Wiki page for Group 3 - Tutorial 25

Technology and Issue

 * Technology: Online credit card fraud


 * Issue: Understand what online credit card fraud is and avoid getting involved in it.

Project statement
The internet has evolved to be one of the tools that human beings use to improve their living standards. With the internet daily activities like shopping or banking have become more convenient than ever before. Nevertheless criminals are also taking advantage of the internet to go about usurping properties and money that do not belong to them. Although online credit card fraud is not the most common type but it is becoming very noticeable to the police. According to the RCMP, the rise of phishing scams is making online credit card users very vulnerable to frauds.



What are the different types of credit card fraud?

 * ‘Counterfeit’ is the most common type of credit card fraud duplicating legitimate credit cards which are then used for fraudulent activities.


 * ‘Card Not Present’ fraud is done as an unauthorized usage of credit card information for fraudulent activities over the internet, phone or mail.


 * ‘Lost/Stolen’ fraud is the unauthorized usage of a credit card as a result of it being lost or stolen.


 * ‘Identity Theft’ is obtaining personal or financial information of another person for the purpose of assuming that person's name to engage in fraudulent activities.

What is online credit card fraud?
Online credit card fraud belongs to the category of ‘Card Not Present’ fraud. It is a fraudulent purchase made online which is either not submitted by the legitimate cardholder or later claimed to be fraudulent by the cardholder. Online credit card takes on many forms and is performed mostly on the internet.

Who are the victims?
The most frequent victims of credit card fraud are high value businesses. This is because the details could be sold for more than those of accounts with lower balances belonging to consumers. However, the twice yearly published report on internet security also found that there has been an increase in sophisticated and personalized attack on consumers.

Why do people do it?
The most popular reason for attempting to get the information on a credit card through the internet is because it is so simple to do and can usually go unnoticed. There is very little effort required to clone a credit card compared to raiding someone’s house or pick pocketing a stranger on the street. Different ways of how criminals steal credit card information through the internet are discussed in the following section. This type of fraud is also appealing to criminals because not only can you clone the card easily, but it could be used halfway around the world within minutes. Credit card details can be copied in a matter of seconds, but it can take several days, or even months to realize that something’s wrong with your card. This is because credit card fraudsters can take two approaches to their spending. They will either spend a large amount at one time, knowing that the card will soon be cut off from them. Or, they will spend small amounts over a long period of time as the expenses will go unnoticed to the true credit card holder.

Phishing
Phishing is an email scam which many people fall victim to. What happens in a phishing scam is often times an email is sent to people stating that their online banking is going to be terminated, if they do not login. So what the email does is provide a link to a fake website that looks very similar to their online banking website, and once the victim provides the login and password to the fake website it receives the information and that information is used for fraudulent activities, like taking money out of the account or to take out loans or credit cards. These fake websites are often almost exact replicas of legitimate businesses.

Web Trojans
Web Trojans are used to hijack browser usage. Trojans gain access to computers through unsecure websites, file sharing, and email attachments. Once a Trojan gains access to your system, it has access to all your personal files. Trojans attack without the user’s knowledge and can easily gain access to credit card numbers and other personal information.



International Lottery Scams
International Lottery Scams trick people into believing they have magically won an international multi-million dollar lottery. These scams occur through email and often ask you to reply back with personal information such as your name, address, phone number, social insurance number, banking details and a copy of your driver’s licence. By providing this personal information, attackers can gain access to credit card numbers and other financial data.

Website Spoofing or Pharming
This method involves a user thinking they are visiting a legitimate site; however they are linking to a different address that mimics the legitimate site. Attackers change Domain Name Systems and users are redirected to corrupt sites. The spoof website may look identical to the legitimate site which tricks users into revealing personal information such as credit card numbers, passwords, and social security numbers.

Unsecure Networks
Users connected to unsecure networks, as in coffee shops, enable attackers to view private information stored on their computers. Attackers can gain access to online banking usernames and passwords resulting in credit card fraud.

Protect your computer
The first and most important thing to do is to ensure your computer which you use to make online transactions is secured. There are softwares that provide anti-virus protection and set up extra firewalls (other than the initial firewalls of your current operating system) on your computer to maintenance your online security. These softwares guide you along to authenticate sites only and promises to help you users manage log-in names, passwords, credit card numbers and other information used for online transactions. The softwares warn the user when an online transaction is suspicious.

Set your web browser to the highest level of security
Whether you use Internet Explorer, Mozilla Firefox or Safari to make online transactions, they all need to be at the highest security levels possible. Keep in mind that security options are not always activated by default. Each web browser has their own section for security options but you can access to them at any time during the process of your transactions. Remember that your web browser is the final protection that keeps you away from online credit card fraud.



Only use trusted websites to make your transactions
Always look for the symbols of a padlock or an unbroken key in the bottom of your browser. These symbols indicate that your details are protected with an extra layer of security. Websites of banks, financial institutions and other online buying and selling have a security stamp on them to prevent any kinds of frauds. You can identify the security stamps on the URL itself. Check if the URL begins with “https” instead of “http”. You will also find a security symbol locked in your browser. But most importantly, see whether your browser or your anti-virus software gives you warning about a site’s security information. Shut the webpage as soon as you find the certificate invalid.

