Bank Card Fraud in 2023

[Lord777]

What are the most popular carding methods, what to do if fraudsters found out your bank card details, how to protect yourself from theft, and what are the chances of getting your funds back?

The most common methods of stealing funds from bank cards (carding) are based on psychological methods of persuading, deceiving or intimidating customers. According to the Russian Central Bank, more than 80% of all attacks are related to social engineering. The most popular method among scammers is phone phishing — which is the process of luring out personal data from bank customers.

How scammers work​

• Posing as bank employees ("security service" or "financial monitoring service"), they report suspicious activity and offer to dictate the card details so that the bank takes measures to protect funds.
• They are persuaded to transfer money to a separate account, ostensibly to protect it. You can do this online or by withdrawing money from an ATM — in this case, the client can even order a taxi to it.
• They ask you to install special software to "protect funds", with which fraudsters can steal card data and issue a pre-approved loan, and then withdraw funds.
• Since the beginning of the pandemic, scammers have been actively exploiting the topic of coronavirus, whether it is "free" diagnostics, medical care, benefits, compensation, refunds for air tickets and other pretexts, the ultimate goal of which is to transfer money.
• They inform elderly people about the required payments on behalf of Pension Fund employees. In this case, they need to find out the bank card number and other data ostensibly to transfer money. In some cases, the attackers offer to transfer money to a third-party account to pay the state fee for future compensation.
• Call 10-15 minutes after receiving the card and offer to activate it. Although the user performs this process himself. This is how scammers try to find out the card details.

Important! You should not share your card details with third parties, including the four-digit PIN code and the three-digit CVC code shown on the back. Real bank phone numbers may be displayed for calls from scammers. They may also be represented by police officers or credit bureaus.

According to statistics, about a quarter of cardholders are willing to disclose a three-digit security code to outsiders, as well as the validity period of the card and the code from an SMS message (3DSecure), which cannot be reported.
In 2022, the Central Bank initiated the blocking of more than 756 thousand phones of fraudsters — more than four times more than in 2021.

Email phishing, social networks, and fake websites​

Emails sent by fraudsters may contain links to fake websites that mimic the pages of online stores with big discounts, as well as hotels, air ticket sales services, insurance companies, and various departments. Emails are also sent under the guise of utility bills or in the form of official notifications from banks and other organizations.

Another popular method of fraud is related to sales on ad sites, where the buyer uses a fake link to enter data to pay for a non-existent product.

In social networks, scammers send mailings to the list of friends from the hacked account with a request to transfer money to the card. Such information should always be rechecked through other communication channels.

Important! You don't need to click on links from suspicious emails and download unknown programs. Beware of paying for purchases on suspicious sites. Don't transfer money if you are not sure about the recipient. Monitor all operations on the account and use antivirus programs.

In 2022, the Central Bank sent more than 15 thousand resources for blocking. These included social media pages, mobile apps, and others.

ATM fraud​

Theft with the use of special readers (skimmers) and overlays on ATM pin pads is becoming less and less due to the improved technical equipment of banks. They are being replaced by situation modeling with elements of social engineering. In one scenario, a fraudster (usually an elderly person) "forgets" a card at an ATM and then asks someone nearby to retrieve it. After receiving the card back, the attacker, along with his accomplices, checks the account balance and claims that the money is missing, after which he demands to return it.

Important! Не нужно извлекать из банкоматов чужие карты. В случае если карта уже извлечена и поступают угрозы, рекомендуется вызвать полицию.

How much money did the scammers steal​

According to the Central Bank, in 2022, fraudsters conducted about 876.59 thousand unauthorized operations, and about 14.165 billion rubles were stolen from customers.

The Central Bank estimates the average volume of one transaction in 2022 at 15.32 thousand rubles.
What should I do if scammers received the data and withdrew money from the card

1. Call the bank, block the card, and report unauthorized use of funds

2. Draw up a document of disagreement with the transaction at the bank's office

3. File a police report about the theft of money from the card

Expert comment by Denis Kalemberg, Founder and CEO of SafeTech:

"If the card details have become known to fraudsters, then in most cases they use them to transfer them to drop cards issued on fake or foreign passports. Usually," drops " withdraw stolen funds within a few minutes after the transfer. Also, purchases of equipment in online stores with subsequent resale are often used for theft.

You can't make a purchase or transfer just by knowing the card number, but this doesn't mean that you can share it with anyone, because this number is often used to restore access to mobile banking. For payment, at least one more validity period and the owner's name are requested. However, in this case, you can challenge the purchase and get a refund if the 3DSecure code was not used (usually sent in a text message to confirm payment). The online store is responsible for accepting payments without confirmation."

