Everything about fraud with bank cards: types, schemes, how to protect the card from fraudsters
In the current conditions of the coronavirus pandemic, scammers have actively launched their activities: fraud with bank cards is becoming more and more popular. Against the background of significant changes in Russian legislation, deception schemes have become more sophisticated, and the number of victims is growing every day!
In this article, I want to focus your attention on fraud with bank cards, for which cybercriminals very often use official relations, blackmail, or the dependent position of the chosen victim. Naturally, for this it is convenient for them to use the most demanded and so beloved of our gadgets.
Here we will consider not only how to protect bank card data, but also the rules for refunding funds in case the theft does occur and what to do if you receive a fraudulent SMS or call.
Bank Card Fraud: Divorce Schemes
A plastic or virtual card is a universal magic tool in the financial space: we can transfer money to a person anywhere in the world, pay for purchases, salaries and pensions are transferred to many of them.
Fraud with bank cards is the most widespread and “favorite” type of deception among extortionists. Using various schemes, they use our personal data and steal money from gullible citizens.
Moreover, the methods of withdrawing funds can be very different: using a phone call, and SMS, and through applications, etc. You should be extremely careful everywhere.
Bank card phone fraud
Fraudsters take advantage of the fact that the telephone has become an integral part of our lives. And since not everyone is familiar with the nuances of information security, their scams often end not in favor of honest citizens.
The most common situation, which everyone has probably already heard about: sometimes a phone call can be heard, from which we suddenly learn about the vulnerability of our current account.
In a gracious voice, the “bank employee” begins to offer his help in closing a personal bank account. As soon as we call all the data to the "specialist", the fraudsters immediately withdraw money to their account.
Phone fraud during a pandemic
Many of us were at home due to the pandemic, which intensified fraud with bank cards on the phone. The ransomware quickly took advantage of this moment using a smartphone.
Given the current situation, here are just a few new examples of how phone fraud occurs with the subsequent theft of money from a credit card:
- The phone receives an SMS notification about the accrual of compensation for the non-working period during the epidemic, for which it is proposed to call the bank and talk to an imaginary "employee".
- Attackers call us with a notification that we were allegedly in contact with Covid-19 patients. In this regard, it is proposed to urgently pass a paid test for coronavirus, and in order not to violate the self-isolation regime, the "laboratory staff" are ready to come to our house. For an urgent departure of the brigade, you need to make an advance payment.
In both cases, a dummy person, be it a bank employee or a honey. staff, offers their online help to make a payment, and for this they need account information. After receiving the necessary data, scammers withdraw money, and we, gullible citizens, are left with a zero balance.
SMS notifications
Another common fraud is via SMS: for example, when we receive a message on our cell phone that a credit card has been blocked. The following is information with an offer to call a certain number for free for detailed information on unlocking.
Many people immediately start urgently calling the number indicated in the message, following the “instructions” on how to unblock the account. The call is kindly answered by a fraudster, posing as an employee of this or that bank, and sometimes even as a representative of the Unified Payment Center ”or the Security Service.
The purpose of this communication is one - to receive from us confidential information on the card, as it is needed to “unlock”.
SMS fraud can be very diverse, so you need to be critical of dubious messages and not rush to do what is written there.
Banks protect our personal accounts with any available means, but in any situation it is important to remember that financial institutions do not send SMS notifications and do not call to clarify the data on the status of their clients' accounts. Our ignorance leads to the fact that it is telephone fraud that often deprives us of our savings.
Mobile bank
The "Mobile Bank" service, which is very convenient for use, falls under the schemes of fraud with bank cards. By default, the credit card is initially tied to Internet banking, and in this case the code from SMS is used as protection for payments from fraudsters.
Have you ever noticed how sometimes a cashier-operator in a store, on purpose or by mistake, passes the card through the reader several times, and the bank debits a double amount? Usually, we do not check the balance after each purchase in the supermarket, and you can instantly notice such a manipulation only through SMS notifications.
Many of us deliberately save on the paid SMS-notification service, not suspecting that timely notification of banking operations can often prevent losses due to unauthorized or erroneous write-offs.
Bankers do not recommend entering the Mobile Bank when using open Internet networks in hypermarkets. When you are in a shopping center, a connection is made to an open Internet access point, and thus we make our phone visible and accessible to intruders.
