Credit Card Fraud
What is Third Party Fraud?
This is a fraud committed against someone or some business by people other than their employees. They can be committed against individuals, businesses, companies, governments etc. Third party frauds are not as common as occupational frauds, but on average each fraud is for a larger amount.
Some third party frauds are not meant to remain hidden forever. Some only remain hidden long enough for the fraudster to get away. The fraudster may not care if the fraud is eventually discovered as there is no continuing relationship with the victim and they have made their getaway.
Are credit cards vulnerable to fraud?
Yes. Credit card fraud is a billion dollar a year problem, and it will keep increasing as credit cards become more abundant and the preferred method of purchase. Some safeguards limit the risk of fraud, and new measures are constantly being introduced by the credit card companies to strengthen their defenses. But there is no way of eliminating that risk entirely. Part of the reason is that these controls cannot stop the people unknowingly giving away their information to fraudsters.
What are the two main types of credit card fraud?
The fraudster can either can use a victim's legitimate card, or they can obtain a false card in the victim's name.
What is the difference between these two?
The difference is where the statement is sent, and whether you know there is a credit card in your name.
If a fraudster obtains your credit card details and uses your account for purchases, they are trying to hide the purchases from you. They know that you will recognize these entries on your statement. This is a short term fraud and ends when the statement is issued and the victim cancelling the account.
If the fraudster gets a new credit card in your name, you will not know that the account exists and will not receive the statements. This fraud ends when the credit card company closes the account due to a payment default. This fraud is limited to the credit limit on the card, but can last longer. This fraud is usually more damaging to the victim as they will have to convince the credit card company that the account is not theirs and then try to rectify their credit rating. The first that the consumer knows about the card is when the credit company's debt collectors finally track them down and try to collect the debt.
Why are credit cards so easy to use in frauds?
The main commercial benefit of credit cards is their ease of use. Unlike cheques and cash, there need be no physical contact or passing of paper between the seller and the purchaser, only the details from the card need to be given. The theft of that information will allow a fraud to be undertaken almost immediately and anonymously.
How does this affect the victim?
The credit card company may lose some money, but a greater loss may be suffered by the victim. It may be easy to show that transactions on the account are false - but it may not, and the burden of proving that they did not incur the debt lies with the victim.
If the fraud became known due to cancellation of the account by the card company, they will be looking to the victim to pay the debt. This may be the first battle for the victim, particularly if they have commenced recovery proceedings. The fraudster incurs the debt in the victim's name, and it will be up to the victim to show that the transactions are frauds. The greater loss may be the damage to a credit rating and reputation. This may take longer and cost more to rectify.
How do the fraudsters get the information?
The information necessary to commit credit card fraud can be obtained from a number of sources, including from the card itself. Getting the credit card information may be as easy as stealing a handbag or wallet or buying a stolen card from a thief. Every time we hand our card to a sales person, or when we undertake remote transactions, that information is exposed to theft. We also throw away sources of this information in the form of credit card slips and statements, just waiting for someone to pick them up.
Most people have bought goods by post, telephone or over the internet using by providing the necessary card information to the seller. Once that information has been handed over, that information is vulnerable to theft - whether it is intercepted on its way to the seller, used improperly by the seller or by a dishonest employee of the seller - or stolen from the seller by a third party.
Are there other areas of concern?
Dishonest sales assistants can scan credit cards at the point of sale using a remote scanner that records the information off the magnetic strip on the back of the card. This information can then be downloaded to a new blank card, or the information can be used for remote transactions.
Fraudsters raid mailboxes to find renewal credit cards and bills to obtain credit card details and expiry dates, or steal pre-approved card offers. Pre-approved offers are sometimes partly filled in and are the "just sign and send back" type offers. A fraudster getting one of these offers in your name can change the address and send away for a card, in your name.
How is the fraud perpetrated?
Credit card frauds are relatively simple. Once the information has been obtained, there are two main ways of using the card:
1. Use the card remotely so there is no face to face contact with the seller. This is usually done on phone, mail or Internet transactions. The difficulty is finding a location to have the items delivered. The fraudster will not want to use their own address.
2. Place stolen information onto a new card that has the fraudster's signature (his signature of the victim's name, not his own name) on the back. This will allow transactions to be done face to face and the items collected immediately. This eliminates the delivery problem, but lacks anonymity.
Credit cards and the Internet
Consumers have concerns that the Internet may be more vulnerable than other ways of using the card. But the Internet is not known to be any less safe than other types of transactions. There is certainly a wider range of buyers and sellers, both reputable and otherwise.
But the method of using the card is not the determining factor. Who you deal with and what they do with your details is more important. If the person getting these details is dishonest, then it does not matter how they get them. The Internet is simply another way to transmit that information. Once your credit card details have been received by the Internet seller entity, they are placed into a computer database. But every seller that you ever have dealt does the same, whether the transaction is on the Internet or otherwise.
Given that reputable businesses on the Internet will use encryption to transmit and store the data, the possibility of having this information stolen is probably no greater that handing transactions by mail, telephone or fax. There is no way of being totally safe from credit card fraud. There are some ways of limiting the risk, but most of the problems occur after you have passed the relevant information to a third party.
What can you do to protect yourself?
There is no definite way of doing so, but these are a few tips.
(a) Be wary of unsolicited offers that come through the mail that ask for payment by credit cards. Do some research on the business before handing over your details.
(b) Keep an eye on the processing of transactions. Internet banking allows people to view their (known) accounts at any time.
(c) Do not believe faxing credit card details is safer than mailing or emailing those details.
(d) Make a list of all your cards and their numbers and keep in a safe place. This key information is helpful when reporting lost or stolen cards.
(e) Sign the back of a new card as soon as you get it and completely destroy old cards that are outdated.
(f) Keep your card out of view of others in a store or at public telephones so they cannot read the name, expiry date and account number.
(g) Review monthly statements for accuracy and question any items that you might not have charged.
(h) Properly dispose of all offers for new credit cards, especially when they are partially completed with your details.
(i) Report stolen and lost cards immediately.
(j) When on a trip, carry the name of the issuer, account number and the toll free number of the issuer in a secure place. Note the date, time and person to whom you reported that your card was lost or stolen.
(k) Keep a separate card with a small limit for those risky transactions. If that card is compromised and has to be cancelled, the damage is limited and it will not disrupt your usual cards.
LESSONS TO BE LEARNED
1. There is no way to eliminate the risk of being a victim of credit card fraud. Simply using a credit card in a normal way will open you up to fraud, especially if the sales person processing the sale is dishonest.
2. Even if you do not have any credit cards yourself, a fraudster may steal your personal details and apply for one themselves.
3. The increase in credit card fraud can partially be attributed to the increase use in credit cards through Mail Order, Phone Order and Internet sales. The more transactions, the more opportunity for fraud.
4. Credit card statements should be examined upon receipt and any anomaly questioned. This may stop any ongoing fraudulent use of the card.
5. Dispose of all correspondence from finance companies properly. Fraudsters will target this type of discarded correspondence.
Disclaimer
The enclosed information is of necessity a brief
overview and it is not intended that readers should rely
wholly on the information contained herein. No warranty
express or implied is given in respect of the information
provided and accordingly no responsibility is taken by
Worrells or any member of the firm for any loss resulting
from any error or omission contained within this
fact sheet.
Acknowledgment
The material in this Fact Sheet was sourced from various
publications including those listed in the Reading List on
the Fraud Awareness page on this website.
Back to Fact Sheets
Last Updated: 17.3.2008