There are many different types of credit card fraud, these vary from where both the card and criminal are present to where the criminal has acquired a card holder’s details and is able to purchase goods fraudulently over the phone or Internet. The Internet and telephone shopping has proved a breading ground for credit card fraud. The reason for this is not only the annonymity that is made possible through not having to go to the shop in person but through the pressure that retailers have found themselves under to have a quick turn around between the time of an order being placed and the time that it arrives at the customers door. This has been sparked through the Internet providing ever increasing amounts of competition between retailers for better and quicker services and increase consumer expectations. However, the contrasting effect of this is that in order to be quick and simple to use, retailers can easily become sloppy or cut corners when it comes to whether or not the person paying for the goods is the same person who ordered them. This is of course if it is in anyway possible to actually prove this anyway. For instance, it is very difficult to tell on the basis of an address, card number and expiry date whether the person using it is genuine at all. Many companies, especially Internet firms, may not report incidents of fraud because they do not want to appear vulnerable and put people off shopping at their sites. "The Confederation of British Industry reports as of 2001 two thirds of UK businesses have experienced a serious on-line incident such as hacking, virus attacks or credit card fraud ". For these reasons the three forms of credit card fraud counterfeiting, "card not present" and lost and stolen cards have flourished whilst other older types of fraud (e.g. mail non-receipt) have either decreased or almost ceased to exist at all. ( see graph ‘differing credit card fraud in the UK’)
Counterfeiting, in the UK, rose 104% in 2000 to Ј102.8m and then a further 64% in 2001 up to Ј160.3m. A counterfeit card is one that has been scanned, printed, recoded or swiped without the card issuer’s permission. Most cases of counterfeiting involve a process known as ‘skimming’ or cloning, where legitimate data from the magnetic stripe on a card is electronically copied on to another one without the knowledge of the rightful card holder. This is a particularly common problem when it comes to areas of commerce such as restaurants or bars where the cardholders will likely loose sight of their cards when it is swiped to pay for their drinks or meals. Here, corrupt waiters and waitresses are then able to sell on or use the details of the cardholder that they have acquired for fraudulent purposes. This will involve the creation of a duplicate counterfeited card which can then be signed on the back by the fraudster and then used as they please. The legitimate cardholder is unlikely to realise until they next receive information on their balance showing purchases that they did not make due to them thinking that their card and personal details were safe in their wallet.
Lost and Stolen Credit Cards
In 2001 thieves stole Ј114m in the UK in 2001 through the use of lost and stolen credit cards. Most fraud on lost and stolen credit cards will take place at commercial outlets or Internet and telephone shops prior to the genuine card holder reporting its’ loss. Cards are often stolen during burglaries or pick pocketing in the street and then used almost instantaneously. Unlike counterfeit or card-not-present forms of fraud the victim will usually notice fairly quickly enabling the card to be blocked and hopefully limiting the damage.
Card Not Present Fraud and Deceitful Use Of Credit Card Details
In the UK "Card not present" fraud, where information obtained from innocent cardholders is used to buy goods over the Internet, over the phone or through mail order rose 94% to Ј56.8m in 2000 and then 59% to Ј95.7m in 2001. Most recently, a phenomena widespread across the US has made its’ way across the Atlantic in to the EU. It is what is known as ‘bin-raiding’ or ‘dumpster-diving ’. This is the process through which peoples’ rubbish may be stolen and its’ contents looked through so as to ascertain the details required to commit credit card fraud using the unsuspecting bin owner’s details. "One bin picked through contained a signed blank cheque. Another contained an unused cheque book, while from a third bin researchers were able to find an individual’s full name, address, date of birth, bank account number, sort code, employment details and medical information. The same person had thrown away a whole benefit book, bill and other official letters that might be used to corroborate identity. For good measure, he had also discarded a completed passport application giving even more detailed information about his identity ". One of the most striking factors about this form of scam, is that should the fraudster be able to gather enough information he may be able to even assume the actual identity of his unlucky victim. This would enable him to take control of their bank account, notifying for instance the bank, of a change of address so that all correspondence from the bank will go elsewhere thus maximising the time that the fraudster has to accomplish his task. This form of fraud can happen through hacking of databases on the Internet to allow fraudsters access to peoples banking and personal details once again enabling them to assume their identity. Fraudsters may even fill in the gaps amongst their information by cold calling their victims claiming to be from the bank or police and use information that they have already gained about them to
sound genuine. "A recent FBI bust nailed 90 on-line fraudsters who had fleeced 56,000 Net users of over $117 million. Some 2,000 computer users a week complain of identity theft to the Federal Trade Commission ". When the fraudsters have managed to acquire these card details they will usually purchase goods that they can dispose of quickly on the black market so as to cover their tracks and "launder" the stolen money.
