Credit card scams are on the rise; learn how they work
Imagine the following situation: you wake up on a beautiful sunny morning, open your internet banking account and your hands start sweating: your balance is zero, and so is the credit card limit. While you were resting and enjoying a good night's sleep, someone made several withdrawals in your name and bought a bunch of gadgets at online stores. Designer shoes, computers, cell phones — maybe they even ordered food via delivery platforms such as iFood or Uber Eats.
There is no doubt about it: you were a victim of a financial scam. Several surveys show that this type of cybercrime has grown exponentially since the beginning of the new coronavirus pandemic (SARS-CoV2); it is estimated that in 2020 alone, about 9 million Brazilians were victims of this type of crime. It’s no wonder: data leaks are increasing and, with the social isolation policies, electronic commerce (e-commerce) has grown faster than ever, making the work of these criminals even easier.
According to information from the Brazilian threat intelligence company Apura, more than 770,000 credit cards were exposed on the web throughout 2020. We are talking about entire bases that can be shared by cybercriminals in specific forums on the dark (and also surface) web. Sometimes these lots are traded; sometimes they are offered for free. Scammers just have to find the rest of a person’s personal information to scam whomever they want.
The modus operandi
There are several ways a card can be scammed. The simplest, as we said, is through data leaks — online stores and payment gateways do not invest enough in information security, which makes it easy to extract numbers, expiration dates and verification codes from their databases. Then, all they have to do is make a copy and start shopping. Another issue is that few e-commerce retailers use identity verification solutions.
But the more "traditional" methods are also used. Remember the classic ATM skimmer device? It is still being used in ATMs. It is also common for malicious employees to install malware in credit card machines so that when you make a purchase — as simple as it may seem — the credit card data are stored for later use. Bank managers are not even aware of this.
In this last case, a good idea is always to prefer using credit cards with contactless technology (NFC): purchase is made by bringing the card close to the machine. Since this method does not require entering a password, criminals will not have the primary information needed to perform fraudulent transactions in the future. Fortunately, most banking institutions now offer contactless cards; if you do not have one yet, it is worth asking your bank for one.
What can I do?
Were you a victim of a credit card scam? Keep calm! The first step is to contact the issuer and explain the situation, and then file a police report at the nearest police station. An investigation will be able to confirm, through a series of factors — the buyer's IP address, the time the transaction was made, security cameras (in the case of physical purchases), etc. — that it was not you who spent the money. With a little persistence, you can be reimbursed.
An interesting way of protecting yourself against these headaches is to use internet banking applications that send notifications for each transaction made with your card. Several fintech (financial startups) have such tools. Also, pay attention to where you provide your financial data — always prefer to shop at stores that use reliable gateways.
Article translated from: Aumenta o número de fraudes de cartão de crédito; saiba como funcionam — Perallis Security