Ever ask yourself “how did those credit card numbers get stolen?” You should, since this day and age we’re all potential victims of credit card fraud. We’ve looked at what happens once cardholder data is stolen here, and what merchants can do to prevent processing that data here, here, and here. Let’s come full circle now and look at the “birds and bees” of fraud—how fruadsters steal credit card info. Here are five common attacks used by credit card scammers and beyond that you should watch for as merchants and as consumers.
MALWARE
Probably the sexiest form of data theft, malware is typically behind the major data breaches like Equifax, Home Depot, etc.; it always makes the news. But for every major breach we hear about, there are countless smaller breaches happening everyday. Malware writers are either hacking into the databases that store sensitive information or they are intercepting that data at the point of sale.
As consumers, we’re fairly vulnerable to these attacks when we give our information to retailers. However, as merchants, we can make a difference. Any information that you store on your customers can be hacked, no matter how safe you think it is. So the fewer payment data you keep, the better. Ensure that your points of sale are PCI-compliant and 3DSecure.
PHISHING AND SPOOFING
We’ve all received emails from a poor Nigerian prince or horny Russian MILFs that just want you to click a link. This is called “phishing” where an attacker tricks you into giving them access to your computer. By clicking a phishing link, you inadvertently download malware onto your machine.
Spoofing is an offshoot of phishing where an email, link or website is disguised as a trusted source to the same end. Fake emails from a friend whose account was hacked, websites with deceptive URLs like payapal.com or accounts.ebay.com, and misleading ads or links like “DOWNLOAD” are all forms of spoofing.
SKIMMERS
Skimmers are hardware devices installed on to legitimate points of sale like gas station terminals, ATMs, and parking meters. They’re disguised to look like part of the terminal where you insert your card, and can be very deceptive. Skimmers basically copy most of your card data so that a fraudster can use that information for fraudulent card-not-present transactions. Sometimes, the entire terminal at an unsuspecting merchant has been replaced by an identical skimmer. EMV smart-chip cards are slowly phasing out this type of fraud. But skimmers saw an astronomical rise in use since 2014, so a great many of these devices are still out there.
IDENTITY THEFT
Identity theft is as old as the concept of identity. However, despite countermeasures like EMV and encryption, your identity is just as vulnerable as it ever was. Up until now, we’ve looked af types of fraud aimed at obtaining access to a single account. Identity theft is far more pernicious in that once your identity is obtained, a fraudster has access to multiple accounts and can create many more in your name. They’re not out to steal a credit card number, they’re out to get your social security number or other sensitive information to create accounts in your name.
SYNTHETIC IDENTITY THEFT
A form of ID theft, synthetic identity theft has become so prevalent that it merits its own category of fraud. Like Identity theft, a fraudster still needs the same sensitive personal information. But instead of opening accounts in your name, an attacker uses your information to create a fresh identity, independent of the victim. This makes the theft so much harder to detect, because you will never see this activity on your account statements, since they’ve created a new person with your information. The U.S. Federal Trade Commission reports that 80-85% of all identity fraud comes by way of synthetic ID theft.
With all the challenges from fraud that we face as merchants, it’s important to remember we also face them as consumers. The chargebacks on your balance sheet aren’t always from some global hack that breaks the internet. Fraud is more often born from the mere click of a link or from an ATM in the dark corner of a dive bar. If you’re not paying attention to how credit card fraud works, you’re more likely to be a victim.