Can I return stolen funds​

Since 2014, the law "On the National Payment System"has been in force in Russia. According to it, the bank is obliged to return the stolen money, but subject to a number of conditions on the part of the client. First of all, the client must inform about the operation no later than one day after receiving the notification. According to the law, the bank must return the money if the data was compromised through no fault of the client, that is, the client met the following conditions:

• didn't tell fraudsters your bank card details;
• didn't store the pin code with the card / didn't write it down on the card itself;
• didn't allow me to take photos of my card, etc.

The bank's internal investigation can last no more than 30 days, and if the operation is international — 60 days. In case of proven violations on the part of the client, the bank has the right not to return the money. According to statistics from the Central Bank in 2022, only 4.4% of stolen funds were reimbursed to customers.

"If fraudsters steal all the card details, plus they find out the 3DSecure code, then it will be extremely problematic to return the money. In this case, the rules of payment systems impose responsibility on the client. If the payment was made without confirmation by the code, then there are definitely chances. Also recently, insurance services against theft from a bank card have become widespread.

To minimize the risk of losing money, it is best not to tell anyone over the phone about card details and SMS codes, do not enter card details on sites that you do not trust 100%, do not download mobile applications from unverified sources, and use antivirus software. But the best thing is to never keep more than the amount on a plastic card that you are not sorry to part with, " advises Denis Kalemberg.

(c) Mikhail Malaev, Direct Speech group

Мошенничество с банковскими картами в 2023 году

Подробнее на сайте

www.kommersant.ru

 

[Tomcat]

It is impossible to imagine the modern world without bank cards. Salaries are transferred to it, loans are issued, and payments are made at points of sale and on the Internet. In this regard, attackers began to come up with various sophisticated ways to steal money from a bank card, which will be discussed today in this article.

Responsibility for fraud using electronic means of payment is provided for in Art. 159.3 of the Criminal Code of the Russian Federation.

Now directly about the methods of stealing money from a card.

1. The most common methods of stealing money from bank cards today include methods based on psychological methods of persuasion, deception and intimidation. Perhaps the most popular method of fraud is telephone phishing, which is the process of luring out personal data from bank clients.

How it works? Posing as bank employees, scammers report suspicious activity and offer to dictate card details so that the bank takes measures to protect funds.

During the pandemic, scammers actively used the coronavirus theme, offering potential victims “free” diagnostics, medical care, and refunds for air tickets. The ultimate goal of everything, of course, is the transfer of money.

Another fraudulent method of withdrawing funds has affected older people, which involves informing them about due payments on behalf of Pension Fund employees. After this, scammers try to find out the bank card number and other data under the pretext that they need it to transfer money. There were also cases when attackers offered to transfer money to a third-party account, allegedly to pay state fees for future compensation.

The main thing is to realize that you cannot share your data with anyone. Contact your bank, they will help you deal with this situation.

2. Fraud through mobile banking

This method is most often carried out through third-party applications in which you need to enter banking information. These programs are initially infected with a virus, which, penetrating the device on which the program is installed, begins to work for scammers. This virus replaces the mobile banking window with a phishing one, that is, a fake one, and the victim enters his data there, suspecting nothing. The virus sends this data to fraudsters, who then illegally gain access to the client's card account. To avoid such a situation, you must install only licensed programs.

3. The next method of fraud is by sending SMS.

How this happens: the cardholder receives an SMS stating that the bank card is blocked and, in order to unblock it, you need to make a call back to the operator of the financial institution at the number specified in the message. When making a phone call, the fraudster introduces himself as an employee of the credit card issuing bank and asks for secret information: the plastic number, code word and PIN code numbers, which are supposedly necessary to unlock the card. As soon as the scammer receives this data, the job is done.

4. Fraud using the terminal.

When shopping in markets, you should carefully monitor the cashiers who take the plastic into their hands to pay at the terminal. If a store employee swipes a bank card through the terminal twice, then the first time he does this to write off money, and the second time to remove information from the plastic card in order to withdraw money later. In addition, it can remember the cvv code and data on the front side, with the help of which it is easy to make purchases on the Internet.

5. Fraud using a fake online store

Everything is simple here. Online stores are being created with goods at very low prices. This is done in order to attract as much attention as possible. It is proposed to pay for the purchase using bank plastic. The goal is to obtain data from customer cards, including the cvv code. After this, the scammers will independently pay on the Internet using this data.

Where to go if money is stolen from your card

The first thing to do is call the bank, block the card and report unauthorized use of funds. It is also necessary to write a statement of disagreement with the operation at the bank office. After this, you need to come to the nearest police station and write a statement.

(c) https://zakon.ru/blog/2023/06/02/moshennichestvo_s_bankovskimi_kartami