How credit card cloning works

Credit cardsCard fraud has fallen in the UK, according to Financial Fraud Action UK. The latest figures show that they fell 7% in 2011 compared to 2010, continuing a three-year reduction. In fact, losses are at the lowest levels since the year 2000.
However, the amount lost to card fraud last year was still a substantial £341 million. That's £341 million stolen by fraudsters, when the rest of us have to work for a living.

Last week, we saw how this kind of fraud works first hand. My husband received a text from his bank asking if he really was buying £950-worth of stuff in Sports Direct.

Since he was at work (and isn't exactly a fan of sports fashion), it was fairly obviously not him. But what confused us was that his card hadn't been stolen; it was still in his wallet.

And we take card security very seriously. When paying in shops or restaurants, he knows not to let the credit card out of his sight and he certainly hadn't used any disreputable website – the only recent purchases had been booking a holiday on a travel comparison site and paying for a book on Amazon.

So how did these fraudsters do it?

Card cloning 101

It seems most likely that my husband was the victim of a card–cloning scam, probably after using a ticket machine that had been tampered with. This technique is sometimes known as 'skimming' and it allows the criminal to copy the card's electronic data so they can make an exact replica of your card.

Most commonly these gadgets are fitted to cash machines but sometimes criminals working in retail outlets may have them concealed.

The skimming device is fitted over the card slot on the machine and copies the details from the magnetic strip as you enter it.

Usually the criminal will attempt to get the cardholder's PIN at the same time, sometimes by simply looking, but sometimes using a small camera built into the false front.

You can see a video of this kind of scam in action on the LINK website.

Be aware that most ATMs do have a small camera fitted that points behind the person using the machine. These help identify fraudsters and criminals who attack people using the machine.

Take the time to familiarise yourself with an ATM and you'll be better prepared to notice when one looks wrong.

Staying safe

It can be really hard to spot that a cash or ticket machine has been tampered with – these are professional thieves, so the false fronts are unlikely to be obvious. One giveaway is that the area containing the card slot seems to have been moved forwards; this is to conceal the skimming machine inside.

There are other ways to keep as safe as possible. One is to shield the keypad with your hand when entering your PIN, regardless of whether or not someone is behind you.

Don't be embarrassed about asking other people in the queue to stand further back if they are crowding you, and never reveal your PIN even to someone claiming to be from the bank or police.

If the machine swallows your card then call the bank while you're still in front of the machine, if you can. Be cautious of anyone offering to help you if your card has got stuck.

Of course, the main thing to do is check your account statements regularly. My husband's fraudsters were caught when they tried to make a massive purchase. However, before they were caught they had spent over £1,000 through smaller transactions over the preceding week.

Because the amounts were small, the bank hadn't flagged them as suspicious. That means that if my other half had checked his statement more regularly, he might have noticed the fraud sooner.

If you're even slightly worried about the security of your account, or think your card may have been put at risk then contact your provider as soon as possible. They can freeze your account and send a new card out that day.

10 PHOTOS
Revealed: The 10 most common scams
See Gallery
How credit card cloning works

More than 12 million pieces of personal information were illegally traded online by identity fraudsters in the first quarter of 2012 alone, according to data from Experian CreditExpert - outstripping the entire of 2010.

The vast majority (90%) of this illegally traded information is password and log in combinations - a result of the spiralling number of online accounts many of us now have. Research shows the average Brit uses around five different passwords online, but with an average of 26 different accounts each – this is nowhere near enough protection.

"Using a different password for each account will minimise risks, but if password information is stolen from a website, all accounts using the same details will be compromised, and this information can spread among fraudsters rapidly," warns Peter Turner, managing director at Experian Consumer Services in the UK and Ireland.

Step up your account protection with this guide to choosing a secure password.

Credit and store cards continue to prove particularly attractive to fraudsters and 2012 year has seen 73% surge in the takeover of plastic card accounts by criminals with nearly one quarter of all identity frauds, and 36% of all account takeovers, taking place on these cards.

Richard Hurley, communications manager at CIFAS explains the threat: "Whether it is through using an innocent party's details to open a new account in the victim's name, or hijacking the victim's details and taking over existing accounts, the modern fraudster will continue to pay specific attention to credit and store card accounts as an easy way of obtaining funds and goods, while leaving someone else to pick up the bill."

Be vigilant with your cards and follow our tips to protect your plastic through safe online shopping.

As if the mis-selling of payment protection insurance (PPI) wasn't scandal enough, 2012 has seen fraudsters preying on PPI victims. Consumers have received phone calls from someone who knows their name, announcing that they have won their PPI claim. The caller may also know the lender's name and an estimate of the loan amount.

