Card Fraud

If you follow me on Twitter or Facebook you’ll have seen me make the following update

 

just found out our company credit card has been scammed for 17k..thanks a lot scumbags!

 

We didn’t even know it had happened. The credit card company called over the weekend and the police paid a visit to my business partner to go over the details. They wouldn’t say much but it looks like the card was used online. Since it’s a credit card we are protected against fraud so we’re not liable for the money. It’s still money that someone has lost (i.e the card company!)

This isn’t the first time I’ve experienced card fraud

What frustrates me is that the chip and pin system was brought into effect in 2006 at great expense but it only solves part of the problem

If you order something over the phone or on a website you have to hand over

Name on the card

Card Number

Expiry Date

Card security code (CSC)

That is enough information for anyone to use that credit card – they don’t even need to physically have it in their possession

The telephone transaction is the biggest cause for concern in my opinion as your trusting the person your speaking with to put the card details in their system and not write them down for their own use

So what’s the solution?

That I don’t know. The only thing i can think of is if the credit card itself could generate a one-time password (a-la RSA SecurID or AuthAnvil Tokens)

It would mean you’d physically have to be in possession of the card – though that still wouldn’t help if you had your card stolen

We’ll be more wary of who we’re giving our card details to going forward but in all honesty I don’t think we did anything wrong here

The following two tabs change content below.
Andy Parkes is Technical Director at Coventry based IT support company IBIT Solutions. Formerly, coordinator of AMITPRO and Microsoft Partner Area Lead for 2012-2013. He also isn't a fan of describing himself in the third person.

Latest posts by Andy Parkes (see all)

4 thoughts on “Card Fraud

  • Cheers Chris

    I did have a quick look at the card watch site before i posted this but couldn’t find anything about preventing fraud on telephone transactions

    I’ve just gone back now you mentioned it and they call it “card not present fraud”

    These are their suggested methods to prevent this type of fraud but it doesn’t exactly fill me with confidence

    Methods to reduce card-not-present fraud – a five pronged strategy is in place to counter this type of fraud:
    AVS/CSC (Address Verification System / Card Security Code) is available for businesses that accept card-not-present transactions. These systems allow retailers to verify your billing address and to cross-check a special security code that is on your card. These extra data checks verify the additional information supplied by cardholders to enable merchants to decide whether to proceed with the transaction.

    Verified by Visa and MasterCard SecureCode are secure payment systems that prevent criminals from using stolen card details for Internet transactions. These are password-protected services that enable financial institutions to confirm your identity for the merchant when you are using a card to pay online. Enabling merchants to confirm your identity in this way puts another barrier between criminals and your information. These systems also have the advantage of being global, so should reduce fraud abroad as well as domestic fraud. For further information see: Verified by Visa and MasterCard SecureCode

    Retailers are encouraged to make use of various card-not-present fraud prevention tools, such as intelligent fraud detection software, available from third-party providers.

    Promotion of the Card Watch training pack, Spot & Stop Card-not-present fraud, that provides comprehensive fraud prevention training for card-not-present businesses. An e-learning version of this pack is available on this site.

    In the longer term chip and PIN cards may help prevent CNP fraud through the development of pocket-sized card-accepting devices that can be used with phones and computers by generating a dynamic password for use solely in the CNP environment (referred to as token-based authentication).

  • Hi Andy – sympathies, I’ve had it happen to me a few times now.

    In fact, we were woken at 6am this morning in NYC by a phone call from Barclaycard in the UK to say my card had been used all over Europe on Thur/Fri. Naturally, the money will be refunded, but the galling thing? The Barclaycard call took 10 minutes @T-Mobiles shocking 55p/min for an incoming call – so the fraud has cost me money indirectly. Bah!

  • Hi Rich – aren’t you supposed to be taking in New Orleans?

    Sorry to hear it’s happened to you too

    What annoyed me most was a couple of weeks ago I paid for a certificate from GoDaddy

    I then needed one the day after but the card was blocked as it was “strange behaviour” – over a couple of hundred pounds

    Yet they let someone run it up to 17k in places we wouldn’t purchase from

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.