With 'skimming', 'phishing' and other types of fraud on the rise, FIONA REDDANasks how you can protect yourself

WE’VE ALL been victims of attempted scams of some sort or other. Maybe you’ve received an e-mail asking you for your bank-account details so a prize can be lodged into it; maybe you’ve received an e-mail from a bank asking you to confirm your account details; maybe you’ve sold your car to someone who gave you a cheque for too much, and asked you to refund the balance, but the cheque later turns out to be worthless; or maybe you’ve had your ATM card “skimmed” and money withdrawn from your current account.

Whatever the fraud, there is no doubt that such incidents are on the rise, meaning consumers need to be more careful than ever when it comes to protecting their identity and personal financial information.

But what are the most common types of financial fraud, and what can you do to protect yourself?

Stealing your identity

Picture this. You’re sitting at home when the phone rings. It’s a debt collection agency looking for payment on overdue debts that you have not incurred. You shrug it off, convinced it’s an administrative error.

The next day you receive a letter from a property developer informing you that your apartment is ready to be snagged – but you haven’t bought a new apartment. Concerned now that something is up, you check your bank accounts, and find that your savings have been depleted.

You have been a victim of identity fraud.

While the above scenario may sound far-fetched, it is more realistic than you may realise.

Last year, almost 90,000 people in Ireland fell victim to instances of identity fraud.

Identity theft involves an imposter stealing personal information such as PPS numbers, credit-card numbers, ATM pin numbers, dates of birth, passports etc, and using this information to pose as someone else and to withdraw money from bank accounts, charge up credit cards or take out a loan.

Modern life is making things easier for fraudsters. The advent of the green recycling bin, for example, makes it easier for “dumpster diving”. In other words, fraudsters can sift through your rubbish, which is often left in the recycling bin for up to two weeks, to collect utility bills, credit-card statements and so on, which can later be used to impersonate you.

Another source of information is social networking sites, so you should exert caution before putting personal profile information on a website such as Facebook or Bebo. For example, your date of birth or mother’s maiden name are common verification tools used by financial services companies, so avoid revealing such information if possible. Even if your site is private, don’t take any chances.

Intercepting your post is another method that can be used to collect information about you, so if you suddenly stop receiving bank statements and fear that your post is being interfered with, contact An Post straight away and ask it to investigate.

Organisations you deal with can also be responsible for revealing personal information: witness incidents at the Health Service Executive and Bank of Ireland in which laptops went missing.

ATM fraud

ATM card “skimming” is one of the most common types of fraud in Ireland, with thousands of people all over the country affected by it.

Those perpetrating the crime tamper with an ATM machine so that when you go to withdraw money, the magnetic strip on your card is copied by a device called a “skimmer”, which has been attached to the machine.

Small cameras are attached to the ATM so that the criminals can get a record of your pin number, which means they can make copies of your card and withdraw money from your account.

To protect yourself, cover the keypad when typing in your pin number. Always exercise due caution when withdrawing money from ATMs, particularly from machines which are isolated and therefore more open to being tampered with.

Criminals are also trying to copy information from card-payment devices in shops. Last August, for example, the Garda seized 47 bogus devices that had copied the credit- and debit-card details of thousands of people.

If you’re concerned about being a victim of this type of fraud, you could limit potential damage by talking to your bank to see whether you can reduce your daily cash withdrawal limit, which would act as a deterrent to criminals, or at least slow them down in emptying your account.

Internet banking

If “phishing” to you conjures up images of a sunny riverbank, then you need to read on. As the number of people availing of internet banking services continues to rise – encouraged by the banks, for whom it is a much cheaper way of doing business – so too do the number of fraudulent incidents.

Appropriately titled, phishing involves using e-mails to extract key personal financial information from people. If you have received an e-mail apparently from your financial institution asking you to confirm your current-account number, your internet banking log-in, or any such personal information, you have been a victim of attempted fraud. In such cases, you should report the incident to the relevant financial institution and ignore the e-mail.

Also, be wary of conducting online banking in an internet cafe or public place, as you have no guarantee that it is a secure environment.

