Appeared in Gulf News, August 28, 2009
Friday, August 28, 2009
Dubai: Scammers live off of the wages of honest people not just by using stolen credit cards alone. Fraudsters can go on a spending spree once they have your credit card details. No physical card is necessary.
Stealing information is no difficult task either. Fraudsters have become so brazen that they can do it offline, while you're using your card at a restaurant or shopping; and online, when you connect to the web.
Others can break into corporate security systems that store relevant data about cardholders. Fraudsters are equipped with hand-held devices called "skimmers." The small gadget can capture your card's information, which in turn can be used to make purchases online, over the phone or produce a clone of your credit card.
"Cardholders that lose sight of their cards are opening themselves to a significant likelihood of fraud. The equipment to record credit card details from the magnetic strip is readily available for less than $50. These details can then be used to create cloned credit cards," explains Paul Rodgers of Vendorcom.
Rodgers says chip and PIN cards have eliminated the ability to economically clone a card, but as long as the magnetic strip remains and retailers are not insisting on chip and PIN transactions, cardholders are at risk.
"If the card leaves the customer, there is an increased fraud risk from skimming. This is where the card information is read and then later used. The customer normally would not be liable for such situations," says William Keliehor, head of the card department at Citibank card's Middle East, Africa and Pakistan division.
"Cardholders do run the risk of having their card skimmed if it is taken out of their sight by the waiter or shop keeper, even for a few minutes. A dishonest employee may copy the card number and the three or four-digit card security code and then use this information to make purchases online or to commit white card fraud (using cloned cards) in countries where the EMV standard has not been introduced," said Andrew Rochford, business solutions consultant at ACI Worldwide.
Rochford says that EMV, a global standard for credit and debit payment cards based on chip card technology, has only been rolled out in a handful of countries in the Middle East. These include Qatar, Kuwait and the UAE, so consumers should be extra vigilant when they hand over their cards.
According to Jonathan Campbell-James, head of regional security and fraud risk at HSBC Bank Middle East, skimming is not new in the region.
"The skimming of credit cards has happened in the UAE, but it is much more common abroad. So, particularly when our customers are abroad, we recommend that they do not allow credit cards to be taken away and to be out of sight during point of sale transactions," he explains.
Although the credit card receipts you get from restaurants or other points of sale do not usually contain your full card number, your card can still be compromised.
Rodgers notes that some merchants still use older credit card systems that will reproduce your entire card number, rather than just the last four digits, onto your receipt.
"Even if some receipts have four of the card numbers blocked out, another receipt may have four different numbers blocked out, so anyone rummaging through your bin could easily put the puzzle back together and get your whole credit card number.
"Credit card receipts are a big security issue which should not be taken lightly," Vival Kumar, head of credit cards at Mashreq, points out.
Still, there are a lot of other ways in which fraudsters can steal your card details. These include new online transaction channels have opened up and grown in popularity.
"Phishing, where the fraudster attempts to get hold of sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy organisation, normally via email, is also a common problem the world over," Rochford says.
Another popular targets for criminals are data warehouses - a treasure trove of information about millions of cardholders.
"These are locations where all the card information about, typically, a large retailer's customer activity is usually stored for a number of years. There have been several known cases where data warehouses of retailers, and also banks, have been breached," notes Rochford.
In 2007, in one of the most famous cases, fraudsters broke into the security system of US retail giant TJX companies and stole information from about 90 million accounts.
Merchandise worth millions of dollars was later stolen using the credit card information.