Do not reveal your keys or passwords
Some websites require you to set up an account before making transactions, and you usually need to make up a username and a key or a password that is used for logging in that username. Set unique passwords for yourself and make sure that no one gets to know your passwords simply by guessing. Set long passwords like a minimum of seven characters (combined with upper-case and lower-case alphabets and numbers). Avoid everything that is close to you that someone else might know. People often have a tendency to set passwords which they can remember easily, but it is advisable not to use such as your passwords.

What is being done?
Statistics have suggested that the extent to which criminals are targeting the internet for both credit and debit card debt is far greater than originally imagined. The banking industry has collected data that has shown that card losses from internet, phone, and mail order crime has totalled approximately 290 million euros. In fact, if failed attempts had been successful, the amount of losses could total 500 million euros. Because of this newfound data, the conservative party has called for a minister to deal specifically with online credit card crime.

The BBC conducted an investigation and were amazed at how simple it is to obtain stolen credit cards via the internet. Two of their journalists had posed as computer hackers and were able to discover a webpage that was selling thousands of stolen credit and debit card. When the cards were used, the journalists were able to trace the fraudulet transactions to a number of addresses. The information was then given to the police to be dealt with accordingly. Along with government organizations, there are also private companies that specialize in catching credit card fraud criminals. For example, “The Third Man Comapany” develops fraud screening solutions and have concluded that potential criminals buy electronic gadgets such as satellite navigation systems, lap top computers and PDA’s. They then ship the items abroad and sell them in countries where the value for such items is a lot higher than it is in the UK, or the would sell it locally for half the price. Either way, they make a profit.

David Davis believes that there should be a central place to report cyber crime. Along with this “central place”, it is necessary to have specialist prosecutors deal with it as it is becoming a major criminal scene that is not being dealt with properly. Andrew McClelland, of Interactive Media in Retail Group says, “If you’re committing a crime online then there is a high probability that you’ll get away with it and even if you are caught a fairly high probability again that the punishment won’t be that severe.” The Association of Payment Clearing Services found that there was a 25% rise in the fraudulent use of UK credit and debit cards. Even more shocking is that British Bank account details are on sale over the internet for as little as 5 Euros.

Resources

 * http://www.rcmp-grc.gc.ca/scams/ccandpc_e.htm
 * http://www.cibc.com/ca/legal/credit-card-fraud.html
 * http://www.visa.ca/en/merchant/pdfs/merchant_fraud.pdf
 * http://wave.scotiabank.com/issue-04/feature.php
 * http://www.publicsafety.gc.ca/prg/le/bs/phish-en.asp
 * http://www.microsoft.com/protect/yourself/phishing/identify.mspx
 * http://www.windowsecurity.com/trojanscan/
 * http://www.theregister.co.uk/2003/10/03/trojan_hijacks_web_browsers/
 * http://www.crime-research.org/news/22.04.2005/1173/
 * http://www.fraudwatchinternational.com/lottery/
 * http://www.lottery.co.uk/info/scams.asp
 * http://www.fbi.gov/pressrel/pressrel03/spoofing072103.htmhttp://www.bankersonline.com/security/jb_websitespoofs.html
 * http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre07.shtm
 * http://www.nrps.com/community/credit.asp
 * http://sbinfocanada.about.com/od/insurancelegalissues/g/creditcardfraud.htm
 * http://www.privcom.gc.ca/fs-fi/02_05_d_36_e.asp
 * http://www.settlement.org/sys/faqs_detail.asp?faq_id=4000157
 * http://www.safefromscams.co.uk/CardNotPresentFraud.html
 * http://www/scambusters.org/reports/walker.html
 * http://videojug.com/film/how-to-shop-secure-online
 * http://blogs.profitimo.com/2007/04/21/4-steps-to-prevent-online-fraud/
 * http://www.videojug.org/film/how-to-prevent-credit-card-fraud
 * http://www.creditorweb.com/articles/credit-card-usage-explained.html
 * http://www.canada.com/topics/news/national/story.html?id=b7f81191-421a-48f5-abc3-8b156c8f6fc2
 * http://www.scambusters.org/CreditCardFraud.html
 * http://www.webdevelopersjournal.com/articles/card_fraud.html
 * http://search.techrepublic.com.com/search/credit+card+fraud.html
 * http://www.onlyfinance.com/Credit-Cards/Online-credit-card-fraud-is-underestimated.aspx
 * http://www.workz.com/content/view_content.html?setion_id=495&content_id=5905
 * http://www.webmasterworld.com/forum31/197.htm
 * http://www.getsafeonline.org/nqcontent_cfm?a_id=1175
 * http://www.strategic-adv.com/Strategic/Resources/Page/Credit-Cards-and-Identity-Theft-Online-Fraud.html
 * Criminal Records - Prevent Identity Theft