This article is written by Mayank Verma, pursuing Diploma in US Technology Law and Paralegal Studies: Structuring, Contracts, Compliance, Disputes and Policy Advocacy from LawSikho. The article has been edited by Prashant Baviskar (Associate, LawSikho) and Smriti Katiyar (Associate, LawSikho).
Credit card frauds are the biggest threat to any business establishment today. However, to fight this fraud effectively, it is essential to recognize the mechanism of performing fraud. Fraudsters use different modus operandi to commit fraud. Credit Card fraud can also be defined as;
“When a credit card is used by some individual which originally belongs to some other individual and the owner is not aware of the fact that his card is being used by someone else. Further, the owner of the card has no relation with the one using the card fraudulently and has no intention of either communicating to the cardholder or making any repayments for any purchases made by him”.
Frauds related to credit cards are committed in the following ways:
- Using the unauthorized account or personal information to commit an act of criminal deception.
- Account being used unlawfully for personal gain.
- Misrepresenting account information for obtaining goods and services.
Merchants are at a larger risk from credit card frauds than cardholders. If someone shops on the internet, the merchant (web site) is not protected from any of the safeguards like physical verification i.e signature checks, photo identification, etc. It is not possible to conduct physical checks to ascertain who is operating at the other end of the transaction. This makes the internet a very soft target for fraud perpetrators. Internet fraud rate is 12 to 15 times higher than frauds committed in the physical world. However, recent technological developments are allowing us to keep a check on these frauds.
Purpose of the article
- Different credit card frauds,
- How fraudsters take advantage of different loopholes,
- Impact of frauds on merchants, issuers, and cardholders,
- Fraud prevention and management.
Credit card frauds are executed in many ways. As technology evolves, the methods and systems used by fraudsters to carry out fraudulent activities also evolve. Frauds can be further classified into:
- Card related frauds,
- Merchant related frauds,
- Internet frauds.
Card related frauds
When a false application is filed to acquire a credit card. It can be executed in three different ways:
- Obtaining personal information of someone else and opening an account in his or her name;
- When an individual gives a false financial status of himself to acquire the credit card i.e. financial fraud;
- The card is stolen before it reaches the owner’s place i.e. Not Received Items (NRIs).
When a card gets lost or stolen by the original owner if he or she loses it to an individual or it gets stolen for criminal purposes. This type of fraud is the easiest to commit without any technological investment and the most difficult to tackle.
The personal information of an individual is stolen by the fraudster and this information is used by him to take control of the legitimate account by providing his account number and other details. Then the fraudster contacts the credit card issuer pretending to be the original owner and asks the mail to be sent to a new email address. He also intimates that his card has been lost and asks for a replacement to be sent.
Fake and counterfeit cards
The production of fake credit cards poses a large threat together with the lost/stolen cards. Fraudsters are regularly dwelling to find more advanced ways to create fake credit cards. A few of the techniques used are:
- Erasing the Magnetic Strip – It is initiated by erasing the magnetic stripe of the card acquired illegally. The details then are tampered with so as to match the details of a valid card that is stolen. When the fraudster starts to use the card, the cashier will jab the card over the terminal several times, before understanding that the metal strip does not function. The cashier will then continue to manually input the card details into the terminal. This method of fraud has a very high risk because the treasurer will have to look at the card closely to recite the numbers.
- Creating a Fake Card – Creating a fake card from the threshold level by advanced machines. It requires a high skill set and a lot of effort. Fraudsters need to bypass the modern holograms being injected into credit cards and it is difficult to forge those.
- Altering Card Details- Heat and pressure are applied to the card to re-emboss the information already printed on it or computer software is used to encode the magnetic stripe on the card.
- Skimming – Most frauds include skimming, in this process, the original data of the card is copied to another. Pocket skimming devices are there in the market to get hold of the customer’s card details when the card is swiped on it. Skimming takes place without the knowledge of the cardholder and is very difficult to trace.
Merchant related frauds
These frauds are committed by the merchant owners or their employees. Some frauds are:
- Merchant Collusion– When merchant owners build a conspiracy to commit fraud using the customer’s account or his/her information. Merchants pass on information about cardholders to fraudsters.
- Triangulation– Fraudulent sites which appear to be legitimate auction or sales sites are deployed those offer goods at heavy discounts. The customer while placing orders provides personal information like name, address, and card details. Fraudsters once they receive these details, order goods from a legit website using stolen card details. Then the fraudster purchases goods using the credit details of the customer.