Mail Non-Receipt Credit Card Fraud
This form of fraud had its’ heyday in the early 1990’s peaking in 1991 when it cost the British banking industry Ј33m alone and represented 20% of total plastic fraud. This represents one of the success stories for those fighting credit card fraud. Since 1991 the banking industry, governments and mail delivery services have combined to try to stamp out mail non-receipt fraud as much as possible. Steps that they have taken involve securing delivery systems, sending PIN numbers separate from actual cards and drastic punishments including prison sentences for postal workers found interfering with or stealing items of post. There was however, a marked rise in this type of fraud during 2001, which, more than anything represents how criminals will, more often than not, find ways around measures designed to stop them.
This form of fraud involves using stolen or fake ID such as passports, birth certificates, driving licences etc to open a fraudulent account with an unsuspecting victims’ identity. Criminals can also use information that they have stolen, either through burglaries or the process of dumpster-diving (link to dumpster diving ). enough details that they are able to carry out an identity theft. This means that they have enough proof of identity that they are able to inform the bank of a change of address using the stolen documents and steal not just money from an account but effectively the whole account and control of it. This causes problems not only because a theft has occurred but even when it is discovered it may take time for the bank to admit that a mistake has been made. This is due to the fact that as far as they are concerned the application for an account or change of address have been perfectly legitimate and in some cases the unfortunate victim may have difficulty convincing them of their own identity. At present, this is not a hugely common problem, however, banks and law enforcement agencies expect criminals to begin to switch to the use of application fraud as the emergence of new PIN and "Smart Card" (see fighting 'card present fraud' ) systems make more popular frauds, such as counterfeiting, much more difficult.
Other Less Common Types Of Credit Card Fraud
There are other, far less common, types of credit card fraud that are worthy of mention;
Automated Teller Machine (ATM) fraud . This form of theft usually occurs in three ways. The first is where the cardholder has been imprudent enough to leave their Personal Identification Number (PIN) with their credit card and it has been lost or stolen. The thief is then able to go to the nearest cash point, or if the victim is unlucky enough and the thief brave enough several cash points, to easily take out as much money as the machine will allow. In this case the problem is solely in the hands of the police and the cardholder as the banks are under no obligation to refund them. Secondly, PIN numbers can be obtained by thieves watching someone closely enough whilst they key in their PIN, in order to then follow them until an appropriate time when the card can be obtained either through stealth or intimidation (otherwise known as mugging) and then money withdrawn soon afterwards. This is known as ‘shoulder surfing’ and in this case the banks are liable as the cardholder has been robbed through no fault of their own. There are also cases of both card and PIN number being obtained through a process of intimidation and series of threats, however thankfully, as it is this case that generally causes the most danger and trauma for the victim, these cases are very rare. The final example of ATM fraud involves a process known as ‘card trapping’. This involves a device that traps the card inside the cash point, the thief then approaches the stranded cardholder and gives the impression of trying to be helpful but is instead tricking the cardholder into re-entering their PIN. When the cardholder eventually gives up and goes to look for help inside the bank or elsewhere the thief will then remove the device, re-enter the acquired PIN number and abscond with the money before the victim reappears. Similarly, there have also been cases where cardholders have been duped by fake cash machines. These look like ordinary ATMs into which they have entered their card and their PIN only to find neither the card nor money come out, so believing their card to be stuck, they leave to find help or ring the card company. However, on their return they find not only is their card gone but in fact, the entire ATM seems to have disappeared along with a sizeable sum of money from their account.
One recent trend in on-line fraud is the emergence of fake ‘copy-cat’ web sites that take advantage of consumers that are unfamiliar with the Internet or do not know the exact web address of the legitimate company that they wish to visit. The consumer, believing that they are entering their credit details in order to purchase goods from the intended company, are instead unwittingly entering their details into a fraudster’s personal database. He is then able to make use of this information at a later stage, either for his own purposes or to sell on to others interested in perpetrating credit card fraud.