One of the vulnerabilities of the "Mobile Bank" is the ability to link an outside number without our knowledge. How is this possible? When concluding an agreement with a bank, someone else's phone number is mistakenly and sometimes deliberately entered into the agreement, which allows you to connect to our "Mobile Bank".
A fraudster from his number can steal our money with impunity, and we will not notice this until the account is reset. It is very difficult to prove fraud in this situation, so it is better to initially secure yourself and link Mobile Bank to your e-mail.
Virus Applications
Modern gadgets offer endless opportunities for online communication through installed applications, which require a credit card link to work with. At the end of 2019, Russian media reported about the spread of a new type of virus for gadgets with the Android operating system.
This virus, like a spy, is able to transfer our money to other people's accounts without our personal involvement. The Trojan enters our device and starts working for fraudsters, namely: the mobile banking window on our phone is replaced with a fake one.
We habitually enter our data into mobile banking for payment, since we suspect nothing bad, and virus applications at this moment send all the information to the attackers.
The virus can access SMS notifications, allowing online thieves to enter banking under the guise of a credit card holder.
Previously, viruses that were introduced to the phone under the guise of updates (files, books, etc.) or new games (applications, browsers) were able to display fake windows for entering account data on an infected device. We were asked to download and install them. They also intercepted SMS messages with a confirmation code for payment.
Today, modified viruses can take control of banking applications on the phone. At the same time, the Trojan blocks SMS notifications about money transfer from an account or cash withdrawal, and we may not even assume about its penetration.
This is how this virus steals money, which jeopardizes the protection of access to the personal “electronic signature” as well. Many businessmen keep up with the times and use their EDS, in other words, “cloud signature,” on transactions with their property and finances.
You need to learn to be careful and attentive when using modern smartphones, if possible, choose only proven and licensed programs (including anti-virus) and not install several banking applications on one smartphone at once.
Cards linked to the phone
Regularly, you can read about new ways of stealing money from an account tied to a phone in the news media channels. It is very convenient to use such a credit card to make payments faster, because in this case you do not need to remember its long number and other data.
Attaching a mobile phone to a bank account is not always safe: an unregistered SIM card in a phone cannot be linked to a bank card, which is now enshrined in the Law on Communications. A mobile operator has the right to block such a SIM without giving any reason.
In case of problems with the SIM card, the owner of the credit card may automatically have problems with access to mobile banking, since the subscriber is not officially the owner, and it will no longer be possible to restore the old blocked number.
How do scammers withdraw money from a bank card when they lose a SIM card, phone, or even return it for repair? Scammers connect to themselves the forwarding of all SMS messages from our mobile phone and Internet banking, thereby providing unhindered access to all banking operations.
Bankers advise not to link all accounts to one smartphone in order to protect yourself. If you choose between convenience and security, then for daily purchases it is better to link one frequently used card.
New scheme of telephone fraud "Wishing"
One of the most common cybercriminals schemes in recent years has become Vishing - this is a type of fraud in which cybercriminals, under any pretext, force us to provide confidential data in “our own interests,” that is, a situation is artificially created that requires assistance from a specialist.
The purpose of fraudsters under any pretext is to extract secret personal information about a credit card. To gain access to the owner's confidential data, the imaginary assistants use telephone communication both in an automated mode and directly from the imaginary "teller" of the banking sector.
In many cases, during the day, we are constantly being called on our mobile phone from an unfamiliar Moscow number starting with 495. Calls from Moscow numbers are usually so persistent (sometimes up to ten calls per day) that we often give in and answer them.
As soon as we answer the call, we are immediately informed of important information about the problems with our card, for example, that it is blocked, and the bank's security service prevented an unauthorized write-off attempt. The caller then offers help with the situation, which many of us agree to.
We are convinced of an urgent solution to the situation that has arisen, while not all the money has been stolen yet. Very consistently, scammers try to get from us all the personal information about the credit card, send new passwords and PIN codes in SMS notifications. In a soothing voice, “bank employees” offer various possible protection options.
It is not always easy to guess that the kind helper on the other end of the line is a fraud, but in any case it is possible. Initially, you can thank for your vigilance and find out the position, initials of the calling employee of the credit institution and make an attempt to call the hotline.
