All about bank card fraud: types, schemes, how to protect the card from fraudsters.
Bank Card Fraud: Divorce schemes
A plastic or virtual card is a universal magic tool in the financial space: we can transfer money to a person anywhere in the world, pay for purchases, and many people transfer their salary and pension to it.
Bank card fraud is the most common and "favorite" type of fraud among extortionists. Using various machinations, they use our personal data and steal money from gullible citizens.
Moreover, the methods of withdrawing funds can be very different: with the help of a phone call, and SMS, and through applications, etc. You should be extremely careful everywhere.
Phone fraud with bank cards. Scammers take good advantage of the fact that the phone has become an integral part of our lives. And since not everyone is familiar with the nuances of information security, their scams often end up not in favor of honest citizens.
The most common situation, which probably everyone has already heard about: sometimes a phone call can be heard, from which we suddenly learn about the vulnerability of our current account.
In a friendly voice “the "bank employee" begins to offer his help in closing a personal bank account. As soon as we call all the data to a "specialist", the scammers immediately withdraw money to their account.
Phone fraud during the pandemic
Many of us were at home because of the pandemic, which intensified bank card fraud over the phone. Very quickly, this moment was taken advantage of by extortionists using a smartphone.
Here are just a few new examples of how phone fraud occurs, followed by the theft of money from a credit card, given the current situation:
The phone receives an SMS notification about the accrual of compensation for a non-working period during the epidemic, for which it is suggested to call the bank back and communicate with the imaginary "employee".
The attackers call us with a notification that we were allegedly in contact with Covid-19 patients. In this regard, it is proposed to urgently pass a paid test for coronavirus, and in order not to violate the self-isolation regime, "laboratory staff" are ready to come to our house. For an urgent departure of the team, you need to make an advance payment.
In both cases, the fake person, whether it is a bank employee or medical staff, offers their online help to make a payment, and for this they need information about the account. After receiving the necessary data, the scammers withdraw money, and we, trusting citizens, are left with a zero balance.
Another common fraud is via SMS: for example, when we receive a message on our cell phone about the blocking of a credit card. Then there is information with an offer to call a certain number for free to get detailed information about unlocking.
Many immediately start urgently” free "to call the number indicated in the message, following the" instructions” on how to unlock the account. The call is kindly answered by a fraudster, posing as an employee of a particular bank, and sometimes even a representative of the "Payment Center" or Security Service.
The purpose of this communication is the same – to get confidential information from us on the card, as it is needed for "unlocking".
SMS fraud can be very diverse, so you need to be critical of questionable messages and do not rush to do what is written there.
Banks protect our personal accounts by any means available, but in any situation, it is important to remember that financial institutions do not send SMS notifications or call to clarify the status of their clients ' accounts. Our ignorance leads to the fact that it is phone fraud that often deprives us of savings.
Mobile banking. Under the scheme of fraud with bank cards falls very convenient for the use of the service "Mobile Bank". By default, the credit card is initially linked to Internet banking, and the protection for payments from fraudsters in this case uses the code from the SMS.
Have you ever noticed how sometimes in a store the cashier-operator intentionally or mistakenly passes the card through the reader several times, and the bank writes off double the amount? Usually, we do not check the balance after each purchase in the supermarket, and you can immediately notice this manipulation only through SMS alerts.
Many of us consciously save on the paid service "SMS notifications", not suspecting that timely notification of bank transactions can often prevent losses on unauthorized or erroneous debits.
Bankers do not recommend entering the "Mobile Bank" when using open Internet networks in hypermarkets. When you are in a shopping center, you are connected to an open Internet access point, and this way we make your phone visible and accessible to intruders.
One of the vulnerabilities of the “Mobile Bank " is the possibility of linking a third-party number without our knowledge. How is this possible? When entering into a contract with a bank, a wrong phone number is entered into the agreement by mistake, and sometimes intentionally, which allows you to connect to our "Mobile Bank".
A fraudster from his number can steal our money with impunity, and we will not notice this until the account is reset to zero. It is very difficult to prove fraud in this situation, so it is better to initially protect yourself and link the " Mobile Bank” to the email.
Virus Applications. Modern gadgets offer unlimited opportunities for online communication through installed applications, which require a credit card link to work with. At the end of 2019, Russian media reported on the spread of a new type of virus for gadgets with the Android operating system.
This virus, like a spy, is able to transfer our money to other people's accounts without our personal participation. The Trojan gets into our device and starts working for scammers, namely: the mobile banking window on our phone is replaced with a fake one.
Out of habit, we enter our data into mobile banking for payment, since we do not suspect anything bad, and at this moment, virus applications send all the information to attackers.
The virus can get access to SMS notifications, allowing online thieves to enter the banking under the guise of the owner of the credit card.
