- advertisement -

Internet fraud: credit crooks and the new economy

Where there's a web, chances are there's a spider.

Where there's a World Wide Web, there are criminals ready and able to perpetrate all sorts of havoc, from using your credit card number to ship dozens of computers overseas on your tab to hacking into customer databases, obtaining thousands of valid card numbers and using them to extort fortunes from their stunned corporate victims.

- advertisement -

Internet fraud is the dirty little secret of the New Economy. For every well publicized Ebay or Egghead hacker attack, others go unreported, the corporate chiefs preferring to quietly pay the ransom rather than risk scaring off potential online customers with the negative publicity.

Nobody wants to cut e-commerce off at the knees just as it's getting on its feet. Credit card issuers, acquirers, processors, merchants and consumers alike welcome the convenience of online, real time transactions.

The problem is, so do the crooks.

"The criminals are going to go where the money is, and a lot of money right now is in e-commerce," says Jeff Winter, spokesman for the U.S. Secret Service Office of Investigations. "It's anonymous and it's extraordinarily lucrative.

"Robbing a bank these days is not as appealing. When you go in and you've got cameras looking at you, you know you're going to get caught and you're only going to get a couple thousand dollars. On one stolen credit card alone, on average you can get $3,000 with a skimming device. In a lot of ways, it's the bank robbery of the future."

The way crooks steal today will determine in part how we buy and sell tomorrow.

"Skimming" and "Cloning"
Credit card fraud has been something of a technological foot race since the first charge cards came into existence 50 years ago.

Over the years, card issuers have added increasingly sophisticated security measures, from a simple cardholder signature on the first cards to the embossed account numbers, embedded holograms, magnetic stripes and card verification code/card verification values on today's cards.

They did their job pretty well, particularly to combat fraud from lost and stolen cards, which account for more than half of all credit card crime.

But many of those anti-fraud measures went out the window when mail order/telephone order transactions became widespread in the 1980s. The sudden growth that resulted from consumer confidence in that sales channel more than offset the increased risk of card-not-present transactions.

It also opened a lucrative new opportunity for fraud. The bad guys no longer needed the physical card to pillage your account; a valid number suffices in most cases.

Computer-savvy crooks soon found quick and easy ways to access card numbers:

Skimming uses an electronic credit card reader or "wedge" roughly the size of a pager to collect and store the information encoded on your card's magnetic stripe. The device is commonly used in places with high customer traffic such as retail stores and restaurants where the skimmer can collect card data without fear of detection. Card readers are widely available for legitimate purposes for under $300; tampering turns them into skimmers.

Terminal cloning is a more sophisticated computer scam in which the software that runs a merchant's point-of-sale terminal is actually diverted and downloaded to the criminal's computer, enabling them to, in effect, ring up fraudulent card transactions on that merchant's account.

Factoring is a scam that typically targets mom-and-pop merchants. The unsuspecting merchant will be approached by another vendor who claims to be unable to process transactions for any number of reasons. The merchant agrees to process the vendor's sales for a small percentage, the money is wired by the criminal to another account and the merchant is left with a pile of chargebacks.

CreditMaster, Credit Wizard and other notorious Web sites actually generate sequences of 16-digit credit card numbers from valid Bank Identification Numbers or BIN numbers, the first six digits of the card number. This enables crooks to quickly rack up multiple fraudulent sales from online merchants whose security doesn't block sales to sequential numbers.

Acceptable losses
Frank D'Angelo, senior vice president and general manager of electronic funds transfer and card solutions for Metavante Corp., a Wisconsin-based financial technology company, says the credit card industry long ago adopted a philosophy of acceptable loss with regard to fraud.

"It's hard to prevent fraud," he admits. "They're going to get you for the $25 initial try. Most of the energy is spent on the detection of fraud and limiting the loss."

