HomePublicationsCrime Profile Series Fact Sheet › Card Fraud

Card Fraud

Transactions using plastic cards have become more popular with the introduction of Internet-based shopping and banking. The number of card frauds has also increased as organised crime finds ways to profit from vulnerabilities in the market.

Nature of Card Fraud

Card fraud involves the use of plastic card details to make purchases or withdraw cash without the owner’s permission. Plastic cards may be grouped into three categories:1

  1. Stored value cards. These cards (sometimes called smart cards) are purchased before the transaction takes place. They may take the form of gift cards or phone cards, and the value is recorded on them electronically prior to customers using them. They may even be recharged.
  2. Debit cards. Debit cards allow transactions to be conducted and bank accounts debited immediately through the use of online connections made between Automated Teller Machines (ATMs) and Electronic Funds Transfer at Point of Sale (EFTPOS) terminals and banks.
  3. Credit cards. Credit cards are used to buy goods and services on the understanding that payment will be made at some point in the future.

The major types of credit card fraud are:

  • card-not-present fraud—where a transaction is completed via the phone, internet, mail or fax quoting a card number but without physically presenting the card
  • counterfeit card fraud—using fake credit cards
  • not-received fraud—theft of a card, for example, from a mailbox
  • application fraud—the use of a false identity for a credit card application.2

A recent Australian Bureau of Statistics report indicates most card fraud victims (36 per cent) do not know how their card details were obtained. Other victims identified that they had their credit or bank card details obtained from them in person (29 per cent), or through cardnot- present fraud (25.5 per cent).3

Card fraud, by its nature, is inherently associated with identity crime.

Organised crime groups are frequently involved in sophisticated card fraud because they are motivated by the monetary gains to be made.

The Australian Crime Commission conservatively estimates that serious organised crime costs Australia between $10–15 billion every year. This cost comprises loss of business and taxation revenues, expenditure on law enforcement and regulatory efforts, and social and community impacts of crime. Raising public awareness of crime issues is an important step in minimising the impact serious and organised crime can have on the community.

Extent

Card use—not only on the Internet, but at points of sale—has rapidly grown in the past decade, and with it has card fraud.

In 2008, the Australian Bureau of Statistics reported from their survey of personal fraud that of the 499 500 victims of identity fraud in the preceding year, the majority (77 per cent) were a victim of credit or bank card fraud.

Card-not-present fraud represents more than 50 per cent of all card fraud and is growing at just under 50 per cent every year, with a cost to Australia of around $82 million in 2009.4

Meanwhile in the same year, counterfeiting or skimming of credit cards cost Australians more than $45 million. While this figure was up 5.1 per cent on 2008 figures, it represents a slower growth than the 2007–08 comparative figures which saw a 59.7 per cent increase. The slower growth figures may indicate that a credit card chip-based authentication program being rolled out at point-of-sale outlets is having some effect.5

Debit card fraud, which had remained relatively stable since 2006, rose considerably in 2009. This may be due to an increase in skimming attacks focused more on debit rather than credit cards. Unlike credit card fraudsters who usually charge merchandise and then resell it to generate revenue, criminals who create counterfeit ATM or debit cards by stealing account data can withdraw cash directly from bank accounts.6

A 2008 survey of businesses in Australia and New Zealand found that unauthorised use of a credit card or credit card number stolen from the cardholder was the most common form of identity fraud, with more than 150 000 cases reported with a total value of over $90 million.7

Impact

The effects of card crime have implications for both consumers and businesses and are not limited to financial matters. Impacts include:

  • a loss of reputation or security for legitimate businesses
  • higher credit card interest rates and fees, and higher prices for retail goods to cover credit card losses
  • psychological stress for victims
  • increased business costs of managing and preventing fraud
  • possible refusal by credit companies to provide online merchant services to businesses.

How Card Fraudsters Work

Criminals commit card fraud in many ways.

In one survey conducted in the United States (US) in 1993, a group of 14 credit card fraudsters admitted to employing over 100 different ways of using credit cards to obtain funds dishonestly.8

Among methods identified in Australia are:

Card skimming—the criminal copies information from the card’s magnetic strip from which counterfeit copies can be made. Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim’s credit card out of their immediate view. Skimming may also occur where criminals put a device over the card slot of an ATM which then reads the magnetic strip as the user unknowingly passes their card through it. These devices are often used in conjunction with a pinhole camera to read the user’s Personal Identification Number (PIN) at the same time. Criminals may also tamper with EFTPOS terminals in order to gather card information.

Buying credit card information—in 2009, credit card information was the most commonly sold item in the underground economy, accounting for 19 per cent of the items for sale. Stolen card data can be sold for as low as US 85c per card when bought in bulk.9 Criminals may couple this information with details harvested from social networking sites to commit frauds.10

Counterfeit cards—criminals gain details of a current valid cardholder, usually from the internet. They then emboss blank white plastic cards with stolen numbers and the magnetic stripe on the card is encoded with matching numbers and the signature panel on the card installed. Identifying logos and colour printing are then added to mimic a real card.

Fraudulent use of debit card PINs—cardholders may disclose their PINs unwittingly or through coercion or through methods such as skimming. Stolen cards and PINs may be used to make unauthorised cash withdrawals.

Card theft—criminals steal cards and make purchases by forging the cardholder’s signature, or alter the encoded details on the card or even transfer those details to a counterfeit card or to several cards.

