3-D Secure is a security standard for online vendors to reduce risks in online business. The cardholder can confirm identity through a personal password: developed jointly by Visa and Mastercard.
With card trapping (formerly known as Lebanese Loop or Marseilles collar), criminals manipulate an ATM so that cards stick inside. As the victim tries to withdraw money, the perpetrators materialize as ‘helpers’, who advise the cardholder to try the pin again. When the victim finally leaves the cash machine, the ‘helpers’ remove the card from the machine and – knowing the PIN – steal money from the account.
In cash trapping, the perpetrators mount a trap on the cash release portal so that the money remains inside. When the cardholder leaves the cash machine, thinking that there is a defect in the machine, the criminals remove the money from the portal.
Darknets are criminal online marketplaces in the anonymous areas of the Internet, where illegal trading is carried out.
Unauthorized persons manage to infiltrate a company network to steal sensitive, confidential, or protected data from the company and misuse it. Many professional and government security measures are in place prevent this, by specifying who has access to the data. Companies proven to have a careless or inadequate approach to protecting sensitive data can be penalized, fined, or otherwise punished. As an individual, it is hardly possible to protect oneself from such attacks. Card issuers work with the highest security standards to protect sensitive information.
Using a false identity, perpetrators trigger an apparent defect in a cash machine. Later, they appear again the guise of technicians, police, or bank employees. They request the victim to enter the PIN again and note it. Using a smokescreen or excuse, they take possession of the card, switch it with another and steal money from the account.
Shopping online is becoming more and more popular and order fraud has become a widespread criminal offense. People’s personal data is misused to shop online under their names; goods are then delivered to another address. The surname, first name, and date of birth are often sufficient for online shops to ship goods on account; the victims do not even notice the fraud until they receive the payment requests and reminders. This stems from the fact that many retailers do not, or only insufficiently, verify purchasers’ identities.
Shopping online is more and more popular and has turned ordering fraud into a common crime. Here, your personal data is misused by criminals to shop online in your name; the goods are shipped to another address. Often, online shops ask only for a last and first name and birthdate of the ordering party to send merchandise out with a bill. The victim of such fraud knows nothing of this action until late payment requests arrive. The big problem here is that the identity of the party ordering is not, or is not sufficiently, checked.
There are two kinds of card theft. In the normal variation, the perpetrators utilize a moment of inattention on the part of the cardholder, i.e. while shopping, traveling, in a restaurant or at an event. They steal either the wallet or the account, debit or credit cards. Exactly this kind of theft underlines why it is so important never to store your pin with or in proximity to your card.
Trick theft involves observation of the victim while cash withdrawal is taking place, or while the card is being used. They manage to obtain the PIN and then try to steal the card, often while a diversionary trick is being performed, such as dropping packages on the floor, emptying out a wallet, knocking over the victim’s drink, etc. The victim is distracted and the thieves strike. Then in possession of the card and PIN, they steal money from the victim’s account. As such cases illustrate, it is vital to enter your PIN so that it is concealed.
Trick theft is often carried out in heavily frequented areas near cash machines or payment terminals (like ticket machines in stations).
As soon as criminals obtain the needed card information, they undertake a shopping spree – in person in stores and on the Internet. For this reason, it is critical that these rules are followed:
- Handle your card as if it were cash
- Close your card account immediately if suspicious or unauthorized transactions are discovered.
- Bring abuse to the attention of the police
- Thoroughly check your card and account statements
- Stop possible debits used to pay card bills
In phishing, the perpetrators try - using counterfeit websites, Emails or instant messages – to obtain confidential information. They request victims’ information on card numbers or PINs, ask for confirmation online, or try to change them. The fraudsters often employ highly professional methods to take over or fabricate whole websites from card issuers, successfully fooling their victims.
Similarly, criminals try vishing, also called voice phishing, using automated calls from the Internet to obtain information from potential victims.
Skimming is a type of fraud that has decreased with the development of new card chips. It takes place primarily at ATMS or payment terminals – for example, when buying train tickets. Perpetrators obtain information about accounts, debit, or credit cards; they then mount ‘traps’ on payment terminals (i.e., ticket machines at stations or payment terminals at gas stations) so that they can copy information off magnetic stripes. The PIN is then copied through the fraudulently mounted mini-cameras or keyboard traps. In Switzerland and the European area, money cannot be withdrawn without a counterfeit protection chip, so the perpetrators use card copies to obtain money outside Europe. The geographic origin of the card is thus important.
The most common fraud trick used in Internet or telephone shopping is the so-called Phishing or Vishing. This is a special kind of social engineering attack. Here, criminals try to obtain confidential data, misusing willingness to help, good faith, or uncertainty. For example, they identify themselves on the telephone as a ‘system administrator’ and announce that a computer problem has been discovered and that the victim’s boss has instructed them to attend to the issue. If successful, they can obtain usernames and passwords that they can use to damage other people or whole organizations.
Token technology is used for the identification and authentication of users (for example for online payments with the card. The token is usually an element of a system that checks entry attempt with the help of two-factor authentication. It stores information to identify and authenticate users.