13/05/2015 Credit card fraud ­ Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Credit_card_fraud 1/13

Credit card fraudFrom Wikipedia, the free encyclopedia

Credit card fraud is a wide­ranging term for theft and fraud committed using or involving a paymentcard, such as a credit card or debit card, as a fraudulent source of funds in a transaction. The purposemay be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit cardfraud is also an adjunct to identity theft. According to the United States Federal Trade Commission,while identity theft had been holding steady for the last few years, it saw a 21 percent increase in 2008.However, credit card fraud, that crime which most people associate with ID theft, decreased as apercentage of all ID theft complaints for the sixth year in a row.[1]

Although incidence of credit card fraud is limited to about 0.1% of all card transactions, this has resultedin huge financial losses as the fraudulent transactions have been large value transactions. In 1999, out of12 billion transactions made annually, approximately 10 million—or one out of every 1200 transactions—turned out to be fraudulent.[2] Also, 0.04% (4 out of every 10,000) of all monthly active accounts werefraudulent. Even with tremendous volume and value increase in credit card transactions since then, theseproportions have stayed the same or have decreased due to sophisticated fraud detection and preventionsystems. Today's fraud detection systems are designed to prevent one twelfth of one percent of alltransactions processed which still translates into billions of dollars in losses.[2]

In the decade to 2008, general credit card losses have been 7 basis points or lower (i.e. losses of $0.07 orless per $100 of transactions).[3] In 2007, fraud in the United Kingdom was estimated at £535 million.[4]

Contents

1 Initiation of a card fraud2 Stolen cards3 Compromised accounts

3.1 Card not present transaction3.2 Identity theft

3.2.1 Application fraud3.2.2 Account takeover

3.3 Skimming3.4 Carding3.5 BIN attack3.6 Tele phishing3.7 Balance transfer checks

4 Fraudulent charge­back schemes5 Unexpected repeat billing6 Profits, losses and punishment

6.1 United States6.1.1 Cardholder liability6.1.2 Merchants

6.2 United Kingdom6.3 Credit card companies6.4 Merchants

7 Famous credit fraud attacks8 Countermeasures9 See also

10 References

13/05/2015 Credit card fraud ­ Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Credit_card_fraud 2/13

10 References11 External links

Initiation of a card fraud

Card fraud begins either with the theft of the physical card or with the compromise of data associatedwith the account, including the card account number or other information that would routinely andnecessarily be available to a merchant during a legitimate transaction. The compromise can occur bymany common routes and can usually be conducted without tipping off the card holder, the merchant orthe issuer, at least until the account is ultimately used for fraud. A simple example is that of a store clerkcopying sales receipts for later use. The rapid growth of credit card use on the Internet has madedatabase security lapses particularly costly; in some cases, millions[5] of accounts have beencompromised.

Stolen cards can be reported quickly by cardholders, but a compromised account can be hoarded by athief for weeks or months before any fraudulent use, making it difficult to identify the source of thecompromise. The cardholder may not discover fraudulent use until receiving a billing statement, whichmay be delivered infrequently. Cardholders can mitigate against this fraud risk by checking their accountfrequently to ensure constant awareness in case there are any suspicious, unknown transactions oractivities.

Stolen cards

When a credit card is lost or stolen, it may be used for illegal purchases until the holder notifies theissuing bank and the bank puts a block on the account. Most banks have free 24­hour telephone numbersto encourage prompt reporting. Still, it is possible for a thief to make unauthorized purchases on a cardbefore the card is cancelled. Without other security measures, a thief could potentially purchasethousands of dollars in merchandise or services before the cardholder or the card issuer realizes that thecard has been compromised.

The only common security measure on all cards is a signature panel, but, depending on its exact design,a signature may be relatively easy to forge. Some merchants will demand to see a picture ID, such as adriver's license, to verify the identity of the purchaser, and some credit cards include the holder's pictureon the card itself. In some jurisdictions, it is illegal for merchants to demand card holder identification.Self­serve payment systems (gas stations, kiosks, etc.) are common targets for stolen cards, as there is noway to verify the card holder's identity. There is also a new law that has been implemented thatidentification or a signature is only required for purchases above $50, unless stated in the policy of themerchant. This new law makes it easier for credit card theft to take place as well because it is notmaking it necessary for a form of identification to be presented, so as long as the fraud is done at what isconsidered to be a small amount, little to no action is taken by the merchant to prevent it.