Because merchants ultimately take the hit, Metavante and others continually urge them to watch for these warning signs of a fraudulent online purchase:

  • Unusually large dollar amount or number of sales to the same card number
  • Same dollar amount on multiple or sequential sales orders
  • Same card number on multiple or sequential sales orders
  • Sequential sales orders to accounts with the same BIN number
  • Shipping and billing address don't match
  • Orders shipping to high-risk foreign destinations
  • Orders from free e-mail addresses (difficult to trace)

"The various providers of credit cards have really been fighting for market share. They really loosened up their standards to some extent in penetrating new markets such as college kids to get more cards on the street," says D'Angelo.

"That created some additional fraud opportunities. The credit card industry is still very profitable, the debit card industry is still very profitable, but the opportunity has increased for fraud because the crooks are just as smart as the good guys."

There have been efforts to shore up security. Merchants are urged to use the address verification system on card-not-present transactions, but it doesn't work with foreign cards. Visa came up with a Secure Electronic Transaction online security protocol in addition to the more commonplace Secure Socket Layer, but it hasn't caught on with merchants so far.

Your money or your privacy
As long as fraud losses trail well behind credit card volume, card issuers are unlikely to do much more than shadowbox with it, according to David Sorkin, director of the Center for Information Technology and Privacy Law at John Marshall Law School in Chicago.

"Transparency is important for consumer confidence. The simpler the system, the easier it is to make it transparent to people," he says.

"Right now, businesses as well as credit card issuers are really going out on a limb to push for acceptance of online transactions and promote consumer confidence. They are not really charging discount rates that reflect the increased risk yet because they want consumers to use their cards online."

Merchants, on the other hand, have a very real stake in knowing a little more about who's at the other end of that online transaction. Sorkin says don't be surprised if that online vendor follows up on your next major purchase with a few additional questions.

"I think that's quite possible," says Sorkin. "Now, in a lot of cases, you may have to supply a street address and they'll verify that, where you probably wouldn't need it for a card-present transaction. It is certainly possible that they'll extend upon that by asking for a phone number.

"I don't think they'll go so far as to ask for a mother's maiden name or Social Security number, but it wouldn't surprise me to see them add to that list."

Wrestling with Mob.com
Federal authorities aren't taking online fraud lightly, either.

The FBI recently teamed with the National White Collar Crime Center to launch its Internet Fraud Complaint Center and the Secret Service is building a database to quickly pinpoint where credit cards are being skimmed.

Their target is neither petty thieves nor malicious hackers.

"The other part of the story is you have inherently violent criminals now who are getting into what has traditionally been called white-collar crime," says Winter.

Meaning organized crime?

"No question. Absolutely. That's a big part of it now. Most of it is organized crime.

"The difficulty with technology, financial crimes and cybercrime in general nowadays is the traditional venues of jurisdiction are blurred," he adds. "The crime may be committed here but then it's sent overseas. Sometimes the crime occurs overseas but the companies in the U.S. are being hit.

"With the evolution of our payment systems, we've become more and more involved as an investigative unit. We're beefing up big-time."

 

 

 
-- Posted: April 17, 2001
   

 

 
 

 

Looking for more stories like this? We'll send them directly to you!
Bankrate.com's corrections policy
Print  
 

Credit Cards
Compare weekly rates
WEEKLY AVERAGES
Type Fixed Variable
Standard 13.23% 14.86%
Gold
Platinum 12.70% 16.01%
All 13.02% 15.70%



RELATED CALCULATORS
  Loan calculator (includes amortization schedule)  
  See your FICO score range -- free  
  What will it take to pay off your credit card?  
VIEW ALL 

BASICS SERIES
Credit Card Basics
Don't get trapped by card debt. Learn to use it wisely.
How to find the best card
Check your credit report
Finance charges explained
How to ask for a lower rate
Improve credit with a card
How to repair your credit

MORE ON BANKRATE
Banking glossary  
News archive  
Keep an eye on the leading rates  
Find a high-yielding CD


- advertisement -

 
- advertisement -