Credit card fraud accounts for about 30% of identity theft cases. As more and more people turn to ecommerce for shopping as well as starting a business or taking their existing one online, the importance of keeping your data safe has never been more important. At Pinpoint Payments, we have protected many businesses from credit card fraud and one thing we’ve noticed is that people don’t realize just how many different methods criminals can use to commit credit card fraud.

With that in mind, here’s an overview of some of the common but many ways your information can be stolen and you can be the victim of fraud. With this brief overview, we hope to help spread awareness of credit card/identity fraud and hopefully aid the many small business owners that are often the prime targets of fraud.

When Fraud Goes Mainstream

cyber criminal bear

Criminals come in all shapes and sizes…

When people think of fraud, they tend to have a very late ‘90s perception of identity theft and fraud. An image of a single individual basking in the glow of their computer screen while sitting in the dark of their room. Ominous music plays, they’re on your account and the other tab on their computer is open on the Hello Kitty website—or wherever fraudsters like to spend their money.  It doesn’t matter where; they’ve spent your money!

Long gone are those days where information and identity theft were a means for singular individuals to steal a couple grand at most and spend it frivolously. Perhaps that was much more straightforward, there’s a kind of relief in knowing that the motive for theft is so simple. After all, if that happens to you, not only are you not liable for the theft but at least it stops there once your direct card information is changed.

Cybercrime in the modern era is far, far different. As discussed, so many businesses are online that there are innumerable avenues in which people are putting their personal information on the net to sign up for accounts or services. Not all companies’ security protocols are created equally. All it takes is one company to experience a breach and your information is out there being sold to the highest bidder.

The key here is that your information is being sold, not directly used to steal money by one person. The distinction is that identity theft and fraud by extension are illegal yet big businesses. You could say cybercrime the next logical era of organized crime.

Like other forms of crime, it’s incredibly lucrative for those individuals involves for as long as they aren’t caught. While we may picture criminals as degenerates lacking options in society and turning to unethical means of obtaining money, the truth of the matter is that many of these hackers are highly experienced and knowledgable individuals who are providing their services to steal information and command a large salary themselves.

That being said, let’s take a look at some of the preferred methods and forms of fraud that cybercriminals engage in :

  1. CNP Fraud – CNP, or Card Not Present transactions are when the physical card is not needed to make a purchase. Consider pretty much every online transaction a CNP transaction as you don’t need the card if you’re shopping online. It’s fairly common for merchants to ask you for your CCV or security number which is on the back of the card itself, this additional measure definitely makes fraud more difficult but not anywhere near impossible. However, if someone has access to your account number then it’s not unreasonable to assume they would also know your CCV.
  2. Account Takeover – This is the big one, as account takeovers have become the preferred goal of fraudsters as opposed to just stealing card information and trying to make purchases. Account takeover is usually achieved through a breach of data in an organization, unintentionally installing malware or falling prey to a phishing Phishing is most commonly seen when fake emails are sent out and clicked on. These emails redirect you to a phony site that tries to coax you into filling out your personal information. Many people who are not tech-savvy fall prey to these schemes since they are not as discerning about website URLs or browsing best practices.

Payment Fraud Using Card Skimmers

card terminal

The third point deserves its own category. Card skimming has been around for quite some time, and we feel that given the nature of a lot of fraud has gone online, many people are less wary about things like card skimmers. If you don’t know, a card skimmer is essentially a device that is obscurely attached to a terminal that receives your card—like the one next to the pump at the gas station. When you insert your card, you unwillingly are divulging the information because the skimmer will capture it.

Even worse, a new technology called “shimming” takes the skimming concept further to target the newly proliferated EMV chips instead of the magnetic strips on the old cards. Shimming works by placing a paper-thin device that houses a microchip into the card reader. When a customer inserts their card into the reader, the pin number and card information are captured onto the shimmer.

Fraud and Liability Concerns

To put things in perspective, consider that in 2013, Target experienced one of the costliest data breaches of our time which impacted the credit/debit information of approximately 110 million people. While Target took a lot of heat for this, they aren’t the only ones who have been subject to such attacks—eBay had been attacked in 2014 and compromised the login credentials of 145 million users. Recently, Equifax in 2017 had a vulnerability in its applications which led to an enormous data breach of 147.9 million customers. SS numbers, birthdays, addresses and driver’s license numbers for some people were exposed.

However, you could say in terms of merchant processing—Target was the straw that broke the camel’s back. After the Target data breach, card issuers had enough and soon after EMV chips were being sent out en masse to everyone. More importantly, after October 1, 2015, any business that had not yet adopted EMV chip readers into their POS funnel was deemed the least EMV compliant party—and thus liable for any damages stemming from fraudulent activity.

What’s the point of this information? Fraud is common? It’s mainly to show that in truth, the EMV chip switch—while helpful, is not a major factor in preventing fraud outside of EMV’s strengths which are preventing card information being cloned—wait though, isn’t that what shimming does? Precisely.

Fraudsters are always one step ahead because it’s far easier to create and implement ways to get around security than it is to enforce all-encompassing security solutions that aren’t absolutely suffocating to end-users or customers in the case of retail. When it comes to fraud, prevention is not the name of the game, but mitigating risk and providing cover for those who are affected.

Pinpoint Payments Fraud Prevention

At Pinpoint Payments, we’re savvy to the ways fraudsters conduct their business, and we conduct our business accordingly as well. We offer all of our clients’ comprehensive fraud prevention through Verifi CDRN. With CDRN, merchants receive notifications directly from the issuer so that they can be resolved quickly before they become classified as chargebacks—which hurt your business. We also use Ethoca Alerts, which lets card-issuing banks and ecommerce merchants better communicate with each other to relay information about fraudulent occurrences. Lastly, 3D Secure powered by PAAY offers amazing chargeback protection through a 3D secure protocol which was created by Visa and Mastercard to protect merchants from fraud.

Let Pinpoint Payments handle your merchant processing needs, and you’ll never have to worry about criminals making off with your money or attempting to con you through chargebacks and friendly fraud. Contact us here or call us now at 866-258-1956!