A common countermeasure is to require the user to key in some identifying information, such as theuser's ZIP or postal code. This method may deter casual theft of a card found alone, but if the cardholder's wallet is stolen, it may be trivial for the thief to deduce the information by looking at other itemsin the wallet. For instance, a U.S. driver license commonly has the holder's home address and ZIP codeprinted on it. Visa Inc. offers merchants lower rates on transactions if the customer provides a ZIPcode.[6]

13/05/2015 Credit card fraud ­ Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Credit_card_fraud 3/13

In Europe, most cards are equipped with an EMV chip which requires a 4 to 6 digit PIN to be enteredinto the merchant's terminal before payment will be authorised. However, a PIN isn't required for onlinetransactions, and is often not required for transactions using the magnetic strip. However magnetic striptransactions are banned under the EMV system (which requires the PIN). In many/most Europeancountries, if you don't have a card with a chip, you will usually be asked for photo­ID ­ e.g. national IDcard, passport, etc. at the point of sale. Many self­service machines (e.g. ticket machines at railwaystations, and self­service check­in at airports, require a PIN (and chip) in EMV­land ­ i.e. which is mostof Europe, Asia, Middle East etc.

Requiring a customer's ZIP code is illegal in California, where the state's 1971 law prohibits merchantsfrom requesting or requiring a card­holder's "personal identification information" as a condition ofaccepting the card for payment. The California Supreme Court has ruled that the ZIP code qualifies aspersonal identification information because it is part of the cardholder's address. Companies face fines of$250–1000 for each violation.[6] Requiring a "personal identification number" (PIN) may also be aviolation.

Card issuers have several countermeasures, including sophisticated software that can, prior to anauthorized transaction, estimate the probability of fraud. For example, a large transaction occurring agreat distance from the cardholder's home might seem suspicious. The merchant may be instructed tocall the card issuer for verification, or to decline the transaction, or even to hold the card and refuse toreturn it to the customer. The customer must contact the issuer and prove who they are to get their cardback (if it is not fraud and they are actually buying a product).

Compromised accounts

Card information is stored in a number of formats. Card numbers – formally the Primary AccountNumber (PAN) – are often embossed or imprinted on the card, and a magnetic stripe on the backcontains the data in machine readable format. Fields can vary, but the most common include:

Name of card holderCard numberExpiration dateVerification/CVV code

Card not present transaction

The mail and the Internet are major routes for fraud against merchants who sell and ship products, andaffects legitimate mail­order and Internet merchants. If the card is not physically present (called CNP,card not present) the merchant must rely on the holder (or someone purporting to be so) presenting theinformation indirectly, whether by mail, telephone or over the Internet. While there are safeguards tothis,[7] it is still more risky than presenting in person, and indeed card issuers tend to charge a greatertransaction rate for CNP, because of the greater risk.

It is difficult for a merchant to verify that the actual cardholder is indeed authorising the purchase.Shipping companies can guarantee delivery to a location, but they are not required to checkidentification and they are usually not involved in processing payments for the merchandise. A commonrecent preventive measure for merchants is to allow shipment only to an address approved by thecardholder, and merchant banking systems offer simple methods of verifying this information. Beforethis and similar countermeasures were introduced, mail order carding was rampant as early as 1992.[8] A

13/05/2015 Credit card fraud ­ Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Credit_card_fraud 4/13

carder would obtain the credit card information for a local resident and then intercept delivery of theillegitimately purchased merchandise at the shipping address, often by staking out the porch of theresidence.

Small transactions generally undergo less scrutiny, and are less likely to be investigated by either thecard issuer or the merchant. CNP merchants must take extra precaution against fraud exposure andassociated losses, and they pay higher rates for the privilege of accepting cards. Fraudsters bet on thefact that many fraud prevention features are not used for small transactions.

Merchant associations have developed some prevention measures, such as single use card numbers, butthese have not met with much success. Customers expect to be able to use their credit card without anyhassles, and have little incentive to pursue additional security due to laws limiting customer liability inthe event of fraud. Merchants can implement these prevention measures but risk losing business if thecustomer chooses not to use them.

Identity theft

Identity theft can be divided into two broad categories: application fraud and account takeover.

Application fraud

Application fraud takes place when a person uses stolen or fake documents to open an account inanother person's name. Criminals may steal documents such as utility bills and bank statements to buildup useful personal information. Alternatively, they may create fake documents. With this information,they could open a credit card account or Ioan account in the victim's name, and then fully draw it.

