Guide to fraud types
Earlier we described the most common types of fraud in the payment card industry in article What is fraud?. Card fraud is developing same pace like the technology in the payment card industry. When new card product appears the scammers are already trying it on vulnerability, or a new technology in the field of protection of Bank cards against unauthorized use, as attackers are already looking for ways to bypass this protection. What other types of fraud fraudsters use to profit for the expense of others?
The issue of cards on fake / stolen / lost passport, or on figurehead, often financially-illiterate and unsuspectingThese cards are used either for further cashing, or it is a card issue with a certain credit limit (in this case, the Bank's money is using). Responsibility in this case lies on unsuspecting citizens.
Not received as IssuedBank cards, intercepted by fraudsters while sending by the post or stolen in organization while giving the cards among the employees.
Chargeback fraudChargeback fraud is one of the simplest forms of fraud and is not necessarily related to the theft of personal data. The customer orders goods from the website using the payment method of the card. After the goods are shipped and out of the seller's control, the customer initiates a refund, stating that his personal data was stolen and he did not initiate the purchase. One example of an online store that deals with several cases of refund fraud is Organize.com, a company that earns about $ 10 million a year in online sales.
John Rampton, former owner of Organize.com, wrote about this experience of the company with chargeback fraud:
"What happens is that the customer makes an order in our store, and then on the last day for a refund he applies for a chargeback. The client claims that the product was never received (although we have proof through tracking the delivery). The dispute is open, and we must provide all the evidence. Although this is a small work, but every time this happens, it hurts our processes. As a rule, the funds are withheld from us, which can cause serious damage to the company if it has problems with cash flows. Our principle of working with clients is that the customer is always right."
Friendly fraudFriendly fraud is almost identical to chargeback fraud except that it is committed without malicious intent. In the case of a friendly fraud, the transaction is carried out by the legal card holder. But, for example, he can begin to challenge this transaction in case he does not recognize the name of the online store in his bank statement. Most often with this kind of fraud, you have to deal with companies that work with subscriptions to service packages. Customers forget (or do not read) the terms of the contract with the company that on their card there will be repeated payments for the subscription.
Friendly fraud also includes a fraud on the side of friends or relatives. For example, children use credit cards of their parents to pay for gaming sites, etc.
Registration of enterprises for subsequent fraudulent transactionsThe fraudulent scheme as follows: Registration in the Bank for the service "merchant acquiring" ͢ transactions by counterfeit, lost, stolen cards or card details (if it's an online store) ͢ receiving an indemnity from the acquiring Bank ͢ disappearance.
Either: registration ͢ collecting of payment card details ͢ disappearance. The card database is subsequently used for fraudulent purposes.
The retailer is registered and working legally, but the staff are fraudsters.It may be the collusion of the employee with the criminals for the subsequent use of stolen/fraudulent/lost cards. The aim in this case is the receipt of goods or services. Or, it could be, compromising a customer's card by the employee for the further use of this information for fraudulent purposes.
Providing the acquiring Bank with the payment documents for indemnity transactions of third-party retailerThe retailer transmits payment documents to the acquiring Bank for indemnity for goods, implemented by trading organization, that has no an agreement with the Bank for acquiring.
Account takeover (account of an individual or a retailer)Misappropriation of the card account details of the individual or credit card details. Further is the notification the Bank about the change of home address, remote application for the issue of a new bank card with a request to deliver at the new address (common in USA and European countries).
Interception of the retailer's account is possible if the bank account of retailer is not in the Bank-acquire. In this case, the fraudsters, counterfeiting the signature of the heads of the organization, and the corporate seal, send to the acquiring Bank notification of changing of payment details for reimbursement, specifying the other account number. Further funds are stolen from Bank accounts.
Cash trapping (the patch on a tray for cash)This patch does not allow card holder to receive a cash. Card holder goes away without money and the fraudster removes the patch along with the seized cash.
ATM GhostThis type of fraud is widespread in the US, where the law does not forbid a private person to own an ATM to receive a fee in the form of commission. Fraudsters create a device that resembles an ATM. The aim is copying the magnetic stripe of the bank card and a pin code.
As you can see, cardholders are faced with many threats that await them, as when shopping (whether online or offline), and when servicing at the ATM. Some fraudsters posing as honest businesses "manage" to deceive banks directly.
A merchant may suffer too. For example, if the fraudsters will choose some online store for running the database of stolen card details, and the store will not take an appropriate measures to counter fraud, it will face the fines from the payment systems via the acquiring Bank, up to a total ban to accept Bank cards for payment, and it is a huge damage for the business. The acquiring Bank may face the fines too, in the most severe cases is a revocation of the license for the acquiring activity.
So then what conclusion can be? Every participant of the system of card payments can suffer: the acquiring Bank, the issuing Bank, the retailer and the cardholder. Consequently, the effective interaction of all participants of the system of card payments is the first necessary condition of an effective risk management policy.