Fraud artists, security experts fight sophisticated battle
A decade ago, protecting yourself against credit card fraud consisted of simple measures, such as refusing to give your card number out over the phone or making sure you did not leave your computer password on a sticky on your desk.
These days, as internet usage proliferates, so have the number of ways con artists can get their hands on credit card numbers, debit PINs (personal information numbers) and other private information.
That makes the struggle between thieves trying to steal information — and ultimately money — and companies trying to stop them increasingly complex.
"Every day is a different day. You try to stay two days ahead of the criminals in your thinking and one day ahead of them in your action," said Dion Yungblut, senior director of risk operations at Capital One Canada, the credit card company.
Rising crime tide
At present, it appears the country's ne'er-do-wells might have a marginal lead in this never-ending race.
The Interac Association, an organization whose members specialize in debit card transactions, estimates that, in 2004, there was approximately $60 million in "like-cash" card fraud, and that 49,000 customers were reimbursed for fraudulent transactions.
By 2008, the fraud dollar amount had jumped to $104.5 million, with 148,000 card holders getting cash back that had been taken by con artists.
Maybe the card equivalent of the "smash-and-grab" — rooting through garbage bins for carbon copies of credit transactions — is no longer workable.
But crooks have moved on. They now use fake transaction terminals — such as the one discovered in January in Nanaimo — mathematical analysis to figure out the best times to blitz ATM terminals with stolen card numbers, and clever false internet pages on the World Wide Web that ask for all kinds of personal information.
The wrong hand in your wallet
That means consumers have to be even more vigilant in protecting their information to ensure they are not the victims of fraud, Yungblut and other financial experts said as "fraud prevention" month begins across Canada.
|Year||No. of card users reimbursed||$ amount stolen (millions)|
|Source: Interact Canada|
"You have to be careful," said Jay Stark, vice-president of fraud management at RBC and a 13-year veteran of Canada's fraud wars.
Stark heads up a 600-person division that deals with credit fraud at Canada's largest chartered bank. That staff is about 200 people stronger than a couple of years ago, he said.
But Stark's online detectives are not flipping through old receipts. Instead, they are monitoring sophisticated computer programs that red-flag cards, and getting stolen money back in customers' accounts — in many cases before cardholders know the cash has been pilfered.
"The code of conduct says we should refund the money within 10 days. But in about 55 to 60 per cent of the cases, the cash is back in the account before they even know they have been defrauded," Stark said.
To some extent, getting people their money back might be the best outcome companies can hope for as criminals keep cooking up new ways to thwart detection, experts said.
For example, in past years, thieves might use a stolen debit card at a single ATM a number of times —behaviour that became easy for banks to detect.
Now, criminals might have different people at different ATMs in a series of towns, all ready to bang in copies of the purloined card.
Simple scams still effective
Yet while many crooks have turned to complex scams, simple still works, Stark said.
Ads promising unemployed people jobs working from home as currency traders often wind up out the cash they wired to China or some other "hard-to-get-at" country.
Other ads promising amazing prices for used cars or the ever-popular "cash-for-overseas-bride" also wind up costing consumers hard cash.
"These are the scams that really end up stinging customers," RBC's Stark said.
In fact, your social insurance number might not even be the target of these crooks, according to Capital One's Yungblut.
Banks often use a person's date of birth as the bit of information to prove someone's identity, he said.
That makes seemingly innocent profiles, on social websites for example, a gold mine for criminals trolling for information.
Capital One did a study a few years ago that suggested as many as 41 million dormant websites contain potentially useful information for people seeking to engage in identity theft, Yungblut said.
Fraud's wide net
Even organizations not normally associated with financial gamesmanship can get caught in fraudulent schemes.
The World Health Organization, the directing and co-ordinating authority for health within the United Nations, has issued an alert warning people that emails purporting to be from the agency asking for fees for job recruitment or to run lotteries are anything but legitimate.
"Many of these scams request detailed information and/or money from individuals, businesses or non-profit organizations with the promise that they will receive funds or other benefits in return," the WHO said in its online warning.