It is better to use your other number to clarify the current situation, because today ransomware has technologies that allow redirecting all subsequent calls to the fraudsters' phone device.
I hope you now understand what vishing is. Remember the main thing: we ourselves, without coercion, threats or requests, agree to the help of a telephone scammer and voluntarily provide all the confidential data of our debit card. And only vigilance and informational content will help save our money.
Skimming
Have you ever heard of such a concept as skimming fraud? Translated from English, this translates as "skimming", that is, theft of funds from the account. The main method of skimming is reading information from the magnetic stripe of a credit card and obtaining a PIN code.
The obtained personal data of the owner is recorded on a fake card, which allows fraudsters to withdraw money from the real one. This type of theft is carried out mainly by installing skimmer pads on ATMs.
A few years ago, all credit organizations were in a fever from skimming, and banks were forced, together with the security service, to monitor every case. The cases were massive, so bankers had to learn how to deal with skimming.
Skimming is now virtually zero.
It is possible to protect yourself from skimming and other types of credit card fraud if you follow the basic rules, namely:
- Keep your PIN confidential.
- Don't give your credit card to other people.
- Connect mobile banking with alerts.
- Use the card only in trusted and verified retail outlets.
- Before carrying out a cash withdrawal operation, carefully inspect the ATM for any suspicious devices.
- To withdraw cash and make payments, if possible, choose ATMs located inside credit institutions, or those that are guarded.
- Use microchip credit cards whenever possible. Set the maximum limit for the withdrawal of funds per day.
- If you receive an SMS message about an operation that you have not performed, immediately call the bank and block the credit card.
- If possible, do not throw away checks.
Although skimming is not as common as other types of fraud nowadays, it is better to play it safe with these simple rules, as at any time this scheme of deception could return again if we lose our guard.
Other types of fraud with bank cards
What other types of credit card fraud are there? To achieve their goals, the ransomware uses all kinds of available resources and platforms, for example, sites, online stores.
Usually, when shopping online, we leave our personal information in the public domain, without thinking at all that someone can use it. When making a payment, we automatically link the account data for subsequent purchases.
Online stores "leaked" the database of active buyers to scammers, after which they start calling us and, under various fictitious pretexts, try to get credit card information. They include constant auto-dialing, sometimes they even offer to assist in deleting our data from the database for a fee.
There are more and more cases when imaginary buyers start calling us after we have left information about the purchase and sale on a fake website. We are invited to fill out a purchase application, and as soon as we fill in the invoice data and confirm the order, the money is immediately debited, and technical support stops responding.
Frauds with bank cards can also be carried out through promotions and sales at low prices. Attackers use trap sites to post announcements of global price reductions. For feedback, only the phone number from the messenger or email is indicated.
After confirming the selected product, we receive a link to pay for the order, which is linked to the fraudster's account. As a result, we pay for delivery and the goods themselves on a fake one-day site, after which the site becomes unavailable or "freezes", the support service also stops responding.
Cyber fraudsters often catch their victims while shopping online, because it is very difficult to hack bank account protection, so they do not neglect other schemes to gain access to money. To achieve their goals, they use other available resources.
What to do if you receive an alarming SMS message or a call from a relative
The most common type of fraud is a scheme in which there is a strong reaction to the received message or phone call about unhappiness with a close relative. We are initially misled about the misfortune with a message or a call from a relative.
Usually, you receive a message about urgent assistance in cash: you are required to transfer a certain amount from your bank account and call back. The transfer of money must be carried out according to the details specified in the message, which immediately arrives as soon as we agree to help a loved one.
Fraudsters can even personally call and introduce themselves as good friends of a relative and report that he was detained by police officers for committing a crime. Then an imaginary police officer joins the conversation, promising to release a relative for money and settle everything.
In a spiritual impulse, we are ready to give up the last, but no matter how convincing the arguments presented, there is no need to rush to transfer money, it is better to calm down and try to find out the details of what happened - this will scare off the scammers and allow you to come to your senses a little.
If it was not possible to clarify the situation immediately, then you can try to do the following:
- Ask a fictional friend leading questions, the answers to which only you and your relative know.
- If you are talking to an alleged law enforcement official, ask which police station the relative was taken to.