Account takeover

Account takeover takes place when a person takes over another person's account, first by gatheringpersonal information about the intended victim, and then contacting their card issuer whileimpersonating the genuine cardholder, and asking for mail to be redirected to a new address. Thecriminal then reports the card lost and asks for a replacement card to be sent. They may then set up anew PIN. They are then free to use the card until the rightful cardholder discovers the deception when heor she tries to use their own card, by which time the account would be drained.

Skimming

Skimming is the theft of payment card information used in an otherwise legitimate transaction. The thiefcan procure a victim's card number using basic methods such as photocopying receipts or moreadvanced methods such as using a small electronic device (skimmer) to swipe and store hundreds ofvictims’ card numbers. Common scenarios for skimming are restaurants or bars where the skimmer haspossession of the victim's payment card out of their immediate view.[9] The thief may also use a smallkeypad to unobtrusively transcribe the 3 or 4 digit Card Security Code, which is not present on themagnetic strip. Call centers are another area where skimming can easily occur.[10] Skimming can alsooccur at merchants such as gas stations when a third­party card­reading device is installed either outsideor inside a fuel dispenser or other card­swiping terminal. This device allows a thief to capture acustomer’s card information, including their PIN, with each card swipe.[11]

13/05/2015 Credit card fraud ­ Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Credit_card_fraud 5/13

Instances of skimming have been reported where the perpetrator has put over the card slot of an ATM(automated teller machine) a device that reads the magnetic strip as the user unknowingly passes theircard through it.[12] These devices are often used in conjunction with a miniature camera(inconspicuously attached to the ATM) to read the user's PIN at the same time.[13][14] This method isbeing used in many parts of the world, including South America, Argentina,[15] and Europe. Anothertechnique used is a keypad overlay that matches up with the buttons of the legitimate keypad below itand presses them when operated, but records or wirelessly transmits the keylog of the PIN entered. Thedevice or group of devices illicitly installed on an ATM are also colloquially known as a "skimmer".Recently made ATMs now often run a picture of what the slot and keypad are supposed to look like as abackground, so that consumers can identify foreign devices attached.

Skimming is difficult for the typical cardholder to detect, but given a large enough sample, it is fairlyeasy for the card issuer to detect. The issuer collects a list of all the cardholders who have complainedabout fraudulent transactions, and then uses data mining to discover relationships among them and themerchants they use. For example, if many of the cardholders use a particular merchant, that merchantcan be directly investigated. Sophisticated algorithms can also search for patterns of fraud. Merchantsmust ensure the physical security of their terminals, and penalties for merchants can be severe if they arecompromised, ranging from large fines by the issuer to complete exclusion from the system, which canbe a death blow to businesses such as restaurants where credit card transactions are the norm.

Carding

Carding is a term used for a process to verify the validity of stolen card data. The thief presents the cardinformation on a website that has real­time transaction processing. If the card is processed successfully,the thief knows that the card is still good. The specific item purchased is immaterial, and the thief doesnot need to purchase an actual product; a web site subscription or charitable donation would besufficient. The purchase is usually for a small monetary amount, both to avoid using the card's creditlimit, and also to avoid attracting the card issuer's attention. A website known to be susceptible tocarding is known as a cardable website.

In the past, carders used computer programs called "generators" to produce a sequence of credit cardnumbers, and then test them to see which were valid accounts. Another variation would be to take falsecard numbers to a location that does not immediately process card numbers, such as a trade show orspecial event. However, this process is no longer viable due to widespread requirement by internet creditcard processing systems for additional data such as the billing address, the 3 to 4 digit Card SecurityCode and/or the card's expiration date, as well as the more prevalent use of wireless card scanners thatcan process transactions right away. Nowadays, carding is more typically used to verify credit card dataobtained directly from the victims by skimming or phishing.

A set of credit card details that has been verified in this way is known in fraud circles as a phish. Acarder will typically sell data files of the phish to other individuals who will carry out the actual fraud.Market price for a phish ranges from US$1.00 to US$50.00 depending on the type of card, freshness ofthe data and credit status of the victim.

BIN attack

Credit cards are produced in BIN ranges. Where an issuer does not use random generation of the cardnumber, it is possible for an attacker to obtain one good card number and generate valid card numbersby changing the last four numbers using a generator. The expiry date of these card IDs would mostlikely be the same as the good card.