The internet is a very easy target for fraudsters to commit fraud. With the expansion of the internet, more fraudsters are engaging with it. Some techniques used by them are:
- Site Cloning– In this process, fraudsters clone an entire site or some pages from which an order is placed by the customer. Customers view web pages of those websites which are identical to those of the real website. The consumer doesn’t suspect anything, while the fraudsters acquire all the information they need to commit fraud.
- False Merchant Sites– These sites offer the customer some very cheap service and request their credit card details in return to access the content of their website. These websites are deployed to collect as much credit card information as possible.
- Credit Card Generators- These generators are computer programs that generate valid credit card details and their expiry dates. This software works by using the mathematical Luhn Algorithm that card issuers use to generate other valid card number combinations.
Impact of fraud on cardholders
The cardholder is the least impacted party as the fraud in these transactions is such that the consumer liability is limited for these transactions by the legislation. Even banks have their own standard rules that limit the customer’s liability to a great extent. Cardholder protection policy compensates for most losses of the cardholder. The cardholder has to just report any suspicious happenings to the bank which will lead to further investigation with the merchant and the acquirer.
Impact of fraud on merchants
Merchants are the most affected party and they have to accept full liability for losses due to fraud. Whenever a legitimate cardholder disputes a credit card charge, the card-issuing bank will send a chargeback to the merchant (through the acquirer), retreating the credit for the transaction. In case, the merchant does not have any physical evidence (e.g. delivery signature) existing to challenge the cardholder’s dispute, it is impossible to inverse the chargeback. Therefore, the merchant will have to incur the cost of the fraudulent transaction. This cost comprises several components, which could add up to a significant amount. The cost of a fraudulent transaction consists of:
- Cost of goods sold,
- Shipping cost,
- Card association fees,
- Merchant bank fees,
- Administrative cost,
- Loss of reputation.
Impact of fraud on banks (issuer/acquirer)
Based on rules by Mastercard and Visa, the issuer/acquirer may bear the cost of the fraud. Like in the case of chargebacks issued to the merchant, there are some manpower and administrative costs that the bank has to incur.
Fraud prevention technologies
Although fraudsters are using sophisticated methods to trap people and gain access to their personal credit card information, new technologies are being invented to help merchants detect and prevent these fraudulent transactions. These technologies enable merchants and participating banks to carry out highly sophisticated and automatic screenings of transactions and blacklist suspicious transactions.
Some of the fraud prevention techniques are mentioned below.
Reviewing every transaction manually for signs of any fraudulent activity and involves high human intervention. It is time-consuming, expensive, and prone to errors.
Address verification system
Applicable in the card-not-present scenario. Address Verification System matches the first digits of the address and the Zip Code info that is provided for delivering the purchase to the corresponding data on record with the card issuers. This technique is not useful in the case of international transactions.
Card verification system
It consists of a 3 or 4 digit numeric code that is printed on the credit card but it is not imprinted on the card and is not obtainable through the magnetic stripe. Merchant can ask the cardholder to present the numeric code in case of card-not-present transactions and to submit it with the authorization. It ensures that the person submitting the code is in possession of the actual card and since the code cannot be skimmed or copied through the magnetic stripe, it prevents fraud.
Negative and positive lists
Negative lists consist of a database that is used to segregate high-risk transactions based on specific data fields. An example could be a list of card numbers having chargeback in the past. A merchant can create and maintain a list of these high-risk transactions to review and decide when to restrict orders initiated from these countries.
Positive files on the other side are used to recognize trusted customers and by their email address or card number, and therefore can bypass certain checks. It is used as a tool to prevent unnecessary delays invalid orders.
It brings a new level of technology to B2C internet commerce. This program is based on a personal identification number linked with the card, similar to ATM cards, and to secure this direct authentication channel between the consumer and the issuing bank. The PIN is provided by the bank when the cardholder enrols the card with the program and it is used to authenticate online transactions.
Both Visa and Mastercard publish a list of those merchants involved in fraudulent transactions in the past. These lists provide some useful information to acquirers at the time of recruiting merchants preventing potential fraudulent transactions.
As credit card business transactions increase, so do these frauds. Global networking opens up new opportunities for fraudsters as it does for new businesses. While providing numerous opportunities and advantages and opening up new conduits for business transactions, the internet too now has a high probability of fraudulent credit card transactions creeping in.
The good news is that technology is also evolving for preventing these frauds with the passage of time. The reduction of computing costs is helping to introduce complex systems, which can segregate fraudulent transactions in a fraction of a second.
It is thus equally important to identify these right segments of transactions which should be reviewed, as every transaction does not carry the same amount of risk connected with it. Finding and recognizing the fraud and utilising the prevention technologies enumerated in this article can assist banks in combating fraud more efficiently.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: