| Stolen Card Fraud | | | | machine), which reads the magnetic strip as the user |
| When a card holder loses or has their credit card | | | | unknowingly passes their card through it. These |
| stolen, it is possible for the thief to make unauthorized | | | | devices are often used in conjunction with a pin-hole |
| purchases on that card up until the card is cancelled. | | | | camera to read the user's pin number at the same |
| Businesses that accept credit cards are not permitted | | | | time. |
| to request supplemental ID from the cardholder, unless | | | | To prevent Cards in countries such as the UK are |
| the credit card is not signed[citation needed]. A thief | | | | issued featuring a smart chip with public key |
| can potentially purchase thousands of dollars in | | | | encryption. The chip cannot be copied, but the card |
| merchandise or services before the card holder or the | | | | number, expiry date and security code can be, and this |
| bank realize that the card is in the wrong hands. | | | | set of data is often sufficient to use the victim's credit |
| Self-serve payment systems such as gas stations are | | | | card account for fraudulent purposes with so-called |
| also highly prone to accepting a stolen credit card, as | | | | "card not present" transactions, e.g., manual input, over |
| there is no verification of the card holder's identity, | | | | the telephone or internet. |
| however many stations are trying to prevent this by | | | | Carding |
| adding a check requiring the user to key in a zip code. | | | | Carding is a term used by fraudsters for a process |
| The zip code must match the code registered to the | | | | they use to verify that sets of stolen credit card data |
| credit card or the transfer will fail. | | | | are still valid. The fraudster will present each set of |
| Account Takeover Fraud | | | | credit card details in turn on a website that has |
| Fraud perpetrators call in and impersonate actual | | | | real-time transaction processing, making a purchase |
| cardholders using stolen personal information. They | | | | for a very small monetary amount so as not to use up |
| have the address and other information of the | | | | the card's credit limit, and so as not to attract the |
| cardholder changed to an address they control. | | | | attention of a human reviewer to the transaction. |
| Additional cards and possibly PIN mailers are | | | | Often, an online donation site for a charity is used |
| requested and issued to the new address and used | | | | instead of an eCommerce merchant, since there is no |
| by the fraudsters to make purchases and/or obtain | | | | need to find an item of a suitable price to put in the |
| cash advances. | | | | virtual shopping cart, nor to supply shipping details. The |
| Sometimes the fraudster will attempt to add | | | | carder may do this manually with a web browser, or |
| themselves or an alias that they control as an | | | | may write automated software to interface to the |
| authorized user to the account in order to make it | | | | website's checkout or billing forms. |
| easier to commit the fraud. | | | | In the past, carders used to use computer programs |
| Credit Card Mail Order Fraud | | | | called "generators" to produce a sequence of credit |
| Using a stolen credit card number, or computer | | | | card numbers, and then test them to see which were |
| generated card number, a thief will order stolen goods. | | | | valid accounts. However, this process is no longer |
| Skimming | | | | viable due to widespread requirement by internet credit |
| Skimming is the theft of credit card information by a | | | | card processing systems for additional data such as |
| dishonest employee of a legitimate merchant, manually | | | | the billing address, the 3 to 4 digit Card Security Code |
| copying down numbers, or using a magnetic stripe | | | | and/or the card's expiry date. Nowadays, carding is |
| reader on a pocket-sized electronic device. Common | | | | more typically used to verify credit card data obtained |
| scenarios for skimming are restaurants or bars where | | | | directly from the victims by Skimming or Phishing. |
| the skimmer has possession of the victim's credit card | | | | A set of credit card details that has been verified in |
| out of their immediate view. The skimmer will typically | | | | this way is known in fraud circles as a phish (see |
| use a small keypad to unobtrusively transcribe the 3 or | | | | Phishing). A carder will typically sell data files of phish to |
| 4 digit Card Security Code which is not present on the | | | | other individuals who will carry out the actual fraud. |
| magnetic strip. | | | | Market price for a phish ranges from US$1.00 to |
| Many instances of skimming have been reported | | | | US$50.00 depending on the type of card, freshness of |
| where the perpetrator has put a device over the card | | | | the data and credit status of the victim. |
| slot of a public cash machine (Automated teller | | | | |