Bank and Credit Card Fraud

Banking and Saving strategies, maximizing interest rates, budgeting, GICs, HISAs.
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29494
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Re: Superstore

Post by Bylo Selhi »

Benchwarmer wrote:Almost makes me want to use cash.
Remember to be discreet as you peel off those $20s from your wad when you pay for your groceries lest the cashier, a bystander or someone watching from an overhead camera should see how loaded you are and decides to mug you for it in the parking lot ;)
Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
IdOp
Veteran Contributor
Veteran Contributor
Posts: 3873
Joined: 16 Feb 2006 11:27
Location: On the Pacific sea bed, 100 mi off the CA coast.
Contact:

Re: Bank and Credit Card Fraud

Post by IdOp »

I tend to let my fingers do a little semi-random dance over the keypad, where half the hits are fake. Hopefully this would make it harder for anyone snooping to tell which numbers were really pressed.
gouthro
Contributor
Contributor
Posts: 647
Joined: 07 Jul 2005 10:01

Re: Bank and Credit Card Fraud

Post by gouthro »

Just got a call yesterday from my mbna credit card company asking whether I had recently tried to use my card at an online dating site, or tried to use it for an $8 purchase at RAmada inn. He said both tries were unusual. But, they caught them, refused them and cancelled my card. I find it odd that a thief would try to use the card for such small amounts. The MBNA guy said that maybe they were just trying to see if the card was working. A little bit frightening, though. My debit card has already been copied and a fair amount of money taken out of my account--I got it back from the bank--so, i moved completely to using credit card. Where to now?
joe
User avatar
AltaRed
Veteran Contributor
Veteran Contributor
Posts: 33399
Joined: 05 Mar 2005 20:04
Location: Ogopogo Land

Re: Bank and Credit Card Fraud

Post by AltaRed »

Stick to using credit cards and debit cards. The system is working, i.e. you were reimbursed by the bank and the credit card company froze* or cancelled* your credit card. There is no escape in this modern world.

FWIW, I tend to check my CC and bank accounts on a regular basis (at least once and usually 2-3 times a week) to check on activity, i.e. my way of 'catching problems early'. I make it a habit either during a morning coffee or before I signoff at bedtime. It literally only takes one minute to do a 'drive by' for each of my Scotia and CIBC accounts. I maintain 2 chequing accounts and 2 credit card accounts to have an alternative should one go astray.

* I find it odd for a CC company to cancel a card on suspicion of fraudulent use. I thought the standard practice was to simply freeze it until they had a dialogue with the rightful owner.
Imagefiniki, the Canadian financial wiki The go-to place to bolster your financial freedom
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29494
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Re: Bank and Credit Card Fraud

Post by Bylo Selhi »

gouthro wrote:Where to now?
If you got mugged for your cash or if a cheque you wrote was fraudulently negotiated would you give up on paying with cash or cheques?

As AltaRed says, even though there are risks in using credit/debit cards, as with cash/cheques, the system is working for the most part. What you can do, in addition to what AltaRed suggests, is exercise some common sense precautions like (a) make sure that you obscure the view of anyone who might be watching as you key in a PIN at an ATM or cashier's terminal, e.g. by covering the keypad with your other hand, (b) avoid using cards at places where you can't watch what they're doing, e.g. at restaurants and gas stations that don't let you swipe your card directly at the table or gas pump, (c) avoid paying by credit/debit card at online sites you don't know to be reputable, etc.

Added precaution from Phishing & Spoofing Alerts:
gildalil wrote:Seldom do I hear “don't leave credit card info in online accounts”. Although one would think it was an adjunct of “don't give out credit card information”, I think many online shoppers, myself included, assume their info is secure....