Previously, viruses that were introduced to the phone under the guise of updates (files, books, etc.) or new games (applications, browsers) were able to show fake windows for entering account data on the infected device. We were asked to download and install them. They also intercepted SMS messages with a confirmation code for payment.
Today, modified viruses can take control of banking applications on the phone. At the same time, the Trojan blocks SMS notifications about transferring money from an account or withdrawing cash, and we may not even assume about its penetration.
This is how money is stolen by this virus, which threatens the protection of access to the personal “electronic signature”as well. Many businessmen keep up with the times and use their digital signature, in other words, "cloud signature," on transactions with their property and finances.
You need to learn to be careful and attentive when using modern smartphones, if possible, choose only proven and licensed programs (including antivirus) and do not install several banking applications on one smartphone at once.
Cards linked to the phone
Regularly in the news channels of the media, you can read about new ways of stealing money from an account linked to a phone. It is very convenient to use such a credit card for faster payments, because in this case you do not need to remember its long number and other data.
Attaching a mobile phone to a bank account is not always safe: an unregistered SIM card in the phone can not be linked to a bank card, which is now enshrined in the law "On Communications". The mobile operator has the right to block such a SIM without explaining the reasons.
In case of problems with the SIM card, the owner of the credit card may automatically have problems with access to mobile banking, since the subscriber is not officially the owner, and it will not be possible to restore the old blocked number.
How do scammers withdraw money from a bank card when they lose their SIM card, phone, or even hand them over for repair? Scammers connect the forwarding of all SMS messages from our mobile phone and Internet banking to themselves, thus providing unhindered access to all banking operations.
Bankers advise not to link all accounts to one smartphone to protect yourself. If you choose between convenience and security, then for daily purchases it is better to link one frequently used card.
The new phone fraud scheme “Vishing". One of the most common schemes of cybercriminals in recent years has become “Vishing” - a type of fraud in which attackers under any pretext force us to provide confidential data in “our own interests”, that is, an artificially created situation that requires help from a specialist.
The purpose of the scammers is to extract secret personal information about the credit card under any pretext. To gain access to the owner's confidential data, imaginary assistants use telephone communication both in an automated mode and directly from the imaginary " operator” of the banking sector.
In many cases, during the day, we constantly start getting calls on our mobile phone from an unfamiliar Moscow number starting at 495. Calls from Moscow numbers are usually so persistent (sometimes up to ten calls per day) that we often give in and answer them.
As soon as we answer the call, we are immediately informed of important information about problems with our card, for example, that it is blocked, and the bank's security service has prevented an unauthorized debit attempt. Then the caller offers help in the current situation, which many of us agree to. Skimming. Have you ever heard of such a concept as skimming fraud? Translated from English, this translates as "skimming", that is, the theft of funds from the account. The main method of skimming is reading information from the magnetic stripe of a credit card and getting a PIN code.
The extracted personal data of the owner is recorded on a fake card, which allows fraudsters to withdraw money from the real one. This type of theft is carried out mainly by installing skimmer pads on ATMs.
A few years ago, all credit institutions were in a fever from skimming, and banks were forced to track every case together with the security service. The cases were massive, so bankers had to learn how to deal with skimming.
Now skimming is actually reduced to zero.
You can protect yourself from skimming and other types of credit card fraud if you follow the basic rules, namely:
Keep the PIN code secret.
Do not pass the credit card to other people.
Connect mobile banking with alerts.
Use the card only in those retail outlets that are verified and trustworthy.
Before performing a cash withdrawal operation, carefully inspect the ATM for suspicious devices.
For cash withdrawals and payments, if possible, choose ATMs located inside credit institutions, or those that are protected.
If possible, use credit cards with a microchip. Set the maximum limit for issuing funds per day.
If you receive an SMS message about a transaction that you did not make, immediately make a call to the bank and block the credit card.
If possible, do not throw away the receipts.
Although skimming is not as common as other types of fraud, it is better to be safe with these simple rules, because at any moment this scheme of deception can return again if we lose our vigilance.
Other types of bank card fraud. What other types of bank card fraud are there? To achieve their goals, extortionists use all possible available resources and platforms, for example, such as websites, online stores.
Usually, when making online purchases, we leave our personal information freely available, without thinking at all about the fact that someone can use it. When making a payment, we automatically link the account data for subsequent purchases.
Online stores "merge" the database of active customers to scammers, after which they start calling us and try to get credit card information under various fictitious pretexts. They include a constant auto-call, and sometimes even offer to help remove our data from the database for a fee.
Increasingly, there are cases when we start to call imaginary buyers after we left information about the purchase and sale on a fake site. We are asked to fill out a purchase request, and as soon as we fill out the invoice details and confirm the order, the money is immediately debited, and the technical support stops responding.
Fraud with bank cards can also be carried out through promotions and sales at low prices. Attackers use trap sites that post ads about global price cuts. For feedback, specify only the phone number from the messenger or email.
