Card Fraud

From FraudWiki

There are two distinct types of card transaction, when the card is physically present (CP), and when it is not present (CNP). How fraud is detected will vary according to the point in the payment transaction processing that detection is invoked (see Card Payments Network), as different parties have different data. Issuers have card account details, but lack merchant details, whilst Acquirers have the merchant details but lack the account history. In this instance we will focus on Issuer detection, but the same principles would apply to Acquirer detection.

Contents 1 Card Present Transactions 1.1 Counterfeit Fraud 1.2 Stolen and Lost Card Fraud 2 Chip and PIN 3 Identity Fraud - Application and Account Take-Over 3.1 Automatic Teller Machine (ATM) Fraud 4 Card Not Present Transactions 5 External Links

Card Present Transactions

Counterfeit Fraud

The details on the magnetic strip on are card is read (skimmed) and the details written back onto a false card to produce a replica of the original card. The process is known as cloning. The skimming process takes just a few seconds the owner only has to allow it out of their sight for a minute or two, which can easily occur in a shop or restaurant.

The cloned card can then be used in the normal way. The actual cloning step may not necessarily take place in the same country as the skimming step hence it is not unusual to see transactions on the account start to appear from say Brazil as a result of the card being skimmed in a restaurant in London.

Since 1996, banks have been issuing their cardholders with smart chip cards. This was designed to help to ensure that the card is genuine as the chip is much more difficult to copy or alter. However, many point-of-sale (POS) terminals have not had the technology to check the chip. (See Chip and Pin below)

Counter Measures

• fraud modelling - by profiling rates of spend, changes of location, type of goods, methods of purchase, time of day, etc., card usage can be compared with risk models derived from historical fraud data.
• card profiling - a rolling model of spending behaviour for each card is maintained and monitored for abrupt changes indicative of fraud.

Stolen and Lost Card Fraud

Cards can get stolen or lost in many different ways. Once in the possession of a fraudster a card can be used to purchase items.

The use of a four digit Personal Identity Number (PIN) instead of a signature helps to prevent this type of fraud.

Counter Measures

• test-transaction - stolen cards are often bought off the original thief and are then tested. This can usually be detected as a precursor to the main fraud, for instance a gallon of petrol or a child train ticket from a self service machine.
• as per counterfeit fraud

Chip and PIN

The chip provides protection against Counterfeit Fraud and the PIN provides protection against Stolen and Lost Card Fraud. Together they provide a powerful answer to Card Present fraud. Since its introduction in the UK card fraud overall has been reduced by 13%

Chip and PIN is rapidly being adopted by most of Europe and in the UK alone their has been a significant drop in CP fraud (Counterfeit by 31%, Lost or Stolen by 27% - APACS ).

One aspect of Chip and PIN is that, it shifts the liability for fraudulent transactions away from the banks onto the merchant or retailer. The need for Acquirer/Merchant based fraud detection has therefore become much more pressing.

Identity Fraud - Application and Account Take-Over

This is where an application for a card is made using the identity of someone else. The applicant, if successful, will receive a card and PIN. The credit-limit will be based on that associated with the stolen identity. The card can then be used and can be very difficult to detect if the spending pattern is normal. Chip and PIN offers no defence against this type of fraud which has increased since its introduction as it provides a route to CNP frauds. Obtaining identity information has become very sophisticated

Counter Measures

• as per counterfeit fraud.

Automatic Teller Machine (ATM) Fraud

To use an ATM has always required the use of a PIN. There have been many very sophisticated methods devised to obtain this information plus the information on the magnetic strip, including dummy ATMs. The universal introduction of Chip and PIN means there will be far more opportunity for PINs to be compromised as PINs will need to be entered in relatively insecure locations (for example, at supermarket counters). The major banks in the UK are seriously concerned that ATM fraud will increase as a result of PINs being compromised at point of sale.

In general the chip prevents counterfeit fraud. However, ATMs can still be vulnerable as the chip can effectively be disabled. The magnetic stripe contains a service code which tells the ATM what type of card it is. For instance, 101 identifies it is magnetic stripe, whilst 201 means it is a chip card. Also, on the chip there is a similar flag which tells the ATM whether it should read from the magnetic stripe or the chip. Further, if the chip malfunctions for some reason then many ATMs will default to using the magnetic stripe. Any fraud detection system must detect the status of the card to determine if there has been a failure of the chip. Many ATM used overseas continue to use the magnetic strip.

Counter Measures

• usage profile - ATM usage often has a distinctive pattern
• time of day - profiling against time-of-day
• location profiles - profiling against location

Card Not Present Transactions

Chip and PIN does nothing to address the problem of CNP Fraud. Here, the card details are passed to the merchant via the telephone or via the internet. By obtaining the card details and some supporting information like an address it is possible to purchase goods without even being in physical possession of the card.

The effectiveness of Chip and PIN in combating CP fraud has produces a big shift in fraud patterns and CNP fraud has risen in the UK by 29% (APACS).

The only device introduced by the banks to counter CNP fraud is the Card Verification Value (CVV). This is a number that is printed on the back of the card and is never recorded on any paperwork associated with a transaction. The number is printed not embossed on the card. This means that if a card user is able to provide the CVV number it is likely that they have the card in their possession. This is a very weak defence against CNP fraud but helps.

The usual counters to CNP fraud are to perform an array of checks at the point of sale and then for the Acquirer and Issuing Banks to perform more sophisticated checks based on analysis of fraud patterns.

Some of the checks a merchant might perform are:

• Check the address using an Address Verification Service (AVS)
• Ensure that the provided zip/post code corresponds to the city field for both billing and shipping address.
• Check the Card Verification Value (CVV).
• Use Visa’s Verified and MasterCard’s SecureCode secure payment systems that prevent criminals from using stolen card details for Internet transactions. These are password-protected services that enable financial institutions to confirm your identity for the merchant when you are using a card to pay online.

Counter Measures

• internet location - high risk countries, cities, postcodes from IP address
• implied speed - using geo-location
• hot cards - check card against industry hot-card file
• bin attacks - detection of generated card numbers on same bin
• as per counterfeit fraud

External Links

Indiaforensic Consultancy Services