13/05/2015 Credit card fraud ­ Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Credit_card_fraud 6/13

Tele phishing

Scammers may obtain a list of individuals with their name and phone number luring victims intothinking that they are speaking with a trusted organization handing over sensitive information such ascredit card details. Scamming has moved from landlines to cellphones in recent years. One popular tacticis to claim that they are from the "Card Services" division of one, or any number of popular banks, andare "verifying" your account information so that they can provide you a lower interest rate. Scammerscan be very convincing, aggressive, and tireless in their efforts, often organized into large but clearlymobile call centers.

Balance transfer checks

Some promotional offers include active balance transfer checks which may be tied directly to a creditcard account. These are often sent unsolicited, and may occur as often as once per month by somefinancial institutions. In cases where checks are stolen from a victim's mailbox they can be used at pointof sales locations thereby leaving the victim responsible for the losses. They are one path at times usedby fraudsters.

Fraudulent charge­back schemes

There is a class of email spam (usually sent to commercial / corporate email addresses) where thespammer makes an offer to purchase goods (usually not specifically identified) from a vendor. In theemail, the spammer makes it clear that they intend to pay for the goods using a credit card. The spammerprovides the shipping address for the goods, and requests a product and price­list from the vendor in theinitial email. It has been speculated that this is some form of charge­back scheme, whereby the spammeris using a valid credit card but intends to request a charge­back to reverse the charge while at the sametime retaining the goods that were shipped to them.

Unexpected repeat billing

When a card holder buys something from a vendor and expects the card to be charged only once, avendor may charge the card a small amount multiple times at infrequent intervals such as monthly orannually until the card expires. The vendor may state in the fine print that the customer is now a"member" and the membership will be renewed periodically unless the card holder notifies the vendor inaccordance with a cancellation procedure in the "membership agreement" which the card holder agreedto when they made the initial purchase. Because the periodic charges are unexpected, infrequent, andsmall, most card holders will not notice the charges. If a card holder complains to the bank that thecharges were unauthorized, the bank will notify the vendor of the disputed charges and the vendor willrespond that the card holder never cancelled the "membership" which the card holder agreed to. Sincemost card holders have no idea what the cancellation procedure is and the vendor will reveal it only tonew customers, the bank will not reverse the charges, but instead will offer to cancel the credit card andreissue it with a different account number or expiration date. Unexpected repeat billing is in a gray areaof the law, depending on whether the customer legitimately agreed to the charges.

Profits, losses and punishment

United States

13/05/2015 Credit card fraud ­ Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Credit_card_fraud 7/13

The Department of Justice has announced in September 2014 that it will seek to impose a tougher law tocombat overseas credit card trafficking. Authorities say the current statute is too weak because it allowspeople in other countries to avoid prosecution if they stay outside the United States when buying andselling the data and don't pass their illicit business through the U.S. The Department of Justice asksCongress to amend the current law that would make it illegal for an international criminal to possess,buy or sell a stolen credit card issued by a U.S. bank independent of geographic location.[16]

Cardholder liability

In the US, federal law limits the liability of card holders to $50 in the event of theft of the actual creditcard, regardless of the amount charged on the card, if reported within 60 days of receiving thestatement.[17] In practice many issuers will waive this small payment and simply remove the fraudulentcharges from the customer's account if the customer signs an affidavit confirming that the charges areindeed fraudulent. If the physical card is not lost or stolen, but rather just the credit card account numberitself is stolen, then Federal Law guarantees card holders have zero liability to the credit card issuer.[18]

Merchants

The merchants and the financial institutions bear the loss. The merchant loses the value of any goods orservices sold, and any associated fees. If the financial institution does not have a charge­back right thenthe financial institution bears the loss and the merchant does not suffer at all. These losses inclinemerchants to be cautious and often they ban legitimate transactions and lose potential revenues. Onlinemerchants can choose to apply for additional services that credit card companies offer, such as Verifiedby Visa and MasterCard SecureCode. However, these are complicated and awkward to do or use forconsumers so there is a trade­off of making a sale easy and making it secure.

The liability for the fraud is determined by the details of the transaction. If the merchant retrieved all thenecessary pieces of information and followed all of the rules and regulations the financial institutionwould bear the liability for the fraud. If the merchant did not get all of the necessary information theywould be required to return the funds to the financial institution. This is all determined through the creditcard processory.

