| Stolen Card Fraud | | | | user unknowingly passes their card |
| When a card holder loses or has their | | | | through it. These devices are often used |
| credit card stolen, it is possible for | | | | in conjunction with a pin-hole camera to |
| the thief to make unauthorized purchases | | | | read the user's pin number at the same |
| on that card up until the card is | | | | time. |
| cancelled. Businesses that accept credit | | | | To prevent Cards in countries such as |
| cards are not permitted to request | | | | the UK are issued featuring a smart chip |
| supplemental ID from the cardholder, | | | | with public key encryption. The chip |
| unless the credit card is not | | | | cannot be copied, but the card number, |
| signed[citation needed]. A thief can | | | | expiry date and security code can be, |
| potentially purchase thousands of | | | | and this set of data is often sufficient |
| dollars in merchandise or services | | | | to use the victim's credit card account |
| before the card holder or the bank | | | | for fraudulent purposes with so-called |
| realize that the card is in the wrong | | | | "card not present" transactions, e.g., |
| hands. Self-serve payment systems such | | | | manual input, over the telephone or |
| as gas stations are also highly prone to | | | | internet. |
| accepting a stolen credit card, as there | | | | Carding |
| is no verification of the card holder's | | | | Carding is a term used by fraudsters for |
| identity, however many stations are | | | | a process they use to verify that sets |
| trying to prevent this by adding a check | | | | of stolen credit card data are still |
| requiring the user to key in a zip code. | | | | valid. The fraudster will present each |
| The zip code must match the code | | | | set of credit card details in turn on a |
| registered to the credit card or the | | | | website that has real-time transaction |
| transfer will fail. | | | | processing, making a purchase for a very |
| Account Takeover Fraud | | | | small monetary amount so as not to use |
| Fraud perpetrators call in and | | | | up the card's credit limit, and so as |
| impersonate actual cardholders using | | | | not to attract the attention of a human |
| stolen personal information. They have | | | | reviewer to the transaction. |
| the address and other information of the | | | | Often, an online donation site for a |
| cardholder changed to an address they | | | | charity is used instead of an eCommerce |
| control. Additional cards and possibly | | | | merchant, since there is no need to find |
| PIN mailers are requested and issued to | | | | an item of a suitable price to put in |
| the new address and used by the | | | | the virtual shopping cart, nor to supply |
| fraudsters to make purchases and/or | | | | shipping details. The carder may do this |
| obtain cash advances. | | | | manually with a web browser, or may |
| Sometimes the fraudster will attempt to | | | | write automated software to interface to |
| add themselves or an alias that they | | | | the website's checkout or billing forms. |
| control as an authorized user to the | | | | In the past, carders used to use |
| account in order to make it easier to | | | | computer programs called "generators" to |
| commit the fraud. | | | | produce a sequence of credit card |
| Credit Card Mail Order Fraud | | | | numbers, and then test them to see which |
| Using a stolen credit card number, or | | | | were valid accounts. However, this |
| computer generated card number, a thief | | | | process is no longer viable due to |
| will order stolen goods. | | | | widespread requirement by internet |
| Skimming | | | | credit card processing systems for |
| Skimming is the theft of credit card | | | | additional data such as the billing |
| information by a dishonest employee of a | | | | address, the 3 to 4 digit Card Security |
| legitimate merchant, manually copying | | | | Code and/or the card's expiry date. |
| down numbers, or using a magnetic stripe | | | | Nowadays, carding is more typically used |
| reader on a pocket-sized electronic | | | | to verify credit card data obtained |
| device. Common scenarios for skimming | | | | directly from the victims by Skimming or |
| are restaurants or bars where the | | | | Phishing. |
| skimmer has possession of the victim's | | | | A set of credit card details that has |
| credit card out of their immediate view. | | | | been verified in this way is known in |
| The skimmer will typically use a small | | | | fraud circles as a phish (see Phishing). |
| keypad to unobtrusively transcribe the 3 | | | | A carder will typically sell data files |
| or 4 digit Card Security Code which is | | | | of phish to other individuals who will |
| not present on the magnetic strip. | | | | carry out the actual fraud. Market price |
| Many instances of skimming have been | | | | for a phish ranges from US$1.00 to |
| reported where the perpetrator has put a | | | | US$50.00 depending on the type of card, |
| device over the card slot of a public | | | | freshness of the data and credit status |
| cash machine (Automated teller machine), | | | | of the victim. |
| which reads the magnetic strip as the | | | | |