- You can dial “911” and find out the number of the duty unit of this police department, as well as try to find out if the relative is really there and who is in charge of his case.
- And it is better to call a relative's mobile phone back. If it is disabled, you need to contact any mutual acquaintances or his work colleagues, friends to clarify information.
It would seem that these frauds with bank cards are as old as the world, but nevertheless, every day people fall for such tricks of swindlers. Pensioners are especially gullible, so if there are elderly people in your family, be sure to warn them about possible deception.
What information about your card do scammers need
Each time we receive a new credit card, we fill in our personal data, which subsequently need to be kept secret. But very often we ourselves give out to scammers the information they need to steal our money.
The inviolability of our personal data is enshrined in law by the Federal Law "On Personal Data", which is to ensure the protection of our rights and freedoms during their processing, including personal and family secrets.
With the development of the digital economy, the provision of personal data has already become the norm, and the dissemination or provision of free access to them is punishable. Responsibility for the safety of personal account data lies with its holder, that is, with each of us.
A debit card is not only a storehouse of our money, it contains almost all personal information about the user. If you fraudulently enter the history of transactions, you can draw up a financial portrait of the holder and gain access to sources of income.
Knowing about the vulnerabilities of credit cards, scammers use various tricks and schemes to access the databases for storing confidential information. So what card details do scammers need?
- Credit card number.
- Name and surname of the owner.
- Credit card validity period.
- The verification code of the CVV or CVC card, which is located on its back side and consists of 3 or 4 digits.
- PIN-code is strictly confidential information from numbers, which we initially receive together with a credit card and in the future we can independently change it.
All these details (except for the PIN code) are indicated on the plastic itself, and some of them can be communicated to other persons, for example, to receive a certain amount or pay for goods in an online store:
- Credit card number. If only this information is available to the fraudster, then he will not be able to do anything illegal.
- Account number. Each card has an account that consists of 20 digits. Obtaining data only about the account number does not pose any danger.
- Name, surname of the owner of the credit card. The disclosure of only this data does not pose any threat.
- The last 3 or 4 digits of the credit card number. This data helps the bank employees when solving our questions over the phone. Fraudsters will not be able to perform any operations with our account, knowing only these numbers.
If you tell unauthorized persons some of the details separately, then this does not always lead to hacking. We may not even know that a fraudster uses a credit card in such situations.
How to return money withdrawn by fraudsters from the card? In theory, it is possible to return our funds if we contact the police, but usually scammers use such clever schemes that do not allow them to find the disappeared money.
The conclusion suggests itself: you learned how fraudsters withdraw money from a card, and only we ourselves can initially protect ourselves from cyber fraud. To do this, you need to keep track of who and why we share personal information. Any data for strangers is the key to the door behind which our savings are stored.
Details that should not be disclosed to anyone under any circumstances:
- Pin. In the event that we disclose it, any person can withdraw money from our account, even close people and friends, not to mention cyber fraudsters.
- CVC / CVV2 code. Without this code, we will not be able to make payments in the online space and do shopping in online stores, so we cannot transfer it to third parties.
- Credit card number and expiration date. It is also impossible to provide this data to outsiders, because with their help you can make purchases in large online stores.
- 3D-Secure code. This code is one-time use, and in certain cases telephone operators ask you to provide it. If the attackers know the details of your credit card, then this code will be the last step on the way to the account.
- All requisites at the same time. When we disclose all the details to the attacker at once, thereby providing him with free access to our money.
If the attackers received the credit card details - the owner's full name, number, expiration date, security code, then there is nothing easier for them how to start paying for her goods on online platforms. Many already know that such global online shopping giants as Amazon or AliExpress do not require SMS confirmation from customers when paying for an order.
What to do if scammers have already managed to steal money from the card
Today, most applications are tied to email and / or phone, so if fraudulent activities are detected with our account, you need to change all passwords in online banking, e-mail, social networks and phone as soon as possible.
If there are funds left on the account, then you need to try to quickly withdraw them or cash out with the help of a bank employee. The bank will not be able to cancel unauthorized transactions after they have been completed, so we try to call him as soon as possible. You can also log into your mobile banking on your phone and block your account there yourself.
Blocking is a complete freeze of the account. After that, it will be impossible to make any payments, pay for services, goods and withdraw cash.