Application fraud—criminals obtain the personal details of a real person (such as from utility bills or bank statements stolen from post boxes, or through social networking sites), and use this information to acquire credit cards in that name. The offender then uses the cards to buy goods or services. Alternatively, a criminal uses false identification details to obtain a legitimate card in a false name. Legitimate cards will then be issued to an individual who will later default on paying monies owed and abscond.

Account takeover—criminals gather information on an intended victim (using the same techniques described above), then contact that person’s card issuer masquerading as the genuine cardholder and asking for mail to be redirected to a new address. The criminal then reports the card lost and asks for a replacement to be sent.

Internal or employee fraud— unauthorised transactions on business credit cards perpetrated by a criminal who has deliberately infiltrated an organisation, or an employee who has criminal motivations.

Hacking—criminals may hack into databases of account numbers which are held by internet service providers or other businesses that hold customer information, or by intercepting account details which travel in unencrypted form. Or, they may interfere with bank computers in order for sums in excess of account credit balances to be withdrawn.

Online scams—customers who make use of false credit card details or merchants who fail to honour online agreements.

Phishing—sending an email to a user that makes false claims in an attempt to trick them into revealing credit card information so money can be obtained from accounts.

Stored value card fraud—card readers are being programed to deduct greater value from the card than that authorised by the user, or sales staff could intentionally deduct greater sums than they are authorised to deduct. Sums which are rounded off to the nearest five cents could then be skimmed to the terminal owner’s advantage.

Carding—a process criminals use to verify the validity of stolen card data. To do this, criminals will present the card information they have obtained to buy something small on a website that has real-time transaction processes. If the card is processed successfully, the thief knows the card is still good.

How to Protect Against Card Fraud

The Australian Bankers’ Association recommends taking the following precautions:

  • Always be careful to shield your PIN when using an ATM or EFTPOS terminal. Use a free hand to cover the key pad while you enter your PIN.
  • You should treat your card like it is cash and make sure you never lose sight of it. If possible, don’t give your card to a waiter or shop assistant and let them walk out of your sight.
  • Be vigilant in checking your statements. Always report any unauthorised or suspicious transactions billed to your account and contact your bank immediately, even if the unauthorised transaction is a very small amount.
  • Make it a priority to get your card back after completing a purchase. Sometimes cards are intentionally retained by salespeople in order to later commit fraud.
  • You may wish to lower your card limit which prevents a criminal spending more than the limit if the card was ever lost, stolen or cloned.

Retailers, whether large or small, are also advised to be alert to the threat of card skimming and take appropriate measures to secure their EFTPOS terminals to help prevent criminal activity.

Links to Serious Organised Crime

Criminals engaged in card fraud may also be linked with a myriad of other organised crimes. Among them are:

Government Responses

The Australian Government launched the Organised Crime Strategic Framework in November 2009 to ensure Commonwealth agencies are working together to prevent, disrupt, investigate and prosecute organised crime. As part of the Framework, the ACC has produced two biennial classified Organised Crime Threat Assessments (OCTAs) which identify the highest organised crime threats to the Australian community. The OCTA informed the development of the Government’s inaugural Commonwealth Organised Crime Response Plan (OCRP) in 2010 to help prioritise Commonwealth agencies resources against these threats.

Recognising that organised crime is a national issue that requires a nationally coordinated response, the Commonwealth and the States and Territories agreed to the National OCRP 2010-13 in 2010 to strengthen multijurisdictional approaches, coordination, information sharing and joint activities to combat the national threat of serious and organised crime. Preventative partnerships with industry and the community are part of the strategies to respond to organised crime. These organised crime fact sheets describe the breadth and impact of organised crime activities and provide an insight into how industry and the community can help combat organised crime.

Further information on the Organised Crime Strategic Framework and the OCRP can be found at <http://www.ag.gov.au/www/agd/agd. nsf/Page/Publications_OrganisedCrime>.

 

This fact sheet was developed in collaboration with Attorney-General's Department and Australian Transaction Reports and Analysis Centre.

Endnotes

  1. Smith, RG 2007, ‘Plastic card fraud’, Trends and issues in crime and criminal justice, no. 71, Australian Institute of Criminology.
  2. Prabowo, H 2009, Fighting the unknown: do we stand a chance against credit card fraud?, University of Wollongong.
  3. Australian Bureau of Statistics (ABS) 2007, Personal Fraud, cat. no. 4528.0, July–December.
  4. Australian Payments Clearing Authority (APCA) 2009, Credit Card and Charge Card Fraud Perpetrated in Australia and Overseas on Australian-issued Cards, 1 July 2008–30 June 2009. NOTE: Figures may be subject to revision.
  5. Australian Payments Clearing Authority (APCA) 2009, Payments Fraud in Australia, media release, 9 December.
  6. Ibid.
  7. KPMG 2009, Fraud Survey 2008, KPMG.
  8. Jackson, J 1994, ‘Fraud masters: Professional credit card offenders and crime’, Criminal Justice Review, vol. 19, no. 1, p. 37.
  9. Symantec Global Internet Security Threat Report Trends for 2009, volume XV, published April 2010, p18.
  10. Detective Superintendent Brian Hay 2010, verbal submission to House of Representatives Standing Committee on Communications (Cybercrime), Fraud and Crime Group, State Crime Operations Command, Queensland Police Service, p. 11, 17 March.