| Stolen Card Fraud | | | | (Automated teller machine), which reads the |
| | | | magnetic strip as the user unknowingly passes |
| When a card holder loses or has their credit | | | | their card through it. These devices are |
| card stolen, it is possible for the thief to | | | | often used in conjunction with a pin-hole |
| make unauthorized purchases on that card up | | | | camera to read the user's pin number at the |
| until the card is cancelled. Businesses that | | | | same time. |
| accept credit cards are not permitted to | | | | |
| request supplemental ID from the cardholder, | | | | To prevent Cards in countries such as the UK |
| unless the credit card is not signed[citation | | | | are issued featuring a smart chip with public |
| needed]. A thief can potentially purchase | | | | key encryption. The chip cannot be copied, |
| thousands of dollars in merchandise or | | | | but the card number, expiry date and security |
| services before the card holder or the bank | | | | code can be, and this set of data is often |
| realize that the card is in the wrong hands. | | | | sufficient to use the victim's credit card |
| Self-serve payment systems such as gas | | | | account for fraudulent purposes with |
| stations are also highly prone to accepting a | | | | so-called "card not present" transactions, |
| stolen credit card, as there is no | | | | e.g., manual input, over the telephone or |
| verification of the card holder's identity, | | | | internet. |
| however many stations are trying to prevent | | | | |
| this by adding a check requiring the user to | | | | Carding |
| key in a zip code. The zip code must match | | | | |
| the code registered to the credit card or the | | | | Carding is a term used by fraudsters for a |
| transfer will fail. | | | | process they use to verify that sets of |
| | | | stolen credit card data are still valid. The |
| Account Takeover Fraud | | | | fraudster will present each set of credit |
| | | | card details in turn on a website that has |
| Fraud perpetrators call in and impersonate | | | | real-time transaction processing, making a |
| actual cardholders using stolen personal | | | | purchase for a very small monetary amount so |
| information. They have the address and other | | | | as not to use up the card's credit limit, and |
| information of the cardholder changed to an | | | | so as not to attract the attention of a human |
| address they control. Additional cards and | | | | reviewer to the transaction. |
| possibly PIN mailers are requested and issued | | | | |
| to the new address and used by the fraudsters | | | | Often, an online donation site for a charity |
| to make purchases and/or obtain cash | | | | is used instead of an eCommerce merchant, |
| advances. | | | | since there is no need to find an item of a |
| | | | suitable price to put in the virtual shopping |
| Sometimes the fraudster will attempt to add | | | | cart, nor to supply shipping details. The |
| themselves or an alias that they control as | | | | carder may do this manually with a web |
| an authorized user to the account in order to | | | | browser, or may write automated software to |
| make it easier to commit the fraud. | | | | interface to the website's checkout or |
| | | | billing forms. |
| Credit Card Mail Order Fraud | | | | |
| | | | In the past, carders used to use computer |
| Using a stolen credit card number, or | | | | programs called "generators" to produce a |
| computer generated card number, a thief will | | | | sequence of credit card numbers, and then |
| order stolen goods. | | | | test them to see which were valid accounts. |
| | | | However, this process is no longer viable due |
| Skimming | | | | to widespread requirement by internet credit |
| | | | card processing systems for additional data |
| Skimming is the theft of credit card | | | | such as the billing address, the 3 to 4 digit |
| information by a dishonest employee of a | | | | Card Security Code and/or the card's expiry |
| legitimate merchant, manually copying down | | | | date. Nowadays, carding is more typically |
| numbers, or using a magnetic stripe reader on | | | | used to verify credit card data obtained |
| a pocket-sized electronic device. Common | | | | directly from the victims by Skimming or |
| scenarios for skimming are restaurants or | | | | Phishing. |
| bars where the skimmer has possession of the | | | | |
| victim's credit card out of their immediate | | | | A set of credit card details that has been |
| view. The skimmer will typically use a small | | | | verified in this way is known in fraud |
| keypad to unobtrusively transcribe the 3 or 4 | | | | circles as a phish (see Phishing). A carder |
| digit Card Security Code which is not present | | | | will typically sell data files of phish to |
| on the magnetic strip. | | | | other individuals who will carry out the |
| | | | actual fraud. Market price for a phish ranges |
| Many instances of skimming have been reported | | | | from US$1.00 to US$50.00 depending on the |
| where the perpetrator has put a device over | | | | type of card, freshness of the data and |
| the card slot of a public cash machine | | | | credit status of the victim. |