Mutt
Professional
- Messages
- 1,459
- Reaction score
- 1,251
- Points
- 113
Contents
There are many fraudulent schemes with bank cards. Every day they are modified, they become more complicated, but their essence remains the same - getting confidential information into the hands of fraudsters or, in other words, compromising a bank card. Let's consider what actions can compromise your card and can they be prevented?
Card compromise - what is it?
The concept of "compromise" in cryptography is used to determine the situation when the protected information falls into the hands of fraudsters. The compromise of a bank card means that the fraudsters got the card details (its details) or there was a suspicion of the theft of confidential information. In these cases, it becomes dangerous to use your own card for purchases, payments or transfers - the risk of losing money on the card account is quite high.
The data that can fall into the hands of criminals include the password and login from the Internet bank, mobile application or payment account (social network page or e-mail to which the electronic wallet is linked); data of the cardholder's passport and a secret word by which you can identify yourself by calling the hotline; pin; a one-time password confirming card transactions (3-D Secure) and, finally, such card details as card number, expiration date, full name and three-digit CVV2 / CVC2 authentication code.
As a rule, special technical devices are used to steal important data of the card, which read the necessary information from it. These are so-called skimming devices that are installed by fraudsters directly into the card collector. It is enough to pass your own card through such a "modified" card reader once, and all information on the card will fall into the hands of fraudsters.
Their further actions may be different. They can make a duplicate of your card using the so-called "white plastic" (information from a stolen card is copied onto an empty card) and withdraw money from an ATM or try to write off a large amount by making a purchase on the Internet. In any case, sooner or later, all funds are debited from each card that managed to visit an ATM with a skimming pad. Most often, this type of fraud occurs in the countries of Southeast Asia, Bulgaria, Russia, Egypt and some others.
The only thing that you should do if you notice a withdrawal of funds from the card, to which you personally have nothing to do, is to promptly inform the bank that issued the card about it. In case of proof of your non-involvement in the withdrawal of funds, the amount may be reimbursed. Learn more about how to return money illegally debited from a card account.
There are also massive compromises, when hackers break into the databases of online stores (or banks) and copy the data of the cards of thousands of people. Then the stolen details can be sold clandestinely by hacker groups on the Internet.
How does the bank know if your card is suspect? There are many indirect signals that will make it clear to the bank that something is wrong with your card: withdrawing cash abroad (if you did not inform the bank about your trip to a specific country in advance) or in another city; several consecutive translations or other actions unlike yours; your plastic was “lit up” in a series of criminal acts (for example, money was laundered with it); the presence of the card number in the list of stolen goods, etc. As a result, the bank blocks the card on suspicion of compromise, and in this case, in order to access your money, you need to reissue it or withdraw your funds with a passport at a bank branch.
On the compromise of the bank card and other nuances
Bank has issued the largest number of cards among other banks, so bank cards are most often compromised, but in principle, the information in this subsection will also apply to cards from other banks. The main problem here lies in the fact that people themselves, without realizing it, violate the terms of use of cards (you can find them in the public domain on the official website of the bank). A variety of tips and aids for cardholders can also be found there. And if you read everything given in these documents, you will surely learn from there a lot of new things for yourself - the bank is trying to give up-to-date recommendations on how not to fall for the bait of swindlers.
If you do not want to study the above documents, then go over the articles on the rules for the safe use of cards and how to properly protect them from fraud.
Often, when selling or buying goods through bulletin boards, for example, on Avito, they publish their card numbers in the public domain or pass this information to any caller, and then, after some ingenuous manipulations of the swindler, they lose all their funds (more about fraudulent sellers and buyers on eBay). People make a big mistake, telling the caller not only the number, but also other card details, they even report a one-time password that comes to them in an SMS message.
For reference. You can get access to the Internet bank bank online on the Internet without visiting a bank branch. To do this, it is enough: enter the card number on the bank website; confirm your intention with a one-time code that will be sent to your cell phone linked to the card (i.e. you must have the Mobile Bank service activated); get an identifier (login) and password for entering the Internet Bank.
So, when you are asked to dictate the password that came to your cell phone, then you “sign a sentence for yourself” - the criminal will easily gain access to your accounts and “empty” them.
We continue further. It turns out that even the transfer of one bank card number to a third party is considered a compromise of the bank card! So, at least, the bank employees themselves explain. It would seem that the answer to the question: “Is it possible to steal money, knowing only the card number?" known. The answer, of course, is no, but read carefully the detailed answer to this question (from the link provided) and you will understand that everything is not so simple. Moreover, the comments of the deceived people who "shone" only the card number indicate the opposite - they somehow managed to steal from them!
