Bhatla PDF
Bhatla PDF
Bhatla PDF
Understanding Credit
Card Frauds
June 2003
CONTENTS
OVERVIEW ..................................................................................................................................................................1
INTRODUCTION.............................................................................................................................................................1
PURPOSE OF THIS PAPER...............................................................................................................................................1
CURRENT STATE OF THE INDUSTRY .............................................................................................................................2
HOW FRAUD IS COMMITTED WORLDWIDE? .................................................................................................................2
FRAUD TECHNIQUES ...............................................................................................................................................3
CARD RELATED FRAUDS ..............................................................................................................................................4
APPLICATION FRAUD ........................................................................................................................................................................................ 4
LOST/ STOLEN CARDS ....................................................................................................................................................................................... 4
ACCOUNT TAKEOVER ....................................................................................................................................................................................... 4
FAKE AND COUNTERFEIT CARDS .................................................................................................................................................................. 4
OVERVIEW
Introduction
Credit Card Fraud is one of the biggest threats to business establishments today.
However, to combat the fraud effectively, it is important to first understand the
mechanisms of executing a fraud. Credit card fraudsters employ a large number of
modus operandi to commit fraud. In simple terms, Credit Card Fraud is defined as:
When an individual uses another individuals credit card for personal reasons while the
owner of the card and the card issuer are not aware of the fact that the card is being
used. Further, the individual using the card has no connection with the cardholder or
issuer, and has no intention of either contacting the owner of the card or making
repayments for the purchases made.
Credit card frauds are committed in the following ways:
Contrary to popular belief, merchants are far more at risk from credit card fraud than the
cardholders. While consumers may face trouble trying to get a fraudulent charge
reversed, merchants lose the cost of the product sold, pay chargeback fees, and fear
from the risk of having their merchant account closed.
Increasingly, the card not present scenario, such as shopping on the internet poses a
greater threat as the merchant (the web site) is no longer protected with advantages of
physical verification such as signature check, photo identification, etc. In fact, it is almost
impossible to perform any of the physical world checks necessary to detect who is at the
other end of the transaction. This makes the internet extremely attractive to fraud
perpetrators. According to a recent survey, the rate at which internet fraud occurs is 12
to 15 times higher than physical world fraud. However, recent technical developments
are showing some promise to check fraud in the card not present scenario.
Page 1 of 1
Percentage
48%
Identity theft
15%
14%
Counterfeit card
12%
6%
Other
5%
Amongst the high risk countries facing Credit Card Fraud menace, Ukraine tops the list
with staggering 19% fraud rate closely followed by Indonesia at 18.3% fraud rate. Also in
the list of high risk countries are Yugoslavia (17.8%), Turkey (9%) and Malaysia (5.9%).
Surprisingly United States, with its high number Credit Card transactions, has a minimum
fraud rate.
Over the last few years, the credit card industry in UK was subjected to maximum threat
from increasing fraud losses. Table 2 shows the worrying trend in volume of credit card
frauds in UK over the last few years.
Source: Fighting Fraud on the Internet: An Advanced Approach, Meridian Research, September 1999
Source: Online Transaction Fraud and Prevention Get More Sophisticated, Garner G2, January 2002
Page 2 of 2
2000
2001
% Change
Counterfeit
107.1
160.3
+50
Card-not-present
72.9
95.7
+31
Lost/stolen card
101.9
114.0
+12
Intercepted in post
17.7
26.7
+51
Fraudulent application
10.5
6.6
+37
Other
6.9
8.0
+15
Totals
317.0
411.4
+30
Losses as % of turnover
0.162
0.183
+13
Table 2: Trend of fraud categories in UK for 20002001 (in Pound Sterling millions)
Source: APACS, March 2002
Stolen and counterfeit cards together contribute to more than 60% of fraud losses
according to figures published by both MasterCard and Visa in Figure 1.
Figure 1: Visa & MasterCard accounts by fraud types for year 2001 (January to May)
Source: APACS, March 2002
FRAUD TECHNIQUES
As indicated above, there are many ways in which fraudsters execute a credit card fraud.
As technology changes, so do the technology of fraudsters, and thus the way in which
they go about carrying out fraudulent activities. Frauds can be broadly classified into
three categories, i.e., traditional card related frauds, merchant related frauds and
internet frauds. The different types of methods for committing credit card frauds are
described below:
Page 3 of 3
This type of fraud occurs when a person falsifies an application to acquire a credit card.
Application fraud can be committed in three ways:
Assumed identity, where an individual illegally obtains personal information of
another individual and opens accounts in his or her name, using partially legitimate
information.
Financial fraud, where an individual provides false information about his or her
financial status to acquire credit.
Not-received items (NRIs) also called postal intercepts occur when a card is stolen
from the postal service before it reaches its owners destination.
LOST/ STOLEN CARDS
A card is lost/stolen when a legitimate account holder receives a card and loses it or
someone steals the card for criminal purposes. This type of fraud is in essence the easiest
way for a fraudster to get hold of other individual's credit cards without investment in
technology. It is also perhaps the hardest form of traditional credit card fraud to tackle.