After confirming the product we have selected, we receive a link to pay for the order, which is linked to the fraudster's account. As a result, we pay for the delivery and the product itself on a fake one-day site, after which the site becomes unavailable or " freezes”, the support service also stops responding.
Cybercriminals often catch their victims while online shopping, because it is very difficult to crack the bank account security, so they do not neglect other schemes to gain access to money. They also use other available resources to achieve their goals.
What to do if you receive a disturbing text message or a call from a relative. The most common type of fraud is a scheme in which there is an acute reaction to a message received or a phone call about an accident with a close relative. We are initially misled about the trouble that has happened by a message or a call from a relative.
Usually you receive a message about urgent assistance in monetary terms: you are required to transfer a certain amount from your bank account and call back. The transfer of money must be carried out according to the details specified in the message, which immediately arrives as soon as we agree to help a loved one.
Fraudsters can even personally call and introduce themselves to a good friend of a relative and report that he was detained by police officers for committing a crime. Then an imaginary police officer joins the conversation, promising to release a relative for money and settle everything.
In a heartfelt rush, we are ready to give the latter, but no matter how convincing the arguments presented are, you do not need to rush to transfer money, it is better to calm down and try to find out the details of what happened – this will scare away scammers and allow you to recover a little.
If it was not possible to clarify the situation immediately, then you can try to do the following:
Ask a fictional friend leading questions, the answers to which only you and your relative know.
If you are talking to an alleged law enforcement official, ask which police station the relative was taken to.
You can dial " 02” and find out the number of the duty station of this police department, as well as try to find out whether the relative is really there, and who is dealing with his case.
And it is better to call back to the mobile phone of a relative. If it is disabled, you need to contact any mutual acquaintances or his work colleagues, friends for more information.
It would seem that these frauds with bank cards are as old as the world, but nevertheless, every day people fall for such tricks of scammers. Pensioners are especially gullible, so if there are elderly people in your family, be sure to warn them about possible deception.
What information about your card is needed by fraudsters. Every time we receive a new credit card, we fill in our personal data, which must be kept secret afterwards. But very often, we ourselves give out the information that fraudsters need to steal our money.
The inviolability of our personal data is enshrined in the Federal Law “On Personal Data”, which ensures the protection of our rights and freedoms when processing them, including personal and family secrets.
With the development of the digital economy, the provision of personal data has become the norm, and the distribution or provision of free access to it is punishable. The responsibility for the safety of the personal account data lies with its holder, that is, with each of us.
A debit card is not only a store of our money, it contains almost all the personal information about the user. If you fraudulently get into the history of transactions, you can create a financial portrait of the holder and get access to sources of income.
Knowing about the vulnerabilities of credit cards, scammers use various tricks and schemes for accessing databases for storing confidential information. So what card details do fraudsters need?
Credit card number.
First and last name of the owner.
The validity period of the credit card.
The card's CVV or CVC authentication code, which is located on the back of the card and consists of 3 or 4 digits.
PIN-code – strictly confidential information from the numbers that we receive initially together with the credit card and can change in the future independently.
All these details (except the PIN code) are indicated on the plastic itself, and some of them can be communicated to other persons, for example, to receive a certain amount or pay for goods in an online store:
Credit card number. If only this information is available to the fraudster, then he will not be able to do anything illegal.
Account number. Each card has a score that consists of 20 digits. Getting data only about the account number does not pose any danger.
First and last name of the credit card holder. Disclosure of only this data does not pose any threat.
The last 3 or 4 digits of the credit card number. This data helps the bank's employees to resolve our questions over the phone. Fraudsters will not be able to make any transactions with our account, knowing only these numbers.
If you tell outsiders some details separately, it does not always lead to hacking. We may not even know that a fraudster uses a credit card in such situations.
How to return money withdrawn by fraudsters from the card? In theory, it is possible to return our funds if you contact the police, but usually scammers use such clever schemes that do not allow you to find the missing money.
The conclusion is obvious: you have learned how fraudsters withdraw money from the card, and only we can initially protect ourselves from cyber fraud. To do this, you need to keep track of who we share your personal information with and why. Any data for outsiders is the key to the door behind which our savings are stored.
Details that should not be disclosed to anyone under any circumstances:
PIN code. If we disclose it, any person can withdraw money from our account, even close people and friends, not to mention cybercriminals.
CVC/CVV2 code. Without this code, we will not be able to make payments in the online space and do shopping in online stores, so we cannot transfer it to third parties.
Credit card number and expiration date. It is also impossible to disclose this data to outsiders, because you can use it to make purchases in large online stores.
The 3D-Secure code. This code is one-time, and in certain cases, phone operators are asked to report it. If the attackers know the details of your credit card, then this code will be the last step on the way to the account.