United Kingdom

In the UK, credit cards are regulated by the Consumer Credit Act 1974 (amended 2006). This provides anumber of protections and requirements.

Any misuse of the card, unless deliberately criminal on the part of the cardholder, must be refunded bythe merchant or card issuer.

Credit card companies

To prevent being "charged back" for fraud transactions, merchants can sign up for services offered byVisa and MasterCard called Verified by Visa and MasterCard SecureCode, under the umbrella term 3­DSecure. This requires consumers to add additional information to confirm a transaction.

13/05/2015 Credit card fraud ­ Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Credit_card_fraud 8/13

Often enough online merchants do not take adequate measures to protect their websites from fraudattacks, for example by being blind to sequencing. In contrast to more automated product transactions, aclerk overseeing "card present" authorization requests must approve the customer's removal of the goodsfrom the premise in real time.

Credit card merchant associations, like Visa and MasterCard, receive profits from transaction fees,charging between 0% and 3.25% of the purchase price plus a per transaction fee of between 0.00 USDand 40.00 USD.[19][20] Cash costs more to bank up, so it is worthwhile for merchants to take cards.Issuers are thus motivated to pursue policies which increase the money transferred by their systems.Many merchants believe this pursuit of revenue reduces the incentive for credit card issuers to adoptprocedures to reduce crime, particularly because the cost of investigating a fraud is usually higher thanthe cost of just writing it off. These costs are passed on to the merchants as "chargebacks". This canresult in substantial additional costs: not only has the merchant been defrauded for the amount of thetransaction, he is also obliged to pay the chargeback fee, and to add insult to injury the transaction feesstill stand.. Additionally merchants may lose their merchant account if their percent of chargeback tooverall turnover exceeds some value related to their type of product or service sold.

Merchants have started to request changes in state and federal laws to protect themselves and theirconsumers from fraud, but the credit card industry has opposed many of the requests. In many cases,merchants have little ability to fight fraud, and must simply accept a proportion of fraud as a cost ofdoing business.

Because all card­accepting merchants and card­carrying customers are bound by civil contract law thereare few criminal laws covering the fraud. Payment transfer associations enact changes to regulations,and the three parties— the issuer, the consumer, and the merchant— are all generally bound to theconditions, by a self­acceptance term in the contract that it can be changed.

Merchants

The merchant loses the payment, the fees for processing the payment, any currency conversioncommissions, and the amount of the chargeback penalty. For obvious reasons, many merchants takesteps to avoid chargebacks—such as not accepting suspicious transactions. This may spawn collateraldamage, where the merchant additionally loses legitimate sales by incorrectly blocking legitimatetransactions. Mail Order/Telephone Order (MOTO) merchants are implementing Agent­assistedautomation which allows the call center agent to collect the credit card number and other personallyidentifiable information without ever seeing or hearing it. This greatly reduces the probability ofchargebacks and increases the likelihood that fraudulent chargebacks will be successfully overturned.[7]

Famous credit fraud attacks

Between July 2005 and mid­January 2007, a breach of systems at TJX Companies exposed data frommore than 45.6 million credit cards. Albert Gonzalez is accused of being the ringleader of the groupresponsible for the thefts.

In August 2009 Gonzalez was also indicted for the biggest known credit card theft to date —information from more than 130 million credit and debit cards was stolen at Heartland PaymentSystems, retailers 7­Eleven and Hannaford Brothers, and two unidentified companies.[21]

In 2012, about 40 million sets of payment card information were compromised by a hack of AdobeSystems.[22]

13/05/2015 Credit card fraud ­ Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Credit_card_fraud 9/13

In July 2013, press reports indicated four Russians and a Ukrainian were indicted in New Jersey for whatwas called “the largest hacking and data breach scheme ever prosecuted in the United States.” [23]

Between 27 November 2013 and 15 December 2013 a breach of systems at Target Corporation exposeddata from about 40 million credit cards. The information stolen included names, account number, expirydate and Card security code [24]

From 16 July to 30 October 2013, a hacking attack compromised about a million sets of payment carddata stored on computers at Neiman­Marcus.[22][25]

On September 8, 2014, The Home Depot confirmed that their payment systems were compromised.They later released a statement saying that the hackers obtained a total of 56 million credit card numbersas a result of the breach

Countermeasures

Countermeasures to combat credit card fraud include the following.

