A counterfeit card is a card that is “manufactured” fraudulently and not genuinely issued by a bank. Criminals manufacture counterfeit cards using compromised card data. Generally, stolen bank cards or other cards with a magnetic strip are encoded with the compromised card data. In some instances, cards are manufactured from scratch and even may include forged branding. Alternatively, plain white plastic is used to encode the compromised data.
The card data is mostly compromised through skimming. Criminals use skimming devices to read and store data on the magnetic strip of a genuinely issued bank card. For a card to be skimmed, it needs to be pulled through, or inserted into a skimming device. Hand held skimming devices are small and can easily be concealed. ATM skimming devices are fixed onto the ATM itself and are quite difficult to spot. Compromised POS devices are also used to skim cards. A software program is then used to transfer the compromised card data onto the counterfeit card.
If a counterfeit card is to be used at an ATM, the correct PIN number will also be needed. PIN numbers are mostly stolen by shoulder surfing.
CNP (Card Not Present)Fraud
The data necessary to perpetrate CNP fraud is compromised in various ways ranging from the physical theft of data off a genuine card (low tech) to large scale data breaches (high tech). While bank clients are not able to directly mitigate the risk of high tech data breaches, they can contribute significantly to migrate the risk of low tech modus operandi by following the tips below.
With regards to low tech CNP Fraud, criminals will memorise or write down the card number, expiry date and CVV2/CVC2 (three digits at the back of the bank card) without the knowledge of the bank client when card is handed over for payment. With this information, the criminal can transact fraudulently on the internet or phone as if they are the genuine card holder. Criminals also steal records at merchants where copies of the front and back of bank cards are kept or where such details are recorded on documents.
Criminals are also known to ask for card numbers, expiry dates and CVV/CVS numbers in phishing emails. Malware is further utilised to search for card related information and to send it to a destination under control of the criminal.
Lost Card Fraud
Lost card fraud is a fraudulent transaction that occurs on a valid issued card after a cardholder has lost his/her card and is therefore no longer in possession of it.
Stolen Card Fraud
Criminals steal genuine bank cards together with correct PIN numbers. These cards are then used immediately at the nearest ATM to withdraw cash followed by purchases at stores until the account is empty or the card is stopped because the victim reported the theft. Stolen card fraud therefore refers to fraud that results from a fraudulent transaction that is performed on a validly issued card that was stolen from a legitimate owner.
Account Take Over Fraud
Account Takeover Fraud takes place when an existing account is taken over by someone posing as the genuine account holder who then uses the account for their own benefit while pretending to be the genuine account holder. The common denominator for both Account Takeover Fraud and False Application fraud is the fraudsters’ access to personal information of their victims. In many instances the criminal will obtain personal or client specific information and pretend to be the client to apply for a replacement card, which once received, is used fraudulently.
Not Received Issued Card Fraud
Not Received Issued Card Fraud relates to the interception of genuinely issued cards before they reach authentic customers. Impostors then use intercepted cards fraudulently.
- Review your account statements on a regularly and query disputed transactions with your Bank immediately.
- When doing online shopping, only use your card to make payments on secure websites.
- Do not send emails that quote your card number and expiry date.
- Never let the card out of your sight when making payments.
- Ensure that you get your own card back after every purchase at a merchant.
- While transacting, always keep an eye on the ATM card slot to ensure that your card is not removed, skimmed and replaced without your knowledge.
- Never write down your PIN or disclose it to anyone.
- Report lost and stolen cards immediately.
- Destroy your credit card receipts before discarding them.
- Sign your card on the signature panel as soon as you receive it to prevent anyone else from taking ownership or trying to use it.
- Your credit card is not transferable. Only the person whose name appears on the front of the card is authorised to use it. The same applies to debit cards, even though they don’t contain your name on the front of the card.
- If you have a debit, cheque and credit card, don’t use the same PIN for all of them as should you lose one, the others won’t be at risk of being compromised.
- Always check transaction slips for the correct purchase amount before you sign them.
- Keep your transaction slips and check them against your statement to spot any suspicious transactions so that you can query them immediately.
- Subscribe to your Bank’s SMS notification services as this will inform you of any transactional activity on your account.
- Make a list of all your cards and their numbers, but make sure you store these in a safe place.
- Should your card be retained by an ATM, contact your Bank and ensure that you block your card before leaving the ATM.
- Never write down your PIN or disclose it to anyone.
- Protect your cards as if they were cash. Never let them out of your sight and ensure that you get them back after every purchase.
Important tips to avoid fraud if you are a merchant:
- Hold the card until the transaction is completed. Ensure that the card security features are present.
- Compare the cardholder’s signature on the card to that on the sales voucher.
- Phone for authorisation if requested to do so by the point of sale device.
- Make an imprint of the card in the case of a manual transaction.