Types of Fraud

 

 

Identity Theft

Identity theft occurs when someone uses your name and personal information to assume your identity either to open new credit accounts, bank accounts, mobile phone accounts, and more in your name or to assume ownership of existing accounts you may legitimately hold.

What to watch out for:

While identity theft may begin with the loss or theft of a wallet or purse, there are a number of other ways that identity thieves can obtain your personal information: 

• Phishing occurs when someone tricks you into divulging personal, financial or account information. Posing as well-known companies, thieves will send out e-mails asking you to reply, or direct you to a fraudulent web page that asks you to provide personal information, such as your credit card number, Social Security number or account password. 

• Phone Phishing (also called "Vishing") is another way thieves try to collect sensitive information from you. In this type of fraud, they will either contact you by telephone or send you a fake e-mail and ask for you to respond by telephone. 

• Thieves may acquire records containing your personal information and/or account information from intercepted or discarded financial statements, payroll stubs, or other records sent to you or from third parties with whom you interact in your normal course of business where such information is disclosed.

Credit Card Fraud

Fraudulent transactions attempted on legitimate credit card accounts have risen sharply in recent years. While in some instances, credit card fraud occurs when someone's physical credit card is lost or stolen by another party who uses it, credit card fraud is driven primarily by compromise of credit card account data during their normal course of usage. Such compromises can range from theft of data by skimming (copying) the information contained on a small number of credit cards' magnetic stripes to large scale data breaches where millions of credit card accounts are compromised through exploitation of a data security weakness at an online or physical store or chain. Stolen credit card data is then often used to attempt fraudulent online purchases or to create counterfeit credit cards to attempt fraudulent in-store purchases.

Travelers Cheque and Gift Cheque Fraud

While the vast majority of Travelers Cheques and Gift Cheques in circulation are authentic and may be reimbursable if lost or stolen (subject to terms and conditions – click here to learn more), there are attempts to use counterfeit cheques in scams, particularly those perpetrated online. Cheque fraud typically begins when someone gives you a realistic-looking check and asks you to send cash or wire money somewhere in return.

How American Express Helps Protect You:

Your security is very important to us. American Express helps protect you from credit card fraud through a sophisticated monitoring system designed to detect fraudulent activity and protect your from Card from misuse. 

If we suspect any unusual activity, we will take measures to monitor your account and/or we may contact you. In fact, we offer a variety of digital solutions to enable instant contact and immediate resolution of most concerns. And remember, when you use your American Express^® Card, you are not liable for fraudulent purchases.

How Was Your Credit Card Stolen?

Almost once a week, I receive an email from a reader who has suffered credit card fraud and is seeking help figuring out which hacked merchant was responsible. I generally reply that this is a fruitless pursuit, and instead encourage readers to keep a close eye on their card statements and report any fraud. But it occurred to me recently that I’ve never published a primer on the types of card fraud and the likelihood with each of the cardholder ever learning how their account was compromised. This post is an effort to remedy that.
The card associations (Visa, MasterCard, et. al) very often know which merchant was compromised before even the banks or the merchant itself does. But they rarely tell banks which merchant got hacked. Rather, in response to a breach, the card associations will send each affected bank a list of card numbers that were compromised.
The bank may be able to work backwards from that list to the breached merchant if the merchant in question is not one that a majority of their cardholders shop at in a given month anyway. However, in the cases where banks do know which merchant caused a card to be compromised and/or replaced, the banks rarely share that information with their customers.
Here’s a look at some of the most common forms of credit card fraud:
Hacked main street merchant, restaurant:
Most often powered by malicious software installed on point-of-sale devices remotely.
Distinguishing characteristic: Most common and costly source of card fraud. Losses are high because crooks can take the information and produce counterfeit cards that can be used in big box stores to buy gift cards and/or expensive goods that can be easily resold for cash.
Chances of consumer learning source of fraud: Low, depending on customer card usage.
Processor breach:
A network compromise at a company that processes transactions between credit card issuing banks and merchant banks.
Distinguishing characteristic: High volume of card accounts can be stolen in a very short time.
Chances of consumer learning source of fraud: Virtually nil. Processor breaches are rare compared to retail break-ins, but it’s also difficult for banks to trace back fraud on a card to a processor. Card associations/banks generally don’t tell consumers when they do know.
Hacked point-of-sale service company/vendor:
Distinguishing characteristic: Can be time-consuming for banks and card associations to determine vendor responsible. Fraud is generally localized to a specific town or geographic region served by vendor.
Chances of consumer learning source of fraud: Low, given that compromised point-of-sale service company or vendor does not have a direct relationship with the card holder or issuing bank.
Hacked E-commerce Merchant:
A database or Web site compromise at an online merchant.
Distinguishing characteristic: Results in online fraud. Consumer likely to learn about fraud from monthly statement, incorrectly attribute fraud to merchant where unauthorized transaction occurred. Bank customer service representatives are trained not to give out information about the breached online merchant, or address information associated with the fraudulent order.
Chances of consumer learning source of fraud: Nil to low.

A Bluetooth enabled gas pump skimmer lets thieves retrieve stolen card and PIN data wirelessly while they gas up.

ATM or Gas Pump Skimmer:
Thieves attach physical fraud devices to ATMs and pumps to steal card numbers and PINs. For more on skimmers, see my All About Skimmers series.
Distinguishing characteristic: Fraud can take many months to figure out. Often tied to gang activity.
Chances of consumer learning source of fraud: High. Bank should disclose to cardholder the source of the fraud and replace stolen funds.
Crooked employee:
Uses hidden or handheld device to copy card for later counterfeiting.
Distinguishing characteristic: Most frequently committed by restaurant workers. Often tied to a local crime rings, or seasonal and transient workers.
Chances of consumer learning source of fraud: Nil to low.
Lost/Stolen card:

Distinguishing characteristic: The smallest source of fraud on cards. Consumer generally knows immediately or is alerted by bank to suspicious transactions, which often involve small test transactions to see if the card is still active — such as at automated gas station pumps.
Chances of consumer learning source of fraud: High.
Malware on Consumer PC
Distinguishing characteristic: Malicious software that hooks into the victim’s browser, and records all data submitted into Web site forms, including credit card information. Leads to authorized online charges.
Chances of consumer learning source of fraud: Discovering the infection? Fairly good. Definitively tying card-not-present card fraud to a malware infection? Very low.
Physical record theft:
Merchant, government agency or some other entity charged with storing and protecting card data improperly disposes of card account records.
Distinguishing characteristic: Usually not high-volume. Less common form of fraud than it used to be.
Chances of consumer learning source of fraud: Nil to low.
I hope it’s clear from the above that most consumers are unlikely to discover the true source or reason for any card fraud. It’s far more important for cardholders to keep a close eye on their statements for unauthorized charges, and to report that activity as quickly as possible.