These measures won't prevent problems but they will reduce the likelihood that they'll happen.
AltaRed wrote:I find it odd for a CC company to cancel a card on suspicion of fraudulent use. I thought the standard practice was to simply freeze it until they had a dialogue with the rightful owner.
That seems to be the practice now. I've had two such situations in about as many years. In one case my wife called to report that she couldn't find a credit card that she'd left at home while we were on an overseas trip (she wanted to carry as few cards as possible in case we got robbed on the trip.) There was no reason to believe we'd had a break-in at home because nothing else was missing. She just wanted the card to be frozen in case it was really lost. The bank insisted on cancelling the card and issuing her a new one with new number and told her to contact all merchants with whom she had a preauthorized payment plan. A day later she found the card she'd misplaced but it was too late to reinstate it. I guess the card issuers would rather be safe than sorry no matter how inconvenient it may be to their customers.
Last edited by Bylo Selhi on 20 Aug 2012 17:28, edited 1 time in total.
Sedulously eschew obfuscatory hyperverbosity and prolixity.
gouthro
Contributor
Contributor
Posts: 647
Joined: 07 Jul 2005 10:01

Re: Bank and Credit Card Fraud

Post by gouthro »

Good suggestions. 'where else to go?' was more of a rhetorical question than anything. I think we all know that there is nowhere else to go--that is unless I want to stash a wad of bills under my matress. ( Incidently, I have been that route, in a certain sense, and may have lost more than by credit card fraud--I openned up a book a few months ago and found a hundred dollars that I had stowed in it at some point in the past :) ). Regarding inconvenience, the gentleman on the phone said that he would get a card out to me as soon as possible. He didn't mention any pre paid accounts, though--so thanks for mentionning that.
joe
User avatar
AltaRed
Veteran Contributor
Veteran Contributor
Posts: 33399
Joined: 05 Mar 2005 20:04
Location: Ogopogo Land

Re: Bank and Credit Card Fraud

Post by AltaRed »

Bylo Selhi wrote:The bank insisted on cancelling the card and issuing her a new one with new number and told her to contact all merchants with whom she had a preauthorized payment plan.
I believe some CC companies will, for a price, supposedly do all that contacting for you - if you provide them with the list of preauthorized merchants. I've seen it in some materials from a CC company or two over the last few years.
Imagefiniki, the Canadian financial wiki The go-to place to bolster your financial freedom
User avatar
kcowan
Veteran Contributor
Veteran Contributor
Posts: 16033
Joined: 18 Apr 2006 20:33
Location: Pacific latitude 20/49

Re: Bank and Credit Card Fraud

Post by kcowan »

AltaRed wrote:
Bylo Selhi wrote:The bank insisted on cancelling the card and issuing her a new one with new number and told her to contact all merchants with whom she had a preauthorized payment plan.
I believe some CC companies will, for a price, supposedly do all that contacting for you - if you provide them with the list of preauthorized merchants. I've seen it in some materials from a CC company or two over the last few years.
Both my CC companies will continue to honour bill payments to the old CC and separate them from the new transactions. They just refuse to authorize new retail transactions.
For the fun of it...Keith
User avatar
IdOp
Veteran Contributor
Veteran Contributor
Posts: 3873
Joined: 16 Feb 2006 11:27
Location: On the Pacific sea bed, 100 mi off the CA coast.
Contact:

Re: Bank and Credit Card Fraud

Post by IdOp »

AltaRed wrote:There is no escape in this modern world.
This time it was my turn. :(

Recently, one of my credit cards was compromised by fraudsters. (The card never left my possession.) The offending transactions were spotted by the CC company because they were out of pattern. They called me to confirm the fraud.

I got a replacement card about a week later, and there was a somewhat generic letter with it that suggested I should contact both TransUnion and EquiFax to have them put a "fraud flag" on my file. I think this means I would be contacted if anyone applied for credit in my name (identity theft), and the flag would stay in place for 6 years.

My questions are: is this a reasonable thing to do under these circumstances, and is there any drawback to doing it?

Thanks in advance for any ideas.