All the bank details at the same time. When we disclose all the details to the attacker at once, we give him free access to our money.
Today, most applications are linked to email and / or phone, so if fraud is detected with our account, you need to change all passwords in online banking, email, social networks and phone as soon as possible.
If there are still funds in the account, then you need to try to quickly withdraw them or cash them out with the help of a bank employee. The bank will not be able to cancel unauthorized transactions after they are made, so we try to call it as soon as possible. You can also log in to your mobile banking on your phone and lock your account there yourself.
Blocking is a complete freezing of the account. After that, it will be impossible to make any payments, pay for services, goods, and withdraw cash.
Attackers can get hold of the passwords from the accounts where we entered the data, and take advantage of this. Many markets provide the opportunity to withdraw cash directly at the checkout, for this, any buyer just needs to sign a check.
Let's say you didn't have time to block your account, if a fraudster withdrew money from your card, what should you do? Similarly to the previous situation, it is necessary to write an application to the bank with the notification of specific unauthorized transactions and provide it on the day of the theft of money.
After the loss, theft or “leakage” of money, the credit card must be blocked and re-issued. You should also immediately write a statement to the police about fraudulent activities. Rule one-act!Let's take a detailed look at how to return the money withdrawn by fraudsters from the card. There is a certain mechanism that should be strictly adhered to, because according to the law, credit institutions can refuse to fulfill their obligations.
You can return the missing funds if two conditions are met at the same time:
We had to strictly follow the rules for using the credit card and can confirm this, that is, we did not tell anyone the PIN code and did not pass it on to third parties.
The bank was notified of the unauthorized transactions within 24 hours.
The phone number to call in such cases is indicated on the plastic. If the credit card is lost, then you should call the all-Russian hotline number or come directly to the bank branch where the credit card was issued.
Sometimes we do not know that according to the law, the bank is obliged to notify us of all transactions on the account. Usually, the notification method is specified in the contract for the provision of services – these are SMS messages or emails.
It is not superfluous to clarify and carefully read the bank agreement and then follow the instructions of the bank. If the money was debited as a result of fraudulent actions, and the bank did not report these operations, we have the right to claim compensation for the missing amount in full. Then you need to contact the nearest police station and write a statement on the fact of theft or fraud.
Many credit organizations are not interested in paying us the missing funds, but when law enforcement agencies are also involved, there is a chance to return their savings.
How to protect your card from fraudsters. Bank card fraud is a put-on-stream criminal business. To protect each of us from crooks, first of all, only care and common sense can protect us, and it is better to take care of data protection in advance.
How to protect your bank card from fraudsters? There are some good ways to do this:
Connect a mobile bank to track all transactions on the account and, in extreme cases, quickly respond to the actions of intruders.
Do not store large amounts of money in one account for us personally. It is worth having several debit cards for different purposes and using one card only for online payments, and the other, for example, for daily grocery purchases.
For credit cards with a contactless payment method, you should set a minimum credit limit when paying without a PIN code, or do not set it at all – then payment without a password will not work.
Never give your credit card into the hands of third parties.
Do not tell anyone the PIN code.
Do not make a payment in response to an unfamiliar SMS message.
When there is a suspicion or fact of unauthorized debiting of funds from the account, it is necessary to block it without delay.
From all the credit cards on the reverse side, it is better to erase the CVC/CVV2 code, rewrite it and store it in a place accessible only to yourself.
In addition, you can purchase protective accessories, such as holders, special wallets and shielded wallets, which contain shielding material that protects against radio signals from fraudsters. They are especially relevant for contactless credit cards.
Vigilant media daily inform us that bank card fraud is rampant, as crooks do not tire of inventing more and more new schemes of deception.
More and more often there are fraudulent sites and platforms that offer cheap goods, products and even current antiseptics and protective masks, for which we use credit cards to pay. And when you make a purchase on such services, we automatically fall into a trap: our data will be used against us.
How to deal with various fraudulent schemes? The main thing is never to call back to unfamiliar numbers, especially if they start with 495 (the scheme with numbers may change). After each such call, you need to add such a number to the blacklist or block it, as well as use an automatic caller ID.
For advanced gadget users, the cyber police recommends installing special applications designed to block unwanted numbers. Moreover, some programs have built-in databases of phone numbers of intruders and can independently control unwanted calls.
If you receive a call from an organization with which you have cooperated and have given your consent to the processing of personal data, then you simply need to revoke this permission. For the illegal use of the number and personal data of an outsider, the liability is provided for from 30 to 50 thousand rubles.
Falsification of information, deliberate concealment of the truth, abuse of trust for selfish purposes – all this is also fraud. There are many ways, and the goal is always the same – to get to our savings on the map.
Share in the comments, how often have you encountered cyber fraud, and how have you learned to protect yourself from it?