Attackers can get hold of the passwords from the accounts where we entered the data and take advantage of this. Many markets provide the ability to withdraw cash directly at the checkout, for this any customer only needs to sign a receipt.
Let's say you didn't have time to block your account, if a fraudster has withdrawn money from the card, what should you do? Similarly with the previous situation, it is imperative to write an application to the bank with a dismissal of specific unauthorized transactions and provide it on the day of the theft of money.
After the loss, theft or “leakage” of money, the credit card must be blocked and ordered to be reissued. It is also worthwhile to immediately write a report to the police about fraudulent activities. There is only one rule - to act!
Let's take a closer look at how to get back the money withdrawn from the card by fraudsters. There is a certain mechanism that should be strictly adhered to, because according to the legislation, credit institutions can refuse to fulfill their obligations.
You can return the missing funds if two conditions are met simultaneously:
- We had to strictly follow the rules for using a credit card and we can confirm this, that is, we did not share the PIN code with anyone and did not transfer it to unauthorized persons.
- The bank was notified about unauthorized transactions within 24 hours.
The phone number to call in such cases is indicated on the plastic. If the credit card is lost, then you should call the number of the all-Russian hotline or come directly to the bank branch where the credit card was issued.
Sometimes we do not know that, according to the law, the bank is obliged to notify us of all transactions on the account. Usually, the method of notification is prescribed in the service agreement - these are SMS messages or e-mails.
It will not be superfluous to clarify and carefully read the bank agreement and then follow the instructions of the bank. If the money was debited as a result of fraudulent actions, and the bank did not report these operations, we have the right to demand a full refund of the missing amount. Then you need to contact the nearest police station and write a statement on the fact of theft or fraud.
Many credit organizations are not interested in paying us the missing funds, but when law enforcement agencies are also involved, there is a chance to return their savings.
How to protect your card from fraudsters
Bank card fraud is a streamlined criminal business. In the first place, only care and common sense can protect each of us from crooks, and it is better to take care of data protection in advance.
How to protect a bank card from fraudsters? There are some good ways:
- Connect a mobile bank to track all account transactions and, as a last resort, promptly respond to the actions of intruders.
- Do not store large amounts for us personally in one account. It is worth getting several debit cards for different purposes and using one card only for payments on the Internet, and the other, for example, for daily grocery purchases.
- For credit cards with a contactless payment method, you should set a minimum credit limit when paying without a PIN code or not set it at all - then payment without a password will not work.
- Never give your credit card into the hands of third parties.
- Do not share your PIN code with anyone.
- You should not pay in response to an unfamiliar SMS message.
- When there is a suspicion or fact of unauthorized debiting of funds from the account, it is necessary to block it without delay.
- It is better to erase the CVC / CVV2 code from all credit cards on the back, rewrite it and keep it in a place accessible only to yourself.
In addition, you can purchase security accessories such as holders, special wallets and shielded wallets, which contain shielding material that protects against fraudulent radio signals. They are especially relevant for contactless credit cards.
Main conclusions
Vigilant media daily inform us that fraud with bank cards is rampant, as crooks do not get tired of inventing more and more fraudulent schemes.
Increasingly, there are fraudulent sites and platforms offering cheap goods, products and even currently topical antiseptics and protective masks, for which we use credit cards to pay. And when you make a purchase on such services, we automatically fall into the trap: our data will be used against us.
How to deal with various fraudulent schemes? The main thing is to never call back to unfamiliar numbers, especially if they start with 495 (the scheme with numbers may change). After each such call, you need to add such a number to the black list or block, as well as use an automatic caller ID.
For advanced users of gadgets, the cyber police recommends installing special applications designed to block unwanted numbers. Moreover, some programs have built-in databases of cybercriminals' phones and can independently control unwanted calls.
If they call from an organization with which you cooperated and gave their consent to the processing of personal data, then this permission just needs to be revoked. For illegal use of the number and personal data of an unauthorized person, liability is from 30 to 50 thousand rubles.
Falsification of information, deliberate concealment of the truth, abuse of trust for selfish purposes - all this is also fraud. There are many ways, but the goal is always the same - to get to our savings on the map.
Share in the comments how often you have encountered cyber fraud, and how did you learn to defend yourself against it?
