Cardholder Fraud Prevention Tips

The following information has been extracted from various resources provided by Visa and MasterCard. This information may be shared with your cardholders as a means of enlightening them about fraud prevention and should only be viewed as a best practice guidance tool. The source of the information is sited below each segment.

 

Staying Secure When Shopping Online

Credit cards have helped fuel the Internet economy because they provide security, convenience and reliability for online purchases. If you are using your credit card to shop online, there are several tips you should follow to protect yourself and your accounts:

• Know your seller. Conduct business with those companies that you know and that are reputable. Remember, you will be sharing your credit card number, your name and possibly your address and phone number.
• Check security. If you provide your credit card number online, make certain your connection is secure. Most browsers display special icons, for example a padlock or key to indicate secure sites. Many merchants also inform you on their websites if they have taken security precautions. Look for this advisory. If you don’t see it, ask about it.
• Protect your e-mail. E-mail is not a secure form of communication. In order to protect your account numbers and avoid possible credit card fraud, do not send your account numbers or other financial information by e-mail.
• Protect your PIN and account numbers. Treat online marketers, as you would telephone marketers or anyone else you don’t know. If the deal sounds too good to be true, it probably is, so pass it up. Only provide your payment card number when you are making a purchase and if you have initiated the negotiation. You should never disclose your PIN or any account password to any online merchant for any reason, and never use your Social Security Number or PIN as a password.

 

Protect Yourself from Fraud

The rising popularity of payment cards and the Internet has led to a rise in fraud crimes. This section provides suggestions and strategies on how to minimize the chances of fraud happening to you online or offline.

• Be very careful about to whom you give your personal identification information, such as your mother’s maiden name and your Social Security Number. Ask if it can be kept confidential. Inquire how it will be used and with whom it will be shared.
• Never provide any personal, bank account or credit card information to anyone who contacts you through a telephone solicitation. Instead, it is advisable to demand they mail you information so that you can further research the company and their products and services.
• Keep items with personal information in a safe place. Keep a list of all credit cards, account numbers, expiration dates, and the customer service phone numbers in a secure place so that you can quickly contact your creditors in case your cards are lost or stolen.
• Tear up or destroy all ATM and bank receipts, old insurance forms, bank checks, expired payment cards, and any other papers that include personal information, identification, and account numbers about you. This includes pre-approved credit card solicitations! Thieves often search through your garbage to find these forms and information and use it to apply for credit in your name.
• Minimize the number of credit cards and other items with personal information printed on them that you carry. Cancel all inactive accounts. Even though you do not use them, those accounts appear on your credit report, which can be used by thieves.
• Pay attention to your billing cycles. Follow up with creditors if your bills don’t arrive on time. A missing credit card bill could mean a thief has taken over your account and changed your billing address to cover his tracks.
• Be wary of promotional scams. Thieves may use phony offers to get you to give them your personal information.
• Secure personal information in your home. Treat payment card information like other important personal documents such as stock certificates, deeds, and income tax filings, all of which should be stored in a secure place.
• Ask about information security procedures in your workplace. Find out who has access to your personal information and verify that records are kept in a secure location. Ask about the disposal procedures for those records as well.

 

What is Phishing?

Phishing is an e-mail scam technique used by Internet fraudsters to entice unsuspecting consumers to divulge sensitive valuable information. Phishing schemes lead consumers to believe that they are responding to a bona fide e-mail request from a well-known institution to update their information.

 

A Typical Phishing Hoax Scenario:

1. Numerous consumers receive a spam e-mail, purporting to be from a familiar institution such as a bank, persuading that they connect to a Web site by clicking on an enclosed link, and update their personal information, usually for “security” or “technical” reasons, to keep their accounts active.
2. Some of the e-mail recipients believe the e-mail to be from a trusted source and unsuspectingly click on the link. The link then directs the recipients to an official looking, but forged, Web site that mirrors the legitimate company’s logo and Web site layouts. An update screen in the spoof site, operated by the criminals, requires entry of sensitive private information, such as:
   • Payment card account information
   • Bank account details
   • Passwords and personal identification numbers (PINs)
   • Identity information, such as the SSN in the United States
3. A few unwary consumers provide the requested information. They think that they are responding to their financial institution or ecommerce provider, whose name the criminals are using in the e-mail.
4. The criminals use the account information stolen from the phishing victims to commit a financial fraud, buying goods and services online or transferring funds from the victim’s bank account. The criminals usually commit the fraud within a short time frame before it is detected.

Phishing Techniques

Phishing schemes use sophisticated techniques to disguise the origin of their spam e-mails and the forged Web sites, so that it is hard to detect the hoax. Often, spammers exploit the Uniform Resource Locator (URL) “user authentication” syntax feature supported by some Internet browsers to cleverly cloak the fake Web site as an authentic site. This practice deceives the Internet users, because the fake Web site’s URL displayed in the browser address bar matches that of a genuine Web site.

In some phishing instances, criminals request that the recipients download and install “security” software attached to the spam e-mail. If a recipient installs the software, the criminals can monitor the victim’s computer and capture bank and payment card account details. The use of this mechanism, though low in relation to other mechanisms, recently is showing an increasing trend. In addition, spammers “take over” unsecured computers and servers and route spam e-mail via these to conceal the real e-mail source. The criminals use the victim’s computer for launching spam e-mail distribution, unbeknownst to the victim.

 

We encourage you to safeguard yourself against phishing by following the tips provided below:

• Be wary of phishing e-mail. Banks do not contact customers to ask them to provide sensitive information such as passwords and PINs online. Look for indications such as spelling and grammatical errors that expose the e-mail as being not genuine.
• Do not click hastily on links appearing in incoming e-mails and provide payment card or other personal information. Make it a practice to connect to an institution’s Web site only by directly typing the institution’s valid Web address into the Web browser.
• Notify us and the local law enforcement authorities promptly by forwarding suspicious phishing-type e-mails. This action will help us to shut down the fake Web site and to take action against the criminals.
• Monitor the transactions appearing on your statements, and quickly report suspicious transactions to the financial institution that issued your credit card.
• Change passwords and PINs periodically.
• Install anti-spam and firewall software on your personal computer to restrict spam and to prevent unauthorized access.
• Turn off your computer when not in use, to avoid criminals gaining access and misusing it for fraudulent purposes, which includes phishing attacks.
• If you suspect that you have become a victim of a phishing attack and have divulged your sensitive account information to fraudsters, please contact the financial institution that issued your card.
• Continue to monitor your statement for unauthorized transactions, if your account is not closed.
• Report the incident to the police.

 

Cardholders should obtain and keep the following information when conducting card-not-present transactions such as e-commerce or mail order/ telephone order transactions.

• Merchant billing name
• Item number, size, colour, model number, etc of the merchandise
• Expected delivery date of the merchandise
• Merchant contact information
• Return/refund policies
• Total transaction amount, including tax, and shipping and handling charges