By merchants:

PAN truncation – not displaying the full number on receiptsTokenization (data security) – not storing the full number in computer systemsRequesting additional information, such as a PIN, ZIP code, or Card Security CodePerform geolocation validation, such as IP addressUse of Reliance Authentication, indirectly via PayPal, or directly via iSignthis or miiCard.

By card issuers:

Fraud detection and prevention software)[26][27][28] that analyzes patterns of normal and unusualbehavior as well as individual transactions in order to flag likely fraud. Profiles include suchinformation as IP address.[29] Technologies have existed since the early 1990s to detect potentialfraud. One early market entrant was Falcon;[26] other leading software solutions for card fraudinclude Actimize, SAS, BAE Systems Detica, and IBM.

Fraud detection and response business processes such as:Contacting the cardholder to request verificationPlacing preventative controls/holds on accounts which may have been victimizedBlocking card until transactions are verified by cardholderInvestigating fraudulent activity

Strong Authentication measures such as:Multi­factor Authentication, verifying that the account is being accessed by the cardholderthrough requirement of additional information such as account number, PIN, ZIP, challengequestionsMulti possession­factor authentication, verifying that the account is being accessed by thecardholder through requirement of additional personal devices such as smart watch, smartphone Challenge­response authentication [30]

Out­of­band Authentication,[31] verifying that the transaction is being done by thecardholder through a "known" or "trusted" communication channel such as text message,phone call, or security token device

Industry collaboration and information sharing about known fraudsters and emerging threatvectors[32][33]

13/05/2015 Credit card fraud ­ Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Credit_card_fraud 10/13

By Governmental and Regulatory Bodies:

Enacting consumer protection laws related to card fraudPerforming regular examinations and risk assessments of credit card issuers[34]Publishing standards, guidance, and guidelines for protecting cardholder information andmonitoring for fraudulent activity[35]Regulation, such as that introduced in the SEPA and EU28 by the European Central Bank's'SecuRE Pay' (http://www.ecb.europa.eu/press/pr/date/2013/html/pr130131_1.en.html)requirements and the Payment Services Directive 2(http://www.europarl.europa.eu/oeil/popups/summary.do?id=1289956&t=d&l=en) legislation.

By cardholders:

Reporting lost or stolen cardsReviewing charges regularly and reporting unauthorized transactions immediatelyInstalling virus protection software on personal computersUsing caution when using credit cards for online purchases, especially on non­trusted websitesKeeping a record of account numbers, their expiration dates, and the phone number and address ofeach company in a secure place.[36]

Additional technological features:

EMV3­D SecureStrong authenticationBillGuard ­ a personal finance security appTrue Link

See also

Chargeback insuranceCredit card hijackingFBIFinancial crimesFriendly FraudIdentity theftImmigration and Customs Enforcement (ICE)Internet fraudPhishingPredictive analyticsReimbursementTraffic analysisWhite­collar crimeInternational credit card data theftUnited States Postal Inspection ServiceUnited States Secret Service

References1. "Consumer Sentinel Network Data Book: January ­ December 2008"

(http://www.ftc.gov/sentinel/reports/sentinel­annual­reports/sentinel­cy2008.pdf) (PDF). Federal TradeCommission. 26 February 2009. Retrieved 21 February 2010.

13/05/2015 Credit card fraud ­ Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Credit_card_fraud 11/13

2. Hassibi PhD, Khosrow (2000). Chapter 9 on "Detecting Payment Card Fraud with Neural Networks in book"Business Applications of Neural Networks" (http://www.amazon.com/Business­Applications­Neural­Networks­State­Of­The­Art/dp/9810240899/ref=sr_1_1?ie=UTF8&qid=1365701642&sr=8­1&keywords=Business+Applications+of+Neural+Networks). Singapore­New Jersey­London­Hong Kong:World Scientific. pp. 141–158. ISBN 978­9810240899.

3. Paterson, Ken (December 2008). "Credit Card Issuer Fraud Management, Report Highlights"(http://web.archive.org/web/20091229101826/http://www.sas.com/news/analysts/mercator_fraud_1208.pdf)(PDF). Mercator Advisory Group. Archived from the original(http://www.sas.com/news/analysts/mercator_fraud_1208.pdf) (PDF) on 29 December 2009.

4. "Plastic card fraud goes back up" (http://news.bbc.co.uk/2/hi/business/7289856.stm). BBC. 12 March 2008.Retrieved 14 October 2013.

