Financial fraud has been changing. While chip and PIN technology has cut fraud using lost or stolen cards, "phishing" scams – where fraudsters send emails purporting to be from a customer's bank and try to elicit confidential information from them – has rocketed.
As anti-fraud technologies have become more sophisticated, so, too, have fraudsters, meaning it's now more important than ever to protect yourself from becoming a victim.
The credit card trade body Apacs reports that card fraud in Britain rose by another 14 per cent during the first half of 2008, and should break the £600m barrier this year. Although banks do all they can to stem this trend – as it is they who almost always pick up the bill for fraud – there's plenty we can do to ensure we don't get caught out.
Skimming remains one of the most common ways of obtaining card information – and one of the hardest to prevent. It tends to take place in petrol stations or bars where clients change. The assistant or bar tender will keep a skimming machine under the counter, and when they take your card, they'll swipe it through their reader, too, capturing your details. Later, they'll make a fake card, with your details on the magnetic strip.
Before chip and PIN, it was much easier for fraudsters to use fake cards created this way. The new technology makes it much more difficult. Unfortunately, many other countries do not have such stringent security measures – so fraudsters have started taking their fake cards overseas. Over the past three years, fraud perpetrated on British cards abroad rose by 190 per cent.
Some fraudsters may use a concealed camera to film you typing in your PIN. Often, however, the fraudsters don't even bother creating a fake card. Once they have your card data, they can use it to carry out transactions online. Again, this is getting harder, as many websites now require that you enter the three-digit number on the back of your signature strip to confirm a transaction – a number fraudsters won't get from simply skimming your card. However, some fraudsters are careful to copy this number down separately, or may attain it using other means – such as calling you up and posing as your bank. New technologies, such as MasterCard Securecode and Verified by Visa – which ask you to input a password when you make a purchase – are also helping to tackle this type of fraud, but not all websites and cards use this yet.
Mark Bowerman of Apacs says that one big difference in today's fraud is that it's often perpetrated by sophisticated gangs. If a gang picks up your card information as well as a few other personal details, they may be able to find your phone number and call you, claiming to be your bank. By cleverly using the information they know, they'll reassure you that their call is genuine, and only at the very end of the call will they ask you for your signature strip number – which is all they were after.
Bowerman says one good way to combat skimming is to not give your card to any shop attendant unless you absolutely have to. In most shops and restaurants you should be able to place your card in the chip & PIN terminal yourself. The attendant should not need to touch it.
Also, when you're typing in your PIN, use your other hand to shield your fingers, so that no one can see what you're typing.
The number of people caught out by phishing scams rose by 186 per cent in the first half of this year – and if you use the internet to manage your finances, there's a very high chance you've been targeted by such a con.
Phishing scams usually target victims via email – sending a message purporting to be from your bank. The more professional ones can appear very realistic. The message will request you click on a link and log into your bank account. Often they'll claim that there's been a security breach and they need all online customers to reconfirm their details.
If you click on the link, you'll be taken to a page that may look identical to your bank's internet log-on page. However, as you log in, you'll send your passwords to the fraudsters, who can log in to your account.
Phishing's not always financial. There's been a spate of attempts to hack into Facebook accounts using similar means. So you might receive a message saying you've had a post on your wall, and you should click on the link to log in. Once you've handed over your details in this way, fraudsters log in and send advertising messages to your friends.
With financial phishing, it's important to remember that your bank will never contact you by email, asking you to log in to your account. So if you receive an email like this, delete it. And don't reply to it either – even if it's just to let the fraudsters know you're on to them – as you could end up being sent a virus.
One other easy way of spotting a phishing scam is to check the weblink that suspect email is directing you to. By waving your cursor over the link, it should show you (at the bottom of your browser) which address the link will take you to. In most cases, the web address will bear no resemblance to your bank's.
Occasionally, you may receive genuine phone calls from your bank to check on a suspected fraudulent transaction, but if you're not comfortable that the call is genuine, you can always ask if you can call them back on a number you know is safe.
Fraudsters get personal information by rummaging through bins. Bank statements, bills and other official documents can be all a fraudster needs to try to make false applications in your name, and all too many people throw these away.
Richard Hurley of Cifas, the fraud prevention service, says it's a sensible precaution to shred all documents with personal details on them before binning. It doesn't make the paper less recyclable – but it renders it useless for fraudsters.
What to do if you're a victim
UK banks will almost always reimburse you if you're a victim of fraud. However, if there's any evidence that the fraud was caused by your own negligence, then the repayment may not be forthcoming. Bowerman says that it's crucial you don't write down your PINs and keep the note in your wallet. If you write them down, hide the paper at home, and make sure it's not clear what the numbers are.
If you notice unfamiliar transactions on statements, call your bank. If you start receiving mail for accounts you never opened, call the company involved. If you have been a victim of identity fraud, you may have to provide proof to a bank that it wasn't you that opened accounts.
10 tips How to avoid becoming a victim
* Keep your cards and personal documents safe. Don't leave them in an unattended bag.
* Destroy or shred personal documents before binning.
* Don't disclose your PINs or keep notes of them in your wallet or bag.
* When entering your PIN, shield your fingers.
* Don't let your card out of your sight when paying for something. Put it into the reader yourself.
* Use strong internet passwords, letters and numbers, don't use children's names or dates of birth.
* Use different passwords for email and financial accounts. Using the same password is risky.
* Don't access your financial accounts from public computers.
* Register your cards with Verified by Visa or MasterCard SecureCode when shopping online.
* Only divulge card details by phone when you have instigated the call, and are familiar with the company.Reuse content