ADDED: This page from TransUnion mentions the fraud alert, as they call it, in item 2.
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29494
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Re: Bank and Credit Card Fraud

Post by Bylo Selhi »

Beware: Two new ways to scam ATM users. Card- and Cash-Trapping at the ATM
Many security-savvy readers of this blog have learned to be vigilant against ATM card skimmers and hidden devices that can record you entering your PIN at the cash machine. But experts say an increasing form of ATM fraud involves the use of simple devices capable of snatching cash and ATM cards from unsuspected users.

Security experts with the European ATM Security Team (EAST) say five countries in the region this year have reported card trapping incidents. Such attacks involve devices that fit over the card acceptance slot and include a razor-edged spring trap that prevents the customer’s card from being ejected from the ATM when the transaction is completed...

A twist on this attack involves “cash traps,” often claw-like contraptions that thieves insert into the cash-dispensing slot which are capable of capturing or skimming some of the dispensed bills. Here are a few pictures of a cash-trapping device from an EAST report released earlier this year.
Also it seems ATMs are getting smarter when dealing with our chip&PIN-less friends to the south:
U.S. based financial institutions do not require chip-and-PIN, and that may be a contributor to the high fraud rates in the United States.  In response, according to EAST, one or more card issuers in eight European countries have now introduced some form of geo-blocking by which payment cards are blocked for usage  outside of designated EMV Chip liability shift areas.
Sedulously eschew obfuscatory hyperverbosity and prolixity.
HardWorker
Veteran Contributor
Veteran Contributor
Posts: 2564
Joined: 31 Dec 2006 10:49
Location: Southern Ontario

Re: Bank and Credit Card Fraud

Post by HardWorker »

Got a call this morning from my CC company asking if I'm in India, or if I've lent my card to someone in India, and I've the answer is no to both. So someone in India has managed to get at least one cash advance out on my card. It's a zero liability card, but still inconvenient and a little disheartening.

I have a chip card, and I use pay pass as much as possible, and obviously it's still not enough. This wasn't a case of a reader picking up my chip, because they needed my PIN to get a cash advance.
User avatar
CROCKD
Veteran Contributor
Veteran Contributor
Posts: 3343
Joined: 15 Aug 2008 16:59
Location: GTA

Re: Bank and Credit Card Fraud

Post by CROCKD »

$45M Cyber crime via ATMs
Some of the fault lies with the ubiquitous magnetic strips on the back of the cards. The rest of the world has largely abandoned cards with magnetic strips in favour of ones with built-in chips that are nearly impossible to copy. But because U.S. banks and merchants have stuck to cards with magnetic strips, they are still accepted around the world.
" A verbal contract isn't worth the paper it is written on " Samuel Goldwyn
"The light at the end of the tunnel may be a freight train coming your way" Metallica - No Leaf Clover
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29494
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Re: Bank and Credit Card Fraud

Post by Bylo Selhi »

Why I willingly handed over my credit card and PIN to a fraudster
I’ve never been speechless before. I’ve never been able to feel the colour drain from my face either, but I was and I could. It ran from me like water down an open drain, replaced by all-consuming feelings of stupidity, anger and fear. Quite the cocktail. Realisations kept hitting me as I relayed the conversations, over and over and over. Why had I given my card to a stranger? Why had I typed my PIN into the phone? How did they know my mother’s maiden name?...
This was quite a clever and sophisticated fraud. I still don't understand how the fraudsters got the victim's mother's maiden name in the first place. And I'm not at all sure that I would have seen through this scam if I'd been the target.
Sedulously eschew obfuscatory hyperverbosity and prolixity.
Benchwarmer
Contributor
Contributor
Posts: 616
Joined: 04 Dec 2010 20:39

Re: Bank and Credit Card Fraud

Post by Benchwarmer »