However, the caller will then request a payment from the consumer in order to receive their compensation. This should signal warning bells, but many innocent victims have fallen for the scam and parted with money only for the bogus firm to disappear with their cash, and of course the compensation that never existed.

Consumers should be wary of all cold calls, particularly those that request cash upfront. There is no need to pay to make a claim for mis-sold PPI – you can claim direct to your bank for free and receive free advice from debt charities like Citizens Advice and the Consumer Credit Counselling Service.

If you do choose to take on the assistance of a claims management firm – never agree to an upfront payment. Reputable firms will only request payment for their services once you have received your compensation from your lender either by cheque or by payment into your bank account.

Phishing – when an unsolicited email arrives in your inbox requesting details to your personal accounts – continues to rise, leading to a surge in online banking fraud. Online banking fraud losses totaled £21.6 million during January to June 2012, according to CIFAS - a 28% increase on the 2011 half-year figure.

The emails trick customers into visiting fake banking websites – often made to look startlingly similar to the real thing - and disclosing their online banking login details. Online banking customers are also being tricked into divulging their bank login details and passwords over the phone to someone they believe is from their bank but is actually a fraudster.

The key point to remember is that banks will never contact you by phone or email and ask you to disclose your details, so always beware correspondence of this nature. Consumers should also be cautious of emails purporting to be from government bodies such as HMRC, or other financial accounts, such as Paypal.

There were over 50 different scams known to the 2012 Olympic Committee, with fraudsters cashing in on the good-natured spirit of the Games and nationwide scramble for tickets. The vast majority of scams took the form of phishing emails – purporting bogus job offers; prize draws; lottery wins and complimentary tickets – all with the sole purpose of duping consumers into sharing personal details or parting with cash in order to claim prizes.

Official tickets for the London 2012 Games were only available for purchase through the London 2012 website and appointed ticketing partners, so any other sources were offering fake or non-existent tickets. As for competition prizes and lottery wins – consumers should remember that it is impossible to win a competition or draw that you did not knowingly enter and that if a prize seems too be good to be true, it probably is.

Insurance is an incredibly complex area of personal finance and different forms of cover are riddled with different hitches that make it crucial to read the small print. Failure to do so could lead you to pay for a product you would be never be able to claim upon, or unknowingly do something that invalidates your claim.

Always buy the right level of cover for your needs and pay close attention to any exclusions in the policy wording. For example, many travel insurance policies for winter sports won't pay out for treatment of injuries incurred while under the influence of alcohol.

Surely the lowest of the low, charity donation fraud – when fake charities play on our sympathy by requesting donations to a worthy cause – is on the rise. Donation requests come in the form of unsolicited emails; phone calls; house visits or being approached in a public place. In many cases, donation requests are linked to a high-profile event, such as Hurricane Sandy that wreaked havoc across America last month.

Either the charity that the fraudster has asked you to donate to doesn't exist, or they are misusing the name of a genuine, often well-known, charity and pocketing your money.

Don't let fraud risks put you off donating – just make the necessary checks to ensure your money is going to the intended cause. Genuine charities are registered with the Charity Commission and print their registration details on all documentation, collection bags and envelopes, so check these details exist and if in doubt, contact the Charity Commission to confirm that they are authentic. Call the helpline on 0845 300 0218 or check the online charity register by visiting charity-commission.gov.uk.

Cases of cash machine fraud, where a device is used to trap money inside the ATM machine, have increased more than 15-fold in London in the past three months. Reported incidents have risen from 150 across the UK in May, to 2,500 in London alone in August, according to figures from Link and London's Dedicated Cheque and Plastic Crime Unit (DCPCU).

Criminals insert a device called a cash claw behind the guard on the cash drawer of an ATM. The device is undetectable to the public, who use the machine as normal until their cash fails to eject.

"The machine goes out of service and then the criminal comes along, forces open the drawer using a pair of pliers or a screwdriver, forces the device out of the cash machine, bringing the customer's money with it," explains Detective Chief Inspector Dave Carter, head of the DCPCU.

Customers are advised to immediately report any banknotes undelivered from cash machines.

Rogue property developers selling land that they claim has great investment value, when there is little or no chance of it ever being developed, are on the rise again this year. Investigations have lead to a number of convictions in 2012, yet consumers are warned to be remain wary of this big money scam.

Land banking involves plots of land offered for sale, often online, with the promise of sizable returns when planning permission is approved for housing or other development. Yet often the land is located in areas protected from development by planning law.

The companies involved soon disappear with investors' money and as the firms are not protected by the Financial Services Authority, their funds are not covered by the Financial Services Compensation Scheme.

In October, PhonepayPlus (the UK's premium rate telephone regulator) fined two firms a total of £450,000 for running a series of voucher scams on Facebook.