There is only one conclusion so that no one could compromise your Sberbank card - never publish its number anywhere under any circumstances. You may ask, how can you sell a product when people are used to transferring money for it to the card. But in any way, hide your card away from prying eyes, and start a new "empty" plastic and provide its number for transfers - even if this "dummy" is compromised, there will be nothing to take from it. And do not connect such a card to the Mobile Bank, as it is enough for a fraudster to enter your personal account, and he gets access to all (!) Your accounts.
We have only touched on superficial information about the protection of cards (tip of the iceberg), in fact, ensuring the safety of your cards needs to be learned and learned!
How else can your card be compromised?
Lost card. This option is one of the most common. Even if you accidentally lose your card on the street, especially in an unfamiliar city, you should play it safe and contact the nearest bank branch to block the card. Of course, there are rare cases of cards being returned. Still, there is a possibility that "plastic" can fall into the hands of fraudsters, who will at least take the opportunity to pay for purchases with your card on the Internet without even knowing the pin code.
Transfer of information through open communication channels . Information leaks are often observed in public places (for example, train stations, restaurants / cafes - where there are free wi-fi hotspots). A rational solution is not to make payments from your card and not to transfer information on the card in such places. Using open communication channels, you can, without wanting to, transfer personal data to scammers.
Uncontrolled access to the card . If you do not take timely care of a safe place for storing your cards, sooner or later even a cursory visual inspection can lead to a complete write-off of money from the card. In some cases, it is enough for an attacker to find out the details of the card (data on the front and back of it) and find stores that allow making a payment without one-time passwords.
Skimming devices . The aforementioned devices are required to fully read information and secret data from bank cards. By the way, you can "get" to skimming not only at an ATM, but also in the most ordinary store or cafe, be sure to read about such cases of fraud.
Phishing and phishing sites. In this case, the fraud scheme is built in such a way that you yourself give your data to cybercriminals on fake sites. Scammers play on your fears and use social engineering techniques to extract confidential data.
Take care of your cards!
Be careful and follow safety measures. Unfortunately, card data can be taken away through no fault of their holder. But if you have any suspicions, only an immediate appeal to the bank will help save your own funds from unauthorized withdrawals (unless, of course, the bank gets ahead of you and blocks your card on its own). The bank will block the card at your first request and issue a new one with a new pin code instead. In this case, the money will remain on the account (if they have not yet been stolen), because, as you know, when the card is reissued, the account remains the same, and I only have the card number and such details as the expiration date and the CVV2 / CVC2 code.
- 1. Card compromise - what is it?
- 2. On the compromise of the bank card and other nuances
- 3. How else can your card be compromised?
- 4. Take care of your cards!
There are many fraudulent schemes with bank cards. Every day they are modified, they become more complicated, but their essence remains the same - getting confidential information into the hands of fraudsters or, in other words, compromising a bank card. Let's consider what actions can compromise your card and can they be prevented?
Card compromise - what is it?
The concept of "compromise" in cryptography is used to determine the situation when the protected information falls into the hands of fraudsters. The compromise of a bank card means that the fraudsters got the card details (its details) or there was a suspicion of the theft of confidential information. In these cases, it becomes dangerous to use your own card for purchases, payments or transfers - the risk of losing money on the card account is quite high.
The data that can fall into the hands of criminals include the password and login from the Internet bank, mobile application or payment account (social network page or e-mail to which the electronic wallet is linked); data of the cardholder's passport and a secret word by which you can identify yourself by calling the hotline; pin; a one-time password confirming card transactions (3-D Secure) and, finally, such card details as card number, expiration date, full name and three-digit CVV2 / CVC2 authentication code.
As a rule, special technical devices are used to steal important data of the card, which read the necessary information from it. These are so-called skimming devices that are installed by fraudsters directly into the card collector. It is enough to pass your own card through such a "modified" card reader once, and all information on the card will fall into the hands of fraudsters.
Their further actions may be different. They can make a duplicate of your card using the so-called "white plastic" (information from a stolen card is copied onto an empty card) and withdraw money from an ATM or try to write off a large amount by making a purchase on the Internet. In any case, sooner or later, all funds are debited from each card that managed to visit an ATM with a skimming pad. Most often, this type of fraud occurs in the countries of Southeast Asia, Bulgaria, Russia, Egypt and some others.
The only thing that you should do if you notice a withdrawal of funds from the card, to which you personally have nothing to do, is to promptly inform the bank that issued the card about it. In case of proof of your non-involvement in the withdrawal of funds, the amount may be reimbursed. Learn more about how to return money illegally debited from a card account.
There are also massive compromises, when hackers break into the databases of online stores (or banks) and copy the data of the cards of thousands of people. Then the stolen details can be sold clandestinely by hacker groups on the Internet.
