A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Credit Card Fraud

Billions are lost from credit card fraud.
credit card fraud

We live in a credit card nation - one swipe and you can buy almost anything. However, while these tiny pieces of plastic are handy, they are also responsible for billions of dollars lost through credit card fraud.

How credit card fraud works

Credit card fraud begins in one of two ways: either the card is stolen or the cardholder's account data is compromised. Account data refers to the account and personal information required to authorize a purchase.

If a card is stolen, it can be used until the cardholder reports it missing to the bank or card issuing company. However, until that time, poorly implemented anti-fraud rules increase the risk of fraudulent purchases. For example, a credit card is invalid if the signature on the back of the card doesn't match the receipt signature. Yet, merchants rarely compare signatures, and forgery is not difficult.

If a cardholder's account data is compromised, the account can be used for weeks before the cardholder realizes. It is impossible for Web sites like Amazon.com to know if a purchase is authorized by the actual cardholder, therefore this type of fraud is difficult to catch. The number of fraudulent transactions through compromised accounts is typically much high than through stolen credit cards.

Potential threats

One of the best ways to avoid fraud is to prevent people from knowing your card information. Be aware of where you are using your card and who can access your information. For example, a waiter can take your card information when processing your restaurant bill.

The following high-risk threats are more difficult to prevent:

  • Skimming refers to "insider" credit card theft, such as an employee who gathers information from a purchase receipt or a device called a skimmer. Skimmers are exact replicas of card readers and can be attached to a reader or ATM in seconds. When you pass your card through a reader with a skimmer, you are actually swiping it twice. The skimmer records your account information and a hidden camera records your PIN. Some companies like Boeing Employees Credit Union have started installing anti-skimming machines. However, you should always take a close look at ATMs and other card readers before swiping your card.
  • Card number generators are free Internet programs, such as Credit Master and Credit Wizard, that generate sequences of 16-digit card numbers using valid bank identification numbers (BINs). Once a number is generated, its validity is tested through a small transaction of around $30. If that transaction is successful, fraudsters execute a BIN attack, making large purchases using the valid card numbers.

Banks and credit card companies have developed several solutions in response to BIN attacks. The traditional approach is used by most banks and monitors individual card number transactions. If a card is consequently used several times, it falls under a "refer" rule and is investigated by an operator. However, a fraudster can avoid detection by using a card once and then using other valid card numbers.

Another solution links data by BIN number, using credit cards' first 12 digits as a common denominator. If purchases are made at the same merchant by more than three cards with identical first 12 digits, it confirms a BIN attack. These card numbers are then blocked, curbing further transactions.

Fraud protection

Cardholders are protected from credit card fraud and are liable for only $50 if their card is misused. (Some credit card issuers offer zero liability.) For merchants, fraud is much more devastating because they lose their products and money.

If you suspect fraud, both you and the merchant must report the theft to one of three credit reporting companies: Trans Union, Equifax or Experian. Provide as much evidence as possible, as well as a copy of your credit record (free for fraud victims). The Consumer Credit Counseling service can assist with removing fraudulent claims from your credit card. Finally, contact the credit card issuer to cancel your credit card.

By following a few precautions and being alert to warnings, you can help prevent credit card fraud from happening to you.

References

Links

My home page