Guide to Credit Card Security

According to the Office for National Statistics, and despite ever-improving security measures, credit card and banking fraud is currently the second most prevalent type of crime in England and Wales (over 3.5 million incidents having been identified in the Crime Survey of England & Wales crimes1).

However, despite its prevalence, few people understand the unique risks we face with regards to credit card security, the scams fraudsters use, what we can do as individuals to ensure we do not unwittingly expose ourselves to becoming the victims of such crimes, and where to turn for help if we are targeted by criminals.

What techniques are criminals using to commit credit card crime?

Methods by which criminals commit credit card fraud have changed radically over the years as criminals continually try to keep pace with card issuers' ever improving security features. So, whilst stealing a card and faking a customer signature could once reap good returns, criminals are now using ever more sophisticated methods to commit crime. Below we have detailed a number of the most commonplace techniques, but these change regularly and card holders should always remain vigilant against any suspicious behaviour or activity on their account.

Man and Woman check credit card account on their computer

Skimming
Skimming is where criminals make a copy of a card's details by passing the card through 'skimming' devices. Skimming devices can be small and portable to enable use when a card is out of a customer's sight (for instance, in a restaurant), or they can be fixed in places where cards regularly pass through, like ATMs (often these devices also include video recorders to capture PIN numbers). Card details can then be used to create counterfeit cards which can be used to withdraw funds or purchase goods.

Contactless card fraud
The growing prevalence of contactless cards has led to increased fears that criminals may be able to effectively skim payment cards without them having ever left an individual's purse or wallet.

Tests, undertaken by the Institution of Engineering and Technology, revealed that card data could be read at a distance of up to 80cm, rather than 5cm as the banking industry maintained. Theoretically cards could be read using devices card holders obliviously walk past.

Assuming fraud did take place, the liability rests with the issuing bank, but they are prone to dispute claims and recovering monies can be a long and drawn out process. Simply carrying a piece of metal, like tin foil, next to the chip in ones purse, or wallet, is often enough to prevent readers being able to capture card details.

Phishing, spoofing
Phishing techniques are one of the oldest methods used by fraudsters to electronically target credit card customers, and many people are aware of them. Generally emails are sent by fraudsters (usually en masse), purporting to be the consumer's bank, asking for sensitive customer information. The details captured are used to hack accounts or are used in conjunction with other techniques to target individuals.

Fortunately, email service providers tend to be very good at identifying such mail as 'spam' and much of it never gets to customer inboxes. That which does get through tends to be deleted by savvy customers.

However, the continued prevalence of such emails points to the fact that some customers are still falling prey to this technique.

Spear phishing
Spear phishing is a technique which builds on prior information gained about the consumer (perhaps through phishing). This is then used to tailor phishing emails or other communications to maximise their success rate.

Pharming Pharming occurs where consumers are directed to fake bank websites, sometimes through phishing emails, where their information is requested.

Vishing (The courier scam)
Vishing occurs when customers receive a call from someone claiming to be from the security department of their bank. They claim to have flagged fraudulent transactions on the customer's credit card, and state they need to collect the card. Often they will ask the customer to put their card into an envelope and key the pin into the phone for authentication. Fraudsters then hire genuine couriers to collect the cards, which are then used by the criminals to withdraw money.

Identity theft
Identity theft continues to be one of the main risks we are exposed to. Criminals gather details of an individual, then apply for products and run up bills in their name. Often details can be obtained from unshredded personal documents left in people's bins.

What are UK banks doing to combat credit card crime?

Credit card security must inevitably be ever-changing in order to keep pace with criminals. From the widespread introduction of the magnetic strip in 1971 and chip and pin (introduced in 2004 and made mandatory on 14th February 2006), banks have now moved on to more complex security measures, including card readers, telephone authentication and other anti-fraud systems which use complex algorithms to identify unusual purchase or transaction patterns.

How do you improve your credit card and banking security?

