Consumers awareness raising on non-cash payment fraud
Consumers awareness raising on non-cash payment fraud

Potential fraud: payment cards, ATMs

There are considerably fewer cases of fraud with the cards issued by banks of our country in Lithuania compared to other Baltic states. In Lithuania this indicator is 1, in Latvia - 7, while in Estonia it is even about 30 times higher. A high indicator of such crimes in Estonia is linked with a more developed commerce on the internet. Lithuania, however, is ahead of Estonia in fraud in cards issued by foreign banks.

A short overview of crimes related to payment cards and ATMs is provided below.

Spotting a PIN code and card or card data theft. As nowadays it is necessary to enter the PIN code rather often (in ATMs, stores, restaurants), criminals try to spot the PIN code and, if it is successful, to spy on the victim and steal it. After stealing the payment card, criminals can withdraw money from an ATM or use it for shopping in several minutes. This method is complicated, because criminals have to steal the payment card and it increases the risk of being caught.

If criminals have the equipment necessary, notice or find out the PIN code otherwise, they no longer have to steal the card - a dishonest employee of the store or restaurant can read the card data unnoticeably with a device which fits into the palm (this method is called "skimming"). Equipment for stealing card data and PIN codes can be installed in the points of sale (e.g., payment equipment in fuel stations, shops or other points of sale). This method of fraud is moving away from the EU.

Hold-up of a card in ATM. Earlier bank cards were often appropriated by the so-called "Lebanese loop" method when a fraudster uses an object preventing an ATM to draw in the card and later eject it. The victim who uses the ATM usually thinks that the ATM has "swallowed" his/her card. The criminal who is standing nearby approaches the victim and advises the card owner to enter the PIN code once again. The ATM does not respond to any key strokes but "helper" who is standing nearby takes a note of the PIN code. When the victim loses hopes to get the card back and leaves, the criminal pulls out the stuck card. Having the card and knowing the PIN code, the swindler empties the victim's account fast until the victim has not managed to report to the bank about the failure of the ATM.

Attaching equipment to read card data and PIN codes in ATM. Fraudster secretly mount special attachments to ATMs (e.g., a device with the reader of magnetic tapes is affixed to the ATM cavity where a card should be inserted, mini cameras are installed, an extra keyboard is attached above the ATM keyboard to capture the PIN code being entered). It is very difficult to tell that the ATM has been modified, especially if it is not known what the ATM looked like before. The copies of magnetic cards made using the data of stolen cards can be used to withdraw money from ATMs or pay in stores (only where they have the card readers of the old type, i.e. the readers which do not read chip cards).

Phishing means a form of internet fraud when personal information is obtained from persons by deceit (e.g., numbers of bank accounts, addresses, numbers of payment cards, passwords, PIN codes, CVC/CVV2 codes, etc.). Fake e-mails are most often used for this purpose; the e-mails look as if they have been sent by a bank, leasing, insurance company employees or online store representatives. Such e-mails are linked to a fake website, which is very similar to the real one and which asks to log into the person's account and update the log-in information to access e-banking and other data.

In addition, fake websites can automatically send a virus or a spying programme to the user's computer to record the key strokes when, for example, paid internet sites are visited (e.g., when reading electronic publications) and this information is sent to the fraudster. The information obtained in this way can later be used for profiteering through criminal activities: money thefts from accounts or online payments for goods using cards of other persons.

Spam is also widely used by online criminals for trapping: the persons "hooked" by a spam message are directed to fake websites which automatically send a virus or a spying programme.