Similar scams take place on the phone and are known as “vishing”. In this scenario someone rings you, pretends to be from a financial institution and asks for your personal information. The phone call might be automated, or you might be left a message asking you to return the call. When you do so, you are asked to key in your details on the phone.

Credit-card fraud

While the introduction of chip and pin cards has dramatically reduced credit-card fraud in Ireland, it has not disappeared.

Credit-card fraud now most frequently occurs in a “card not present” environment, ie on the internet or phone, with 64 per cent of all card fraud carried out in Ireland in this way.

As such, buying your purchases online can be fraught with anxiety. While banks have started using a CCV security code to help protect against fraud, consumers are not able to use their chip and pin online, which heightens the risk. So, when shopping on the internet, bear in mind a few key points.

To ensure that a website is secure, check to see whether the padlock symbol appears at the bottom right of the screen, and that the web address changes from http:// to https:// when you reach the payment section. If you click on the padlock, you can check whether the retailer has an encryption certificate, which should explain the type and extent of security, and what sort of encryption it uses.

Banks themselves monitor credit-card activity, but if you get a call from them saying they suspect fraud on your card and ask you to verify information, be sure that it is in fact the bank calling you, and perhaps suggest that you will call them back.

If you’re still nervous about shopping online with your credit card, you could consider buying a “3V” voucher, which is available from Permanent TSB.

This prepaid credit card allows you to spend the amount you have put on the card. Unlike credit cards, however, there is no credit facility with these, so once the balance is spent the card can no longer be used, and there is no threat of fraud.

These can be costly, however, with a transaction charge of €2.50 on vouchers valued at between €30 and €100, and €5 on vouchers with a value of more than €100.

Another option is to register for “3D secure”, which protects your MasterCard or Visa card against unauthorised use when you shop online at participating retailers, and enables you to validate transactions you make over the internet by supplying a personal code.

Fraud on lost or stolen cards accounts for almost a quarter of all card fraud in Ireland, so you should not hesitate to report your card if you lose it, even if you’re not sure whether you simply misplaced it. The issuer can put a stop on the card and issue you with a replacement, and you can avoid the risk of a criminal damaging your credit rating.

If you’re going abroad, make a note of the relevant 24-hour emergency credit-card number before you go.

Investment fraud

If you have seen the film Boiler Room, you will be familiar with the smooth-talking salesman who coldcalls people trying to interest them in some great investment scheme. Such practices are not confined to the imagination of Hollywood executives, however, and the Irish Financial Services Regulatory Authority frequently issues warnings against investment firms carrying out unauthorised activities in the Irish market.

For example, it has most recently issued warnings on CD Equities Global Equities Partnership and Green Care Investments, so keep an eye on newspapers for announcements of such warnings.

Alternatively, if you have been contacted by a firm and would like to check its bona fides, the Financial Regulator publishes a list of firms against which it has issued warnings on its website (www.financialregulator.ie/unauthorised-firms).

Unfortunately, as the recent Bernard Madoff scandal illustrated so clearly, legitimate firms can also engage in underhand practices, so approach any investment with caution. And remember, if it sounds too good to be true, it probably is.

Get proactive

As you will often not become aware of any identity fraud that has been carried out against you until you are contacted by a lender or debt collection agency, or until you are refused a credit card because of your poor credit history, it is important that you regularly check your credit report to ensure everything is as it should be, and to see that accounts have not been opened in your name unbeknownst to you.

You can apply for your report online from Irish Credit Bureau (www.icb.ie) for €6.

Moreover, you should also regularly monitor your bank account and credit-card statements. If you find a transaction that you don’t recognise, inform your bank immediately – even if it’s only for €2 – as fraudsters often start off with small amounts.

You should also shred all personal financial documents, rather than throwing them out in the recycling bin. It is recommended that you use a crosscut shredder as opposed to a stripcut version because, with a little glue, documents can be pieced back together. Argos has a range of crosscut shredders on sale from €27.99.