5. "Court filings double estimate of TJX breach" (http://www.securityfocus.com/news/11493). 2007.6. "Zip Codes Draw Fire", Wall Street Journal, 22 February 2011, page C77. Adsit, Dennis (21 February 2011). "Error­proofing strategies for managing call center fraud"

(http://www.isixsigma.com/index.php?option=com_k2&view=item&id=1854&Itemid=1&Itemid=1).isixsigma.com.

8. [1] (http://www.phrack.org/issues.html?issue=39&id=11&mode=txt)9. Inside Job/Restaurant card skimming

(http://www.thereporteronline.com/articles/2009/02/20/news/doc499ea6f34cf0c881626736.txt). JournalRegister.

10. Little, Allan (19 March 2009). "Overseas credit card scam exposed"(http://news.bbc.co.uk/2/hi/uk_news/7953401.stm). bbc.co.uk.com.

11. NACS Magazine – Skimmming(http://www.nacsonline.com/NACS/Magazine/PastIssues/2011/October2011/Pages/Feature5.aspx).nacsonline.com

12. All About Skimmers (http://krebsonsecurity.com/all­about­skimmers/) Krebs on security13. ATM Camera (http://www.snopes.com/fraud/atm/atmcamera.asp) Snopes.com14. "Manipulated ATMs" (http://web.archive.org/web/20130726163113/http://www.h­

online.com/security/features/Manipulated­ATMs­746193.html). The H. 2007. Archived from the original(http://h­online.com/­746193) on 26 July 2013.

15. [2] (http://www.clarin.com/policiales/Piden­captura­internacional­estudiante­Ingenieria_0_364763613.html)Clarín

16. Tucker, Eric. "Prosecutors target credit card thieves overseas"(http://hosted.ap.org/dynamic/stories/U/US_CREDIT_CARD_THEFT?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2014­09­12­17­56­33). AP. Retrieved13 September 2014.

17. Section 901 of title IX of the Act of May 29, 1968 (Pub. L. No. 90­321), as added by title XX of the Act ofNovember 10, 1978 (Pub. L. No. 95­630; 92 Stat. 3728), effective May 10, 1980(http://www.fdic.gov/regulations/laws/rules/6500­1350.html)

18. "Lost or Stolen Credit, ATM, and Debit Cards" (http://www.consumer.ftc.gov/articles/0213­lost­or­stolen­credit­atm­and­debit­cards). Ftc.gov. Retrieved 2 August 2014.

19. Mastercard Interchange Rates(http://www.mastercard.com/us/merchant/pdf/MasterCard_Interchange_Rates_and_Criteria.pdf)

20. Visa Interchange Rates (http://usa.visa.com/merchants/operations/interchange_rates.html)21. http://www.theregister.co.uk/2009/08/17/heartland_payment_suspect/22. Skimming Off the Top; Why America has such a hiugh rate of payment­card fraud, 15 February 2014, The

Economist23. Russian hackers charged in 'biggest' data breach case, 160mn credit card numbers stolen, 25 July 2013,

Catherine Benson, Reuters24. The Wall Street Journal

http://online.wsj.com/news/articles/SB10001424052702304367204579267992268980478. Missing or empty|title= (help)

25. Neiman Marcus Data Breach FAQ: What to Do Now, by Paul Wagenseil, 27 January 2014, Tom's guide

13/05/2015 Credit card fraud ­ Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Credit_card_fraud 12/13

External links

Federal Financial Institutions Examination Council (FFIEC) IT Booklets » Information Security »Appendix C: Laws, Regulations, and Guidance (http://ithandbook.ffiec.gov/it­booklets/information­security/appendix­c­laws,­regulations,­and­guidance.aspx)Visa's fraud control basics for merchants(http://usa.visa.com/merchants/risk_management/fraud_control_basics.html)Mastercard's merchant training support(http://www.mastercard.com/us/merchant/support/demos.html)Stopping Card Fraud (http://www.aciworldwide.com/­/media/files/collateral/aci_stopping%20card%20fraud%20guide_tl_us_1010_4414.pdf)The Internet Crime Complaint Center (IC3) (http://www.ic3.gov) is a partnership between theFederal Bureau of Investigation (FBI) and the National White Collar Crime Center(NW3C).Internet Fraud (http://www.fbi.gov/majcases/fraud/internetschemes.htm), with a section"Avoiding Credit Card Fraud", at the Federal Bureau of Investigation websiteCounterