How to protect a bank card from fraudsters

Card fraud methods

The fantasy of criminals is limitless. Literally every year, new, more sophisticated ways appear. Let's consider the main ones.

Credit card fraud is called carding.

Let's start with the "classics". You came to withdraw money through an ATM. Hurry up, enter your PIN code literally on the run, while chatting on the phone. You didn't even look at the inconspicuous guy in a baseball cap and dark glasses looking over your shoulder. But he was watching you very closely. He spied on and memorized the numbers that you entered. Further elementary GOP stop- and goodbye money.

Also, in the confusion, you may not see that in front of you is not a real ATM, but a fake. After all, the device is exactly like a real one. Stickers, instructions - everything is right. Insert the card, enter the PIN-code, and the screen displays: "The device is faulty", "A system error has occurred", "Not enough funds" or something like that. Well, it happens. You go to look for another ATM. But before you find it, scammers will empty your account. After all, with the help phantom ATMthey have already read all the necessary data about your card.

Often imitate ATM malfunction … For example, late at night you return home and decide to cash out your salary along the way. Insert the card, enter the PIN-code, the amount - everything is going fine. The card collector handed over the card, but the tray where the money should appear does not open. Broken? Probably! It's dark around, you need to call the bank and figure out what happened. You walked away literally ten meters, and the nimble thieves have already peeled off the tape and took your money. Yes, the bills were not issued by simple adhesive tape.

Another technique is called Lebanese loop … This is when a lasso from a film is inserted into the card reader. If you hit him, the card can no longer be pulled out. As a rule, there is an “assistant” right there: “Yesterday the ATM ate my card in the same way, I entered just such a combination and PIN-code, and everything worked.” You try, fail, and go to the bank for help. At this time, the good Samaritan takes the card and goes to empty it. He knows the PIN. You yourself have just introduced it openly. Remember?

However, the ATM can be real and even serviceable. This is not a problem if the attackers have skimmer … This is a device for reading information encoded on the magnetic stripe of the card. Physically, the skimmer is an overhead block attached to the card capture reader, while it looks like a part of the ATM structure.

With the help of the transmitter, scammers receive information from the skimmer and produce fake cards. They will use the skimmed card, but the money will be debited from the original account. Hence the name of the method - skimming, from the English "skim the cream".

How do they find out the PIN? In addition to the skimmer, they have other devices. For example, overlay keyboard … It completely imitates the real one, but at the same time remembers the typed key combinations.

Alternatively - a miniature camera aimed at the keyboard and disguised as a box with advertising brochures.

A kind of skimming - shimming … Instead of bulky overlays, a thin, elegant card is used, which is inserted through the card reader directly into the ATM. Further, the scheme is the same as for skimming. But the degree of danger is higher: it is almost impossible to discern that there is a "bug" in the ATM. It is consoling, however, that it is rather difficult to make a shim - its thickness should not exceed 0.1 mm. Almost nanotechnology.:)

Phishing is a common method of online fraud. Most of you don't need to be told what it is. Perhaps someone even received a "letter from the bank" with a request to follow the link and clarify the details. Moreover, the phishing page looked like a real one, the same colors, fonts, logos, except for the annoying "typo" in the address bar.

Recently, a subtype of phishing has been spreading more and more - vishing … Simply put, phone divorce … Fraudsters simulate an autoinformation call. A frightening robotic voice informs you that your card is blocked, or has been attacked by hackers, or you urgently need to pay off a loan debt. For details, call this number. You call, and the courteous "operator" asks you to "verify" the card number, its expiration date, verification code … As soon as you dictate the last digit, you can say goodbye to your money. By the time you come to your senses, they will already be spent in some online store.

By the way, due to the fact that to use the card it is not necessary to have its physical presence, fraudsters are increasingly using the methods social engineering … So I was almost deceived.

I was selling furniture. I posted an ad with photos on a well-known website. I indicated a number through which no authentication passes for me. Soon a man called. He introduced himself as Vasily, an employee of a firm that rents out apartments for rent. He said that they liked my sofa - they take it without looking! The money will be transferred to my card right now. No problem. I often buy on the Internet, for these purposes I have a special card. There was nothing to write off from it then, but to replenish it - please. But one number was not enough for the caller - the interlocutor asked for more validity period and CVV2. I didn’t name it, but Vasily was offended. He said who I was and where I had to go, and hung up.

Most of the cards are now tied to a phone number in order to confirm transactions or, for example, the entrance to the Internet bank using SMS messages. What cybercriminals do not do to get hold of the necessary SIM-card: they steal phones, intercept SMS, make duplicate SIM cards, and so on.

Safety rules when using cards

Having issued a debit or credit card at the bank, we receive a banking service agreement and an envelope with a PIN code. It is a pity that in addition to this set, they do not attach a memo with basic safety rules for cardholders. It should include the following recommendations.

If possible, make yourself a hybrid card - with a chip and a magnetic stripe (unfortunately, cards with only a chip are almost never used in Russia). Such a card is better protected from hacking and counterfeiting by skimming.
Learn the PIN by heart. If there is no hope for memory, write it down on a piece of paper, but keep it separately from the card.
Never, under any circumstances, disclose to third parties the PIN-code and CVV2-code of the card, as well as its validity period and to whom it is registered. No bank will ask you for these details. And for crediting funds to your account, only the 16-digit number indicated on the front of the card is enough.
Do not use the so-called payroll cards for payments in stores and online purchases. It is better to transfer money from a card account to your personal account or set daily limits for all types of operations performed.
Choose ATMs located inside bank offices or in secure locations equipped with video surveillance systems.
Do not use suspicious ATM machines. And before inserting the card into the terminal, carefully examine it. Is there anything suspicious on the keyboard or in the card reader? Is there a strange advertising tray hanging nearby?
Feel free to cover the keyboard with your hand and ask especially curious friends in line to step aside. If you have any problems, do not use the advice of "random assistants" - without leaving anywhere, immediately call the bank and block the card.
If you have lost your card, as well as if you have reason to believe that third parties have learned its details, immediately contact the bank and block it.

The easiest way is to call. If you have the card in your hands, the support number can be seen on the back of the card. Typically, contact centers are open around the clock. If the card remains in the ATM and you do not know your bank's phone number, call the ATM maintenance company. The number must be indicated on the terminal.

Also, inquire about the possibilities and conditions of card insurance at your bank. Some lending institutions have special programs to protect clients from fraud and reimburse them.

Security rules when using banking

Without leaving home, you can use a large package of services. For example, pay something or transfer money to your or someone else's account.

Banking - remote banking services.

Internet and SMS banking are distinguished. The first one allows you to carry out transactions through the client's personal account on the bank's website or through the application, and the second involves informing about transactions via SMS messages.

To use banking without the risk of losing money, the following basic precautions must be followed.

Do not enter the Internet bank from other people's computers or from unsecured public networks. If this does happen, after the session is over, click "Exit" and clear the cache.
Install an antivirus on your personal computer and keep it up to date. Use modern versions of your browser and email programs.
Do not download files obtained from unverified sources, do not follow unreliable links. Do not open suspicious emails and immediately block the sender.
Do not enter any of your personal data unless necessary, in addition to your username and password.
Check the address bar. A secure HTTPS connection must be used. And the slightest mismatch with the bank's domain almost certainly means that you are on a phishing site.
Come up with a complex password to enter your personal account, and also use one-time passwords requested by banks to confirm actions in your personal account.

Remember! Banks do not send messages about blocking cards, and in a telephone conversation they do not ask for confidential information and codes associated with customer cards.

To save the SIM card to which the card is attached, promptly notify the bank when you receive suspicious messages and in no case call the numbers indicated in them. Inform the bank if you changed your number or lost your SIM card. Set a password on your phone and do not remove the block from the screen if someone else is watching your actions. And if the SIM card is issued to you personally, then prohibit its replacement by power of attorney.

What to do if scammers debited money from the card

Disputes between clients and banks are not uncommon. The first, having learned about the unauthorized debiting of funds from their accounts, ask to return their hard-earned money, and the second often shrug their shoulders: "You yourself told the scammers everything."

In 2011, Federal Law No. 161 “On the National Payment System” came into force, designed to streamline and change for the better the practice of providing payment services. In particular, he established the legal framework for the entire payment system as a whole and adjusted the rules for the implementation of non-cash payments, as well as the emission and use of electronic money.

In 2014, Article 9 of this Law came into force. The norm protects users of bank cards from fraud. The law establishes the presumption of innocence for clients. The bank is obliged to reimburse the amounts transferred from the client's account as a result of an operation not authorized by it, unless it is proved that the client himself violated the procedure for using the electronic means of payment.

From September 26, 2018, banks, according to the law, will be able to block customer cards if they suspect that fraudsters are transferring money from them. After blocking, the bank must inform the account owner about this, and the latter will either have to confirm the operation or report an attempted theft.

In other words, the law distinguishes between the responsibility of the bank and the client.

Has the bank informed the client about an unauthorized transaction? If not, the responsibility lies entirely with the bank. If reported, go to point number 2.
Has the client informed the bank no later than the next business day after notification from the bank that this operation was performed without his (client's) consent? If not, the responsibility lies with the client. If you have informed, go to point number 3.
Was the bank able to prove that the client violated the procedure for using electronic money? If so, the responsibility lies with the client. If not, the responsibility lies entirely with the bank and it is obliged to reimburse the client for the entire amount of the contested transaction.

A prerequisite for reimbursement of unauthorized funds debited is the notification of the bank about the use of the card without the consent of its holder.

Tell the bank that the card is being used by someone else, you need to no later than one dayfollowing the day the customer discovered the fraud.

Meeting this deadline is very important. Delayed - you can not count on a refund.

In addition, the client must have proof of the notification on hand. We are talking about a second copy of an appeal to the bank with a note of acceptance made by an authorized employee, or a written notification of sending a valuable registered letter with a list of investments to the bank's address.

The appeal to the bank does not cancel or replace the appeal to the law enforcement agencies.

conclusions

So, a short algorithm of actions for illegal debiting of funds from a bank card is as follows:

Don't panic, call the bank and block the card. Plus, we ask the operator to name the account balance and the last completed transactions.
During the day we run to the bank and write an application. Be sure to endorse your copy of the application with an authorized bank employee.
If the employees of the credit institution in any way obstruct this and refuse to accept the application (the forms have run out, there is a technical break, and so on), we turn to the prosecutor's office.
We write a statement to the police. Especially if you are faced with robbery or robbery.
We are waiting for a refund.

If the bank refuses to reimburse the funds debited from the card, referring, for example, to a violation of the procedure for using electronic money, you can defend your rights in court.