Bylo Selhi wrote:This was quite a clever and sophisticated fraud. I still don't understand how the fraudsters got the victim's mother's maiden name in the first place. And I'm not at all sure that I would have seen through this scam if I'd been the target.
The entire scheme depends on the potential victim not disconnecting after finishing the first conversation. I always press the 'disconnect' button after a call, and I thought everyone else automatically does that?
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29494
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Re: Bank and Credit Card Fraud

Post by Bylo Selhi »

Benchwarmer wrote:The entire scheme depends on the potential victim not disconnecting after finishing the first conversation. I always press the 'disconnect' button after a call, and I thought everyone else automatically does that?
First, it's not common knowledge that phone lines work this way. After all, how often do you normally listen to the line after both you and the other party have said goodbye and presumably are proceeding to hang up the line?

Second, I'm not sure that this is a universal protocol. It may vary from country to country.

Third, "As I did this, he first played a dial tone down the line, and then a ring tone, making me think it was a normal call." A sophisticated fraudster could first generate a click to make it sound as if they'd hung up at their end and the phone line has dropped, when in fact it hadn't, followed by dial tone, etc. Most people who aren't telephony engineers wouldn't consider that out of the ordinary.

Remember too that the call comes unexpectedly. The caller informs you that your card has been compromised. He has enough personal and account information about you to seem credible. There may be pressure (real or perceived) to get you to take the prescribed steps quickly, etc. Not everyone is technically savvy. Some people are more vulnerable to "social engineering" than others. These fraudsters can be very sophisticated and persuasive. Etc.

Don't be too sure about how you'd react until you've experienced this sort of scam first hand.
Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
IdOp
Veteran Contributor
Veteran Contributor
Posts: 3873
Joined: 16 Feb 2006 11:27
Location: On the Pacific sea bed, 100 mi off the CA coast.
Contact:

Re: Bank and Credit Card Fraud

Post by IdOp »

Benchwarmer wrote:The entire scheme depends on the potential victim not disconnecting after finishing the first conversation. I always press the 'disconnect' button after a call, and I thought everyone else automatically does that?
I didn't really follow this. My phones don't have a special disconnect button, just the usual "hangup". But they're older phones; do new phones have a special disconnect button? If there is no disconnect button, then the scheme relies on the fraudster to not disconnect, and of course they don't.

I agree it would be very easy to fall for this. Thanks for posting the link Bylo.

I also don't understand why phone systems work this way. It would mean someone could call you, not hang up, and thereby indefinitely kill your phone access ... potentially very dangerous.

I guess what you should do in this situation, if you remember, is to call another known number before calling the number on the back of the credit card. Call a friend, or your broker's 800 number, and make sure you get through to whom you expect. Only then call the number on the back.
Jaunty
Veteran Contributor
Veteran Contributor
Posts: 1539
Joined: 19 Feb 2007 16:41
Location: Niagara

Re: Bank and Credit Card Fraud

Post by Jaunty »

I no longer have the length of time a line stays open if the caller doesn't hang up, but starting with the early 70's central offices the time dropped to something like 30 seconds. With the old step offices the line was held open indefinitely and it was not unknown for people (say teens) to call someone they disliked (say a teacher) from a pay phone (only cost a dime) and just leave the receiver dangling. The recipient of the call had no phone service until the receiver was hung up. I didn't work for the CO but I'd guess there would be a way to trip the call to restore service without having to trace all the wiring.
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29494
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Re: Bank and Credit Card Fraud

Post by Bylo Selhi »

The point of the article I linked to isn't to warn people about the potential dangers of "open" lines. It's to warn people about the ingenuity and sophistication of fraudsters in manipulating people (or about how vulnerable even otherwise "smart" people are to social engineering.)