It is impossible to entirely remove the risk of credit card fraud. Even people who have never had a card are potentially at risk from identity theft. However, there are measures we can all take to reduce the risk of compromising our credit card security.

  • Never disclose your pin numbers to anyone. Try to remember the numbers, rather than having them written down and ideally have a unique pin per card.
  • When taking money out of the cashpoint, if you notice anything unusual about the terminal, or there are any signs of tampering, do not use it and report it to the bank or the police as soon as possible.
  • Always shield your hand when you enter your pin number. This will reduce the risk of anyone seeing your pin by looking over your shoulder, or filming your pin with a camera attached to the cash machine.
  • Don't leave your receipt in the card machine or throw out any credit card statements without shredding them first
  • Never give out your credit card number or CCV number over the phone unless you made the call and know who you are speaking to. Your bank will never ask for this information.
  • Always use a strong password for your banking - don't use birthdays or any numbers that are easy to guess.
  • Do not use the same password for all your banking products.
  • Always check your credit card statements to ensure all charges are your own and notify the card issuer the minute something untoward occurs. Always shred any old or unwanted credit card statements.
  • Consider paperless statements to eliminate the risk of your details being stolen by identity thieves.
  • Ensure that when a retailer takes your card for payment that you can see the card at all times.

Online Security Guidance

As more and more spending is conducted online, we need to be alert to the specific threats posed to our banking security in a digital environment.

  • Try to avoid using public computers to make purchases online, as they could contain programs that log your personal information, including your card information and password.
  • Before shopping online, make sure that the computer you are using has a suitable security package and firewall (to prevent unwanted 'visitors' to your computer whilst you input your credit card details) and that all available updates have been uploaded - these are regularly updated in response to new threats.
  • If you don't know the website you are visiting, research it thoroughly using the wider web (don't rely on reviews from the site itself as these may not be genuine).
  • Before making any purchases online, ensure that you have signed up to 'Verified by Visa' or Mastercard Securecode'. These are extra online security measures undertaken by participating sites, and with participating cards. To see if your card is registered and for more information, see www.visa.co.uk/products/protection-benefits/verified-by-visa/faqs and www.mastercard.co.uk/securecode.html
  • Before making your purchase online, always ensure that the payment page on the site you are ordering from is secure. Here you should ensure that the web address begins https:// (the 's' stands for 'secure') - also, look for the padlock symbol, usually displayed in the bottom right corner of a payment page
  • If you are making a purchase over £100 and under £30,000, then it makes sense to use your credit card, as you get the protection of Section 75, Consumer Credit Act (something which is not available on the majority of debit cards). If your purchase is between £30,000 and £60,260 this is covered by the more recent legislation - The Consumer Credit Directive.

Who is liable if I am the victim of credit card fraud?

Prior to 1 November 2009, banks often refused to accept liability with regard to credit card fraud, claiming that their systems could not be beaten, and that the customer must have acted 'without reasonable care'. However, after this date, with the Financial Services Authority's Payment Services Regulations 2009, the onus of proof fell to the banks to prove that the cardholder was at fault. Some banks advertise the fact that the customer will never be out of pocket if they are a victim of fraud, whilst others promise to pay all but the first £50 of any fraudulent activity.

What should I do if I have been a victim of fraud?

If you notice unexplained activity on your account, or feel your card/banking security may have been compromised, you should contact your bank or other financial institution immediately. They will place a stop on the card in question and in turn, will make a report to the National Fraud Intelligence Bureau (NFIB).

If the fraud you experienced involved a non-UK bank or financial institution, or your bank will not reimburse you, or you have information which may identify the perpetrator of the fraud, then you should make a separate report to Action Fraud (the UK's national fraud and internet crime reporting centre). You can either phone them on 0300 123 2040, or make a report online at www.actionfraud.police.uk


1http://www.ons.gov.uk/ons/rel/crime-stats/crime-statistics/period-ending-march-2014/stb-crime-stats.html
 


Comments or suggestions about this tool? Send us feedback