ACCOUNT TAKEOVER
This type of fraud occurs when a fraudster illegally obtains a valid customers personal
information. The fraudster takes control of (takeover) a legitimate account by either
providing the customers account number or the card number. The fraudster then contacts
the card issuer, masquerading as the genuine cardholder, to ask that mail be redirected
to a new address. The fraudster reports card lost and asks for a replacement to be sent.
FAKE AND COUNTERFEIT CARDS
The creation of counterfeit cards, together with lost / stolen cards pose highest threat in
credit card frauds. Fraudsters are constantly finding new and more innovative ways to
create counterfeit cards. Some of the techniques used for creating false and counterfeit
cards are listed below:
1. Erasing the magnetic strip: A fraudster can tamper an existing card that has been
acquired illegally by erasing the metallic strip with a powerful electro-magnet. The
fraudster then tampers with the details on the card so that they match the details of a
valid card, which they may have attained, e.g., from a stolen till roll. When the
fraudster begins to use the card, the cashier will swipe the card through the terminal
several times, before realizing that the metallic strip does not work. The cashier will
then proceed to manually input the card details into the terminal.
This form of fraud has high risk because the cashier will be looking at the card closely
to read the numbers. Doctored cards are, as with many of the traditional methods of
credit card fraud, becoming an outdated method of illicit accumulation of either funds
or goods.
2. Creating a fake card: A fraudster can create a fake card from scratch using
sophisticated machines. This is the most common type of fraud though fake cards
require a lot of effort and skill to produce. Modern cards have many security features
all designed to make it difficult for fraudsters to make good quality forgeries.
Holograms have been introduced in almost all credit cards and are very difficult to
Page 4 of 4
This type of fraud occurs when merchant owners and/or their employees conspire to
commit fraud using their customers (cardholder) accounts and/or personal information.
Merchant owners and/or their employees pass on the information about cardholders to
fraudsters.
TRIANGULATION
The fraudster in this type of fraud operates from a web site. Goods are offered at heavily
discounted rates and are also shipped before payment. The fraudulent site appears to be
a legitimate auction or a traditional sales site. The customer while placing orders online
provides information such as name, address and valid credit card details to the site. Once
fraudsters receive these details, they order goods from a legitimate site using stolen
credit card details. The fraudster then goes on to purchase other goods using the credit
card numbers of the customer. This process is designed to cause a great deal of initial
confusion, and the fraudulent internet company in this manner can operate long enough
to accumulate vast amount of goods purchased with stolen credit card numbers.
Page 5 of 5
Page 6 of 6
Page 7 of 7
Page 8 of 8
Various card issuers use different names to indicate this security feature: CVV2 for VISA, CVC2 for Master Card and CID for
American Express.
Page 9 of 9
LOCKOUT MECHANISMS
Automatic card number generators represent one of the new technological tools
frequently utilized by fraudsters. These programs, easily downloadable from the Web, are
able to generate thousands of valid credit card numbers. The traits of frauds initiated by
a card number generator are the following:
Multiple transactions with similar card numbers (e.g. same Bank Identification
Number (BIN))
A large number of declines
Acquiring banks/merchant sites can put in place prevention mechanisms specifically
designed to detect number generator attacks.
FRAUDULENT MERCHANTS
Both MasterCard and Visa publish a list of merchants who have been known for being
involved in fraudulent transactions in the past. These lists (NMAS - from Visa and MATCH
- from MasterCard) could provide useful information to acquirers right at the time of
merchant recruitment preventing potential fraudulent transactions.
Page 10 of 10
Page 11 of 11
Page 12 of 12
Figure 2:
The column on the right shows the opposite extreme - 30% of the processed transactions
are being reviewed and fraud losses are down to 0.06% of the total value of processed
transactions. In this case, however, the cost of review drives up the total cost of fraud.
While fraud losses are no longer an issue, the cost of achieving this result is not
acceptable. Finally, the column in the middle shows the optimal scenario; minimized total
cost with acceptable review cost and manageable fraud losses.
As can be seen above, one of the major components of the total cost of fraud is the
review of incoming transactions. Review of incoming transactions has both direct and
indirect costs associated with it. The direct aspect is the cost of human resources
Page 13 of 13
CONCLUSION
As card business transactions increase, so too do frauds. Clearly, global networking
presents as many new opportunities for criminals as it does for businesses. While offering
numerous advantages and opening up new channels for transaction business, the
internet has also brought in increased probability of fraud in credit card transactions.
The good news is that technology for preventing credit card frauds is also improving
many folds with passage of time. Reducing cost of computing is helping in introducing
complex systems, which can analyse a fraudulent transaction in a matter of fraction of a
second.
It is equally important to identify the right segment of transactions, which should be
subject to review, as every transaction does not have the same amount of risk associated
with it. Finding the optimally balanced total cost of fraud and other measures outlined in
this article can assist acquiring and issuing banks in combating frauds more efficiently.
Page 14 of 14
References
Duncan M D G. 1995. The Future Threat of Credit Card Crime, RCMP Gazette, 57 (10): 2526.
P Chan, W Fan, A Prodromidis & S Stolfo. 1999.
detection, IEEE Intelligent Systems, 14(6): 6774.
Technology
Inc,
July
2002.
Authors belong to TCS Cards Sub-practice. For further information on TCS offerings in Cards
and Banking, please visit our web site www.tcs.com or send email to
banking.bidoffice@blore.tcs.co.in.
Page 15 of 15