- Credit card ‘skimming’: This is when a card is cloned or copies with a special swipe machine in order to make a duplicate of the original card.
- Identity Applications: This is when someone fraudulently applies for a credit card using someone else’s name and likeness without them knowing.
- Card Detail Theft: This is when the core details of the card are stolen, such as the card number, name, date of birth and address. This is often obtained via online database hacks or email scams, and then the details are either sold on or used to buy items via the internet. This can also be referred to as ‘card-not-present’ fraud.
- Lost or Stolen: Whether your card was lost, or it was stolen, people can use that card to still make payments. Especially low value contactless payments.
Credit Fraud Statistics
Credit Card Fraud reached all time highs in recent years, with it peaking in 2018 with an estimated £671.4 million defrauded from UK taxpayers. Despite the rise in card fraud, the average transaction on credit cards has actually reduced significantly over the years.
From an average of £66 in 2008, to just over £52 in 2018. This is most likely down to the rise in the popularity of contactless payments. This could potentially hint towards the fact that many fraudulent purchases are actually made via many small contactless payments.
Looking at a global scale, credit card fraud (according to Merchant Savvy) has tripled from 2011 to 2020, rising from $9.84 billion to $32.39 billion. They are also projecting this to continue to increase, with payment fraud expected to increase to $40.62 billion by 2027, equating to a 25% increase from 2020 levels.
The most popular form of credit card fraud in the UK is ‘CNP’ or Card-Not-Present fraud. This is most likely to occur when an individual has the details of a card and enters it online or via a phone call. This equated to £470.2m in fraudulent expenditure in 2019.
Comparatively, the lowest form of fraud was counterfeit cards, which equated to only £12.8m. Clearly, CNP fraud is the biggest problem that needs to be tackled, but how can card fraud be prevented?
How to Prevent Credit Card Fraud Methods
Pause and Resume
Card fraud is rising, especially when the cardholder isn’t present. As a result, merchants are under pressure to implement security features for both online or e-commerce transactions as well as payments made over the phone. One measure taken to combat phone payment CNP fraud is called pause and resume, possible on phone calls where the call is being recorded.
So, what is ‘pause and resume’? This is a feature where the call recording is stopped for the period of time where your card details are being taken. This means that if any call recordings are hacked, stolen or being listened to, the card details are secure.
There are pros and cons to a pause and resume feature. There are also automated or manual options that determine the effectiveness. The manual approach is not secure, and breaches the Payment Card Industry’s Data Security Standard, or PCI DSS, as for example, the call operator may forget to apply the pause.
While an automated process is PCI DSS compliant, it does have its problems. The automated process may, and often does, fail at the wrong time, or may not correctly pause at the right time. In addition, while PCI DSS Compliance advises companies to implement technology such as automated pause and resume to protect call recordings, other regulatory bodies such as a Financial Conduct Authority require the transaction to be recorded in full and a pause and resume method impedes fraud investigations and dispute resolutions if content is missing.
Obscuring Data Entered on Agents Screen
There are many ways that data masking can combat card fraud. It works by anonymising certain elements of data in order to render it safe. The different methods can be applied for different needs and different scenarios.
For example, static masking uses a stable non-changing environment to anonymise data within the original production database. This is mainly used to avoid insider threats.
Random substitution is another method that masks the data by replacing values with a random value from a pre-compiled dataset. This is a common approach for credit card databases. Substitution is deemed to be the most effective method for obscuring data on an agent’s screen, as it can preserve the authentic look and feel of the data.
An alternative is ‘shuffling’. This will utilise an algorithm to shuffle data within a column. This is primarily beneficial for if a database is obtained by an external source, so all the data which is observed will be mismatched.
For example, the address details for Person A will actually be marked under Person Z, and the individual stealing the data will not know where all the data should be.
Detect & Block a Phones DTMF Tones
DTMF stands for ‘Dual-Tone-Multi-Frequency’ and this is how phone companies know what number is pressed when a customer touches the numbers on a telephone keypad. This is applicable for both a mobile phone and a landline. Each key press represents a different button, and the system can recognise the button press based on the tone. So, where is the fraud potential here?
With the growth of e-commerce and online banking, DTMF tone usage is on the rise, and therefore becoming an increased target for cybercriminals. It is possible for them to intercept the DTMF tones and decipher the numbers from them.
It is also possible that call recordings can be analysed leading to credit card details being stolen. Therefore, the main solution is to mask these DTMF tones.
Masking involves substituting the unique audible tones with flat tones, therefore the individual intercepting the tones are unable to decipher the numbers from them. The masking software will sit between the caller and the agent and convert them as they are received.
The key benefit here is obviously that the audible tones are not identifiable by either the agent, or anyone intercepting the call. However, the system can recognise the correct input. Therefore, implementing this approach can reduce business fraud and financial exposure.
An agent on the other end of the call being knowledgeable is the key to fraud prevention. Each employee should be trained in recognising any potential fraud attempts, or warning signs. During the onboarding process of any new staff, this should be the focal point of their training.
All training should specifically include fraud detection and the protocols which are in place to respond to and report any potential scam calls.
Many employees will try to get through as many calls as possible in a day. However, it is important to emphasise discernment, rather than quick resolution in order to make sure that employees do not feel pressured to go through calls quickly, which has the potential to lead to missed signs of a fraud threat.
Putting effective education in place for employees, as well as utilising fraud detection and avoidance technologies can cut call related fraud significantly. However, for the avoidance to be effective, the entire company must work together cohesively to ensure employees understand and carry out the procedures correctly.