Days of credit card skim scam are numbered

It is possible to be in two places at once when it comes to credit-card fraud

It is possible to be in two places at once when it comes to credit-card fraud. I recently found an unexplained £1,000 (€1,270) on my credit-card statement. Four months after a trip abroad, items were charged to the credit card by shops, restaurants and airlines in locations that were never visited.

Although some regions like Asia and Eastern Europe are fraud hotspots, consumers may be outwitted by fraudsters in any jurisdiction. Improved technology has given criminals the upper hand but knowledge is power for consumers.

Types of fraud: A fraudulent practice increasing internationally is known as "skimming". This relatively new type of fraud involves putting the card through two swipe machines. The first is genuine and contacts the credit-card company for payment as usual.

The unsuspecting customer's card is then swiped through a second device that copies the information from the magnetic stripe and the front and back of the card.

READ MORE

The copying devices are inexpensive and smaller than a human hand but have the capability to transmit information around the world. Collected data is then used to generate a perfectly copied card. The only equipment needed to conduct this type of fraud is reembossing and recoding machines and both cost no more than £1,000 each. The question of signature security is irrelevant because the new copy is signed by the fraudster. In less than an hour several copies of a card may be circulating in numerous cities.

"Don't let the card go out of your sight, as all it takes is one dishonest cashier, waiter or receptionist," says Mastercard/Europay International's director of fraud and security, Mr Peter Warner.

The Garda Bureau of Fraud Investigation (GBFI) says skimming is increasing here and has been detected at a Dublin city restaurant. However, lost or stolen cards still comprise most credit-card fraud representing 62 per cent of losses, says the Garda. Once obtained, a credit card is normally used within 48-72 hours with an average loss per card of £300. It takes an average of 9.5 days before unauthorised use is detected by the cardholder or issuer.

On a lesser scale, fraud also occurs when a card is not physically present. An individual may obtain a person's card number and expiry date from a receipt or carbon copy then use it to order items over the phone or by mail. When this is not possible, criminals use computers to generate genuine account numbers and calculate the expiry date. Items most commonly purchased through account-generated fraud are those that may be sold on again quickly and easily: jewellery, computer components, stereo equipment, televisions and other high value items.

Highly organised criminal gangs tend to favour use of "compromised" counterfeit cards or cards illegally manufactured or altered by mechanical means. In most cases, only a few numbers of an original card are changed. This type of card is detectable by visual inspection which highlights the need for proper training of sales staff.

In recent years, other "salespeople" have contacted consumers by phone, fax or e-mail to offer them specially-priced items which may only be paid for by credit card. After obtaining the creditcard number, the item never arrives and the salesperson has disappeared.

Cost of fraud: Credit-card fraud is up by 27 per cent worldwide and by 130 per cent in the Republic in the year to August, compared to the same period last year, says Mastercard/Europay International.

"It can be a few large attacks that can cause that increase as opposed to a generic issue," according to Mr Warner.

The average annual cost of fraud over the period 1990-1998 in the State was around £1.4 million according to figures compiled by the Irish Bankers' Federation (IBF).

Despite such figures, the cost of credit-card fraud is quite small in relation to the overall market. "Some 1.4 million credit cards were on issue in 1998 from the five clearing banks, which is nearly double the number issued in 1990. Use of these cards in 1998 accounted for 47 million transactions with a total value of £2.7 billion," says IBF. The cost of Irish credit-card fraud as a percentage of total turnover is 0.07 per cent.

Every effort is made to keep the cost of credit-card fraud to a minimum. The majority of efforts are accounted for by initiatives introduced by individual institutions in the ongoing battle against fraud.

However, certain industry-wide initiatives have also featured, such as the implementation of an extensive information/training campaign for retailers some years ago and press notices as appropriate says the IBF.

Consumer protection: A cardholder's interests are fully protected where a transaction was not authorised by him or her. It is important that customers regularly check their credit-card statements and query or alert the issuer about any anomaly.

"As appropriate, the issuer will investigate the role of the merchant as the agreement between card issuer and merchant sets down procedures which must be followed," the IBF says. "Whether the query related to a credit-card transaction undertaken at home or abroad, the role of the merchant can be examined by means of enquiry through the network of issuing and or acquiring banks," it adds. The card itself has many built-in security devices apart from the number, expiration date and signature. Most cards now carry a hologram which is manufactured under tight controls and is difficult to duplicate says Mr Warner.

Placement of numbers also acts as a deterrent for fraudulent usage. Upon close examination of a Mastercard for example, the first four digits of the card number are printed on the card under the embossed 16-digit number. The last four digits overlap the hologram making changes more difficult.

The back of a Mastercard features a magnetic stripe containing security coding which is only know to the bank that issued the card says Mr Warner. The signature panel, which many people forget to sign, is made of a material which can't be altered without being visible. The card number is printed on the stripe along with an additional three digits.

Future security measures: Security experts say the best way to reduce fraud is to stay one step ahead of the criminals. Soon additional protection will be offered when customers order by telephone as they'll have to provide the merchant with the three additional digits mentioned above.

The industry is implementing a smart card or integrated chip card which cannot be skimmed. "It's a computer in its own right with significant improved security features," says Mr Warner. A similar product was introduced in France years ago and now credit-card fraud there is negligible. Europe will be the first region to implement chip technology.

In the US, many credit cards include the cardholder's photograph. "It makes it more difficult for the fraudster but it doesn't solve the problem, it moves it," says Mr Warner.

Another anti-fraud technology is being tested on the US west coast. Magneprint measures the uniqueness of a card's magnetic stripe which is likened to a fingerprint. The main drawback is that Magneprint can check the validity online of the card but not of the person using it.

Chip technology is the best all-around solution but Magneprint may be used as another security mechanism, says Mr Warner.