SHIELDING CARD SCAMS

SHIELDING CARD SCAMS

(Information collected from news paper Times of India)

PRECAUTIONS AT A T Ms

General:

To start with stay away from ATMs those appear dirty or in disrepair. They may not work or, worse, may be fake machines set to capture your card information.

Check machine:

Do not use ATMs with unusual signage, such as command to enter your PIN twice to complete the transaction. Also watch out for the machines that appear to have been altered.

Cover keypad:

Make sure to cover keypad with your hand while entering the PIN to escape any cameras.

Don’t take help:

It is advisable to use your own bank ATMs, particularly those attached to a bank branch and those that have guards. Avoid taking help of any person loitering outside ATM or volunteering to assist you.

Check machine:

Do not use ATMs with unusual signage, such as command to enter your PIN twice to complete the transaction. Also watch out for the machines that appear to have been altered.

ONLINE PRECAUTIONS

Use safe sites:

Go only to well known, established sites for e-shopping. Shop only on those that are Secure Sockets Layer (SSL) certified. These can be identified through the lock symbol next to the browser’s URL box. Also make sure that the website uses the ‘https’ protocol instead of ‘http’ where‘s’ stands for ‘secure’. You should also look out for a site’s payment verification tools.

Anti-virus software:

Install anti-virus software on your computer and smart phone to keep out malware. You can also install identity theft detection apps on your phone. Besides have software on your smart phone that enables you to wipe out data remotely if it gets stolen.

Debit card:

Do not use your debit card for e-commerce transactions. If your card is compromised, the entire cash in your bank account can be wiped out instantly. The credit card on the other hand offers a month’s grace period before the cash leaves your bank.

Hide CVV:

When you enter the CVV on the site it should be masked by asterisks. Use a virtual keyboard to avoid keystroke logging.

Public Wi-Fi:

Avoid using unsecured Wi-Fi networks or public Wi-Fi as these are easy targets for identity theft.

Register for alerts:

This is a very important step since the bank will alert you to any online card transactions or ATM withdrawals the moment they take place. Remember to update your mobile number in case of a change.

Log out:  

Always log out from social media sites and other online accounts to ensure data security and avoid storing confidential passwords on your mobile phones.

Change passwords:

Keep changing passwords from time to time to reduce the probability of identity theft.

Virtual cards:

Use this prepaid card if you are not a frequent shopper. It is a limited debit card that does not provide the primary card information to the merchant and expires after a day.

OFFLINE PRECAUTIONS

Don’t disclose details:

Never reveal your PIN, CVV or password to anyone. Make sure not to respond to e-mails or SMSes that ask for crucial personal or card related details. No bank or credit card firm is authorized to seek card details on mail or through phone.

Check statements:

Regularly go through your bank or credit card statements so that you can detect any unauthorized transaction.

Merchants and POS:

At shops or petrol bunks, make sure that your card is not taken to a remote location where you cannot see it as the card information can be easily copied and stolen. Also try shopping with retailers that use chip-enabled card readers.

Don’t sign blank receipts:

Ensure that you never sign a blank receipt, and mark through any blank lines or spaces before signing so that nobody can add any additional amount to your transaction.

Use an accountt without card:
It is always safe to have an account without card. A minimum required amount may be kept in the account with card and the rest may be transferred to the account without card occasionally. 

CARD SCAMS

TYPES OF CARD SCAMS

(Information collected from news paper Times of India)

AT THE A T M:

Skimming:

This involves attaching a data slimming device in the card reader slot to copy information from the magnetic strip or steal the card itself, when one swipes the card. If the slot feels slightly bulky or misaligned, in all probability an additional card reader slot has been placed on top of the actual one.  If the slot is wobbly or loose it indicates the presence of a ‘Lebanese loop’, which is a small plastic device with a barb that holds your card back in the machine. You may think that the machine has swallowed your card or it has been stuck.

Hidden camera:

Tiny pinhole cameras may be placed on the machine or even on the roof at strategic positions to capture your pin.

Card trapping:

This is a barb that retains the card when you insert it in the machine and the card is retrieved later.

Shoulder surfing:

If you find friendly bystanders in the room or outside who try to help you if your card gets stuck or peer over your shoulder, beware. They are there to get you to reveal your pin.

Leaving card/pin:

If you write your pin on the card and forget it in the A T M kiosk, it is a virtual invite to be scammed.

Fake keypad :

This is placed on the top of the actual keypad. If the keypad feels spongy in touch or loose, don’t enter your pin.

False front:

It may be a little difficult to detect as the fake front completely covers the original machine because it is installed on top of it. This allows the fraudsters to take your pin as well as your money.

ONLINE TRANSACTIOINS:

Pharming:

In this technique fraudsters reroute you to a fake website that seems similar to the original. Even as you conduct transactions and make payment via credit or debit card, the card details can be stolen.

Keystroke logging:

Here you unintentionally download software, which allows the fraudster to trace your key strokes and steal passwords of credit card and net banking details.

Public Wi-Fi:

If you are used to carrying out transactions on your smart phone, public Wi-Fi makes for a good hacking opportunity for thieves to steal your card details.

Malware:

This is malicious software that can damage computer systems at ATMs or bank servers and allows fraudsters to access confidential card data.

Merchant or point-of-sale theft:

This is perhaps the most effective form of stealth, wherein your card is taken by the salesperson for swiping and the information from the magnetic strip is copied to be illegally used later.

Phishing and vishing:  

While phishing involves identity theft through spam mails which seems to be from a genuine source, vishing is essentially the same through a mobile phone using messages or SMS. These trick you into revealing your password, PIN or account number.

SIM swipe fraud:

Here the fraudster contacts your mobile operator with fake identity proof and gets a duplicate SIM card. The operator deactivates your original SIM and the thief generates one-time password (OTP) on the phone to conduct online transactions.

Unsafe apps:

Mobile apps other than those from established stores can gain access to information on your phone and use it for unauthorized transactions.

Lost or stolen cards, interception:

Transactions are carried out using stolen cards, those intercepted from mail before they reach the owner from the issuer; or by fishing out information like PINs or passwords from trash bins.

Cards using other documents:

New cards are made by the fraudsters using personal information stolen from application forms, lost or discarded documents.

Your card can be hacked in 6 seconds:

By automatically and systematically generating different variations of cards’ security data and firing it on multiple websites, hackers are, within seconds, able to get a ‘hit’ and verify all the necessary security data. The unlimited guesses, when combined with variations in the payment data fields, make it frighteningly easy for attackers to generate all the card details, one field at a time. Each generated card field can be used in succession to generate the next field and so on. So even starting with no details at all other than the first six digits – which tell you the bank and card type and so are the same for every card from a single provider  - a hacker can obtain the three essential pieces of information to make an online purchase within as little as six seconds. This information is as per Mr. Mohammed Ali, a PhD student at Newcastle University.