If you keep personal financial information on your computer or do your banking online, you will need to make sure that your computer is adequately secured, so ensure that you have the most up-to-date anti-virus software.

Ulster Bank, for example, offers free security software, Rapport, to its online banking customers. The technology works in the browser to directly protect customers from identity theft and financial fraud and can be downloaded from Ulster Bank’s website.

Finally, when throwing old computers away, be sure to destroy your hard drive first, as otherwise personal information you stored on the computer could be retrieved.

What should you do if you’ve been swindled?

If you suspect you have been a victim of banking fraud, contact your bank immediately. Most banks have dedicated fraud helplines. You will also need to report the incident to the Garda.

Whether you get your money back depends on the type of fraud.

For incidents concerning cards, the Code of Best Practice of the European Banking Debit Payments Industry on Card-Based Payments states that the maximum for which a cardholder can be held liable regarding transactions on a lost/stolen card they have reported as missing is €150. So, in general, if your card is lost or stolen, you won’t be liable for fraudulent transactions exceeding this – as long as you report them.

However, according to the Financial Regulator, if you do not take reasonable care in protecting your pin number, you might have to bear the cost of the fraud. For example, if there are no unsuccessful attempts to enter your pin number, this could be taken as proof that you did not keep your pin number secret.

If you have been a victim of skimming, there is a strong likelihood that you will get back the stolen funds, although compensation varies across financial institutions, and each case is treated individually.

For example, Bank of Ireland’s policy is to refund customers any losses as a result of genuine ATM skimming attacks, while Ulster Bank says it is “committed to investigating all claims and will work with customers to ensure a satisfactory resolution”.

On the other hand, if someone gains access to your internet account via phishing or a virus, you may not get a refund. Bank of Ireland, for example, does not refund losses as a result of this type of fraud.

If you have been a victim of investment fraud, the Investor Compensation Company Ltd offers compensation of up to 90 per cent of the amount lost, up to a maximum of €20,000, if the investment firm has been forced to go out of business.

To check whether your investment firm is a member of the scheme, see www. investorcompensation.ie.

Finally, if you’re still worried, you can consider identity theft insurance. AIG Direct offers a policy which costs from €15, and which offers compensation of €10,000 for each occurrence of identity theft.

It also includes cover for lost wages due to time off work, as well as solicitors’ fees.

Phishing for information

GIVEN THAT the volume of phishing e-mails purporting to be from banks has risen by more than 150 per cent in the past year, most people who use e-mail will probably have received one by now.

At first glance, the e-mail can appear authoritative. The bank’s logo will often be embedded in the e-mail to make it look realistic.

The subject line of such e-mails will confer a sense of urgency, such as, “Alert from AIB”, or “Urgent: your Bank of Ireland account needs immediate attention”, to try to get you to submit your information without considering the authenticity of the e-mail.

Additional information such as the name of the employee who sent the e-mail or a copyright tag will often be given to make it look more real.

For example, a recent fraudulent e-mail purporting to be from AIB read as follows:

“Dear AIB Customer,

For security reasons your Personal Access Code (PAC) has been locked. Please confirm your identity to unlock your PAC. Failure will lead to access suspension. Previous notifications have been sent. Copyright Allied Irish Banks plc 1995.”

If you click on the link in the e-mail, you will come to a page asking you for information such as your internet banking registration number, PAC and bank account details.

This information will then be used to access your bank accounts or, depending on the level of information given, will be used for more complex identity fraud.

While your common sense will stand you in good stead when sent such e-mails, another way of securing yourself is to ensure you have the right security software on your computer. If you had, it would, in the above instance, have prevented you from accessing the second page, and advised you that the website was “designed to trick you into submitting your financial or personal information to online scammers”.

Remember that banks never ask you for your full personal log-in information such as online user ID, full six-digit pin number and personal password information (either over the phone or online) in an unsolicited manner.

Phishing is not confined to banks. The Revenue Commissioners has also issued warnings regarding an e-mail that looks like it is coming from it, and which is seeking personal information from taxpayers in connection with a tax refund.