How does the bank know if your card is suspect? There are many indirect signals that will make it clear to the bank that something is wrong with your card: withdrawing cash abroad (if you did not inform the bank about your trip to a specific country in advance) or in another city; several consecutive translations or other actions unlike yours; your plastic was “lit up” in a series of criminal acts (for example, money was laundered with it); the presence of the card number in the list of stolen goods, etc. As a result, the bank blocks the card on suspicion of compromise, and in this case, in order to access your money, you need to reissue it or withdraw your funds with a passport at a bank branch.
On the compromise of the bank card and other nuances
Bank has issued the largest number of cards among other banks, so bank cards are most often compromised, but in principle, the information in this subsection will also apply to cards from other banks. The main problem here lies in the fact that people themselves, without realizing it, violate the terms of use of cards (you can find them in the public domain on the official website of the bank). A variety of tips and aids for cardholders can also be found there. And if you read everything given in these documents, you will surely learn from there a lot of new things for yourself - the bank is trying to give up-to-date recommendations on how not to fall for the bait of swindlers.
If you do not want to study the above documents, then go over the articles on the rules for the safe use of cards and how to properly protect them from fraud.
Often, when selling or buying goods through bulletin boards, for example, on Avito, they publish their card numbers in the public domain or pass this information to any caller, and then, after some ingenuous manipulations of the swindler, they lose all their funds (more about fraudulent sellers and buyers on eBay). People make a big mistake, telling the caller not only the number, but also other card details, they even report a one-time password that comes to them in an SMS message.
For reference. You can get access to the Internet bank bank online on the Internet without visiting a bank branch. To do this, it is enough: enter the card number on the bank website; confirm your intention with a one-time code that will be sent to your cell phone linked to the card (i.e. you must have the Mobile Bank service activated); get an identifier (login) and password for entering the Internet Bank.
So, when you are asked to dictate the password that came to your cell phone, then you “sign a sentence for yourself” - the criminal will easily gain access to your accounts and “empty” them.
We continue further. It turns out that even the transfer of one bank card number to a third party is considered a compromise of the bank card! So, at least, the bank employees themselves explain. It would seem that the answer to the question: “Is it possible to steal money, knowing only the card number?" known. The answer, of course, is no, but read carefully the detailed answer to this question (from the link provided) and you will understand that everything is not so simple. Moreover, the comments of the deceived people who "shone" only the card number indicate the opposite - they somehow managed to steal from them!
There is only one conclusion so that no one could compromise your Sberbank card - never publish its number anywhere under any circumstances. You may ask, how can you sell a product when people are used to transferring money for it to the card. But in any way, hide your card away from prying eyes, and start a new "empty" plastic and provide its number for transfers - even if this "dummy" is compromised, there will be nothing to take from it. And do not connect such a card to the Mobile Bank, as it is enough for a fraudster to enter your personal account, and he gets access to all (!) Your accounts.
We have only touched on superficial information about the protection of cards (tip of the iceberg), in fact, ensuring the safety of your cards needs to be learned and learned!
How else can your card be compromised?
Lost card. This option is one of the most common. Even if you accidentally lose your card on the street, especially in an unfamiliar city, you should play it safe and contact the nearest bank branch to block the card. Of course, there are rare cases of cards being returned. Still, there is a possibility that "plastic" can fall into the hands of fraudsters, who will at least take the opportunity to pay for purchases with your card on the Internet without even knowing the pin code.
Transfer of information through open communication channels . Information leaks are often observed in public places (for example, train stations, restaurants / cafes - where there are free wi-fi hotspots). A rational solution is not to make payments from your card and not to transfer information on the card in such places. Using open communication channels, you can, without wanting to, transfer personal data to scammers.
Uncontrolled access to the card . If you do not take timely care of a safe place for storing your cards, sooner or later even a cursory visual inspection can lead to a complete write-off of money from the card. In some cases, it is enough for an attacker to find out the details of the card (data on the front and back of it) and find stores that allow making a payment without one-time passwords.
Skimming devices . The aforementioned devices are required to fully read information and secret data from bank cards. By the way, you can "get" to skimming not only at an ATM, but also in the most ordinary store or cafe, be sure to read about such cases of fraud.
Phishing and phishing sites. In this case, the fraud scheme is built in such a way that you yourself give your data to cybercriminals on fake sites. Scammers play on your fears and use social engineering techniques to extract confidential data.
Take care of your cards!
Be careful and follow safety measures. Unfortunately, card data can be taken away through no fault of their holder. But if you have any suspicions, only an immediate appeal to the bank will help save your own funds from unauthorized withdrawals (unless, of course, the bank gets ahead of you and blocks your card on its own). The bank will block the card at your first request and issue a new one with a new pin code instead. In this case, the money will remain on the account (if they have not yet been stolen), because, as you know, when the card is reissued, the account remains the same, and I only have the card number and such details as the expiration date and the CVV2 / CVC2 code.