Here's another article that demonstrates the same thing in a different context. Hacking people is easy: Dating coach shows how to get classified military intel using social engineering
"Even if you think this can’t happen to you, it can," he told The Verge. "The level of paranoia that you would have to have to protect yourself would make it so that you can’t function as a regular human."
Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
IdOp
Veteran Contributor
Veteran Contributor
Posts: 3873
Joined: 16 Feb 2006 11:27
Location: On the Pacific sea bed, 100 mi off the CA coast.
Contact:

Re: Bank and Credit Card Fraud

Post by IdOp »

Jaunty wrote:I no longer have the length of time a line stays open if the caller doesn't hang up, but starting with the early 70's central offices the time dropped to something like 30 seconds. With the old step offices the line was held open indefinitely ...
Thanks Jaunty, that makes sense, there has to be a timeout.
User avatar
kcowan
Veteran Contributor
Veteran Contributor
Posts: 16033
Joined: 18 Apr 2006 20:33
Location: Pacific latitude 20/49

Re: Bank and Credit Card Fraud

Post by kcowan »

IdOp wrote:
Jaunty wrote:I no longer have the length of time a line stays open if the caller doesn't hang up, but starting with the early 70's central offices the time dropped to something like 30 seconds. With the old step offices the line was held open indefinitely ...
Thanks Jaunty, that makes sense, there has to be a timeout.
If you have call waiting, disconnecting the first call switches you to the second call then disconnecting with that one switches you back.
For the fun of it...Keith
User avatar
newguy
Veteran Contributor
Veteran Contributor
Posts: 8088
Joined: 10 May 2009 18:24
Location: Montreal

Re: Bank and Credit Card Fraud

Post by newguy »

Bylo Selhi wrote:Here's another article that demonstrates the same thing in a different context. Hacking people is easy: Dating coach shows how to get classified military intel using social engineering
"Even if you think this can’t happen to you, it can," he told The Verge. "The level of paranoia that you would have to have to protect yourself would make it so that you can’t function as a regular human."
That sounds like an over exaggeration. Just don't give out info you shouldn't. Make a list if you need to and don't tell that stuff to anyone ever.

newguy
queerasmoi
Veteran Contributor
Veteran Contributor
Posts: 3385
Joined: 27 May 2008 16:25

Re: Bank and Credit Card Fraud

Post by queerasmoi »

Growing up in the 80s-90s in Thornhill, we occasionally got landline phone spam (before it was called that) where the caller would stubbornly not hang up, e.g. three minutes later our line was still tied up and it was failing to disconnect them. Maybe they had some sort of hack or workaround that bypassed the usual timeout. Fortunately we had two lines so we could always call Bell from the other line and complain.
Jaunty
Veteran Contributor
Veteran Contributor
Posts: 1539
Joined: 19 Feb 2007 16:41
Location: Niagara

Re: Bank and Credit Card Fraud

Post by Jaunty »

Thornhill or at least your exchange might have been a step office. In a step office there was no timeout and some step CO's would still have been working in the 80's at least. There was at least one here in St Catharines (although I bet it was two).
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29494
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Re: Bank and Credit Card Fraud

Post by Bylo Selhi »

queerasmoi wrote:we occasionally got landline phone spam (before it was called that) where the caller would stubbornly not hang up, e.g. three minutes later our line was still tied up and it was failing to disconnect them. Maybe they had some sort of hack or workaround that bypassed the usual timeout.
IIRC the CRTC introduced rules to prohibit that sort of thing on the grounds that it's a public safety issue. Imagine if you're trapped by such a system when you need to place a 911 call.
Sedulously eschew obfuscatory hyperverbosity and prolixity.
beowulf
Newcomer
Newcomer
Posts: 3
Joined: 09 Dec 2013 13:28

Re: Bank and Credit Card Fraud

Post by beowulf »

It happened to me also.
$760 were withdrawn from my bank account fro Thailand, with a clone card.
Fortunately the bank covered this.
Apparently cards get skimmed here and than the codes are sold in on-line black markets to be cloned into cards in other countries to make the tracking more difficult.
The best think is to avoid swiping your cards, and use the microchip instead. Magnetic bands are easy to clone, but microchips use encrypted ashes and are practically impossible to clone.
Post Reply