn about fraud from monthly statement, incorrectly attribute fraud to merchant where unauthorised transaction occurred. Bank customer service representatives are trained not to give out information about the breached online merchant, or address information associated with the fraudulent order.

Chances of consumer learning source of fraud: Nil to low.

5. ATM or other skimmer:

Thieves attach physical fraud devices to ATMs, gas pumps and other card readers to steal card numbers and PINs. For more on skimmers, see All About Skimmers series.

Distinguishing characteristic: Fraud can take many months to figure out. Often tied to gang activity.

Chances of consumer learning source of fraud: High. Banks often disclose to cardholder the source of the fraud.

tjvy

6. Crook employee:

A case often associated with small car hire outlets, motels and restaurants, it involves an employee using a hidden or handheld device to copy card for later counterfeiting.

Distinguishing characteristic: Most frequently committed by restaurant workers. Often tied to a local crime rings, or seasonal and transient workers.

Chances of consumer learning source of fraud: Nil to low.

7. Lost or stolen card:

Distinguishing characteristic: The smallest source of fraud on cards. Consumer generally knows immediately or is alerted by bank to suspicious transactions, which often involve small fraudulent test transactions to see if the card is still active – such as at automated gas station pumps in the US.

Chances of consumer learning source of fraud: High.

8. Record theft:

Merchant, government agency or some other entity charged with storing and protecting card data improperly disposes of card account records.

Distinguishing characteristic: Usually not high-volume. A form of fraud less common than it used to be.

Chances of consumer learning source of fraud: Nil to low.

It’s clear from the above that most consumers are unlikely to discover the true source or reason for any card fraud. It’s far more important for cardholders to keep a close eye on their statements for unauthorised charges, and to report that activity as quickly as possible.

197_banner

www.intelagencies.com

www.scamsfakes.com

Henry Sapiecha

HACKERS GET INTO CREDIT CARDS OF COSMETIC COMPANY

Customers warned

as hackers target

cosmetics retailer

Megan Levy
February 15, 2011

Thousands of online shoppers who recently purchased items from the popular cosmetics group Lush have been warned to contact their banks after the company’s Australian and New Zealand website was targeted by hackers.

Lush has taken down its website this morning and replaced it with a statement warning that customers’ personal details, including credit card numbers, may have been compromised.

‘‘We urgently advise customers who have placed an online order with Lush Australia and New Zealand to contact their bank to discuss if cancelling their credit cards is advisable,’’ the company’s website says.

It follows a similar attack on the UK branch of the handmade cosmetics company last month, during which anyone who placed an online order between 4 October and 20 January was exposed to the privacy breach.

Following that attack, many Lush customers reported that their cards had been used fraudulently.

In today’s statement, Lush said the Australian and New Zealand websites were not linked to the Lush UK website, but had been separately targeted.

‘‘As a precautionary matter we have removed access to our website while we carry out further security checks,’’ the statement says.

‘‘Lush is working with the police, forensic investigators and banks and doing all that we can to investigate the breach in privacy.

‘‘We are currently in the process of contacting each of our online customers individually by email.’’

The security breach has not affected customers who used the mail order phone line, the statement says.

‘‘Again, we would like to say that we are truly sorry and thank all our customers for standing shoulder to shoulder with us during this difficult time,’’ the website says.

Lush has previously been praised by green campaigners for not using animal fats in its products, as well as its stance against animal testing. Tests are performed on human volunteers instead.

RTERCU

www.intelagencies.com

www.scamsfakes.com

Sourced & published by Henry Sapiecha