The scams, which claimed to offer free vouchers and supermarket gift cards for Tesco and Asda, resulted in members of the public signing-up for expensive premium-rate phone services.

The scams relied on Facebook users innocently sharing or liking the voucher promotions on their status, which included the promise of a voucher worth up to £250 for major retailers. After clicking on the promotion consumers were duped into participating in premium rate competitions, which involved questions sent to their phone at a cost of £5 each.

HIDE CAPTION
SHOW CAPTION
of
SEE ALL
BACK TO SLIDE

Smooth transaction

Fortunately, innocent victims aren't left in the lurch when this kind of fraud takes place.
My husband's bank immediately froze the card and opened a separate account. He helped them identify the real debts, which were moved over, so there was no risk that his monthly payment would be unexpectedly high.

But there's no denying that it was an unnecessary faff. There was time spent on the phone to the bank, time spent combing through the statements and the hassle of a new credit card number.

So it's important to keep yourself as safe as possible. Melanie Johnson, chair of the UK Cards Association, said: "This is the third year card fraud losses have fallen - clear proof that our endeavours to fight fraud are packing a punch.

"Customers have also played their part in driving down losses by taking heed of advice about looking after their personal and financial details. Fortunately, they can always be confident that if they are the innocent victim of fraud, they have excellent fraud protection that they don't get if they use cash."

Phishing by phone

But when there's a crackdown on credit card fraud, hardened thieves simply try harder. In fact, many are reverting to old fashioned con-artistry, as the security of card technology improves.

DCI Paul Barnard who heads up the industry-sponsored police squad, the Dedicated Cheque and Plastic Crime Unit, explained: "As technological advances have made our payments more secure, we've seen a spike in more simplistic crimes.

"Many scams involve customers being conned into handing over their cards and PINs, or their telephone banking security details by someone calling, pretending to be their bank or police.

"Our appeal to the public is to be wary of any unsolicited phone calls or emails – never hand over your card and PIN or bank security details in full as neither your bank nor the police will ever ask you for these."

Compare credit cards

6 PHOTOS
How to dispute your credit record
See Gallery
How credit card cloning works

Don't wait until you need to apply for credit to view your credit record – do it now so you know where you stand and can deal with any disputes. When applying for credit, you give the lender permission to view your record, so it makes sense to view it yourself first.

You can access your record via any of the main credit agencies in the UK. By law, all the credit agencies are required to provide you with a one-off copy for just £2 so don't be hoodwinked into signing up to pay a monthly fee.

Your report shows what credit accounts you've had and whether you've made repayments on time and in full. According to Experian, items such as missed or late payments stay on your credit report for at least three years, while Court Judgments for non-payment of debts, Bankruptcies and Individual Voluntary Arrangements stick around for around six years.

Your credit report shows the current address at which you are registered to vote as well as details of other addresses you've been linked to in the last six years. Another section lists people you have a financial connection with, such as a joint mortgage. When you apply for credit, lenders are able to look at their credit history as their circumstances could affect your ability to repay what you owe.

Scrutinise your record to make sure there are no mistakes. Even a minor error such as an incorrect address or wrongly linked account could hinder your chances of being approved for credit so make sure all your details are correct and that all your borrowings are on record. If there is a discrepancy, contact the three main credit agencies to get it corrected.

A default notice is note that a lender puts on your credit file if you fall behind with your payments. It is a warning sign to future lenders about your reliability to repay credit and could mean that they will be less likely to lend to you or will increase the interest rate.

If the default notice is incorrect, perhaps because you have repaid the loan in full or did not take out the credit and suspect that you have fallen victim to fraud, you can apply to have a default notice removed. A default notices will only be removed if it is factually incorrect – not simply because you are embarrassed by it.

Start by writing to the agency asking it to either remove or change the entry that you think is wrong. It will investigate the matter and find out whether you have been the victim of ID theft or a bank's mistake.

Within 28 days from receipt of your letter the agency should tell you how the bank has responded. If the bank agrees to change the entry, they will authorise the agency to update their records. They should also send updates to any other credit reference agencies they use.

You can also contact your lender directly to query a mistake. If the lender agrees to the discrepancy, ask them to confirm this in writing on their letterhead and send a copy to the agency, asking them to update your file.

If you are unhappy with the response or would just like to explain a missed payment on your file you can send a Notice of Correction. This is a statement of up to 200 words that will be added to your file. Although lenders don't have to take this information into account, it at least gives you the chance to tell your side of the story.

Experian states that agencies will also help you escalate the dispute to a third party arbitrator if necessary, such as the Information Commissioner's Office.

HIDE CAPTION
SHOW CAPTION
of
SEE ALL
BACK TO SLIDE

More stories

Read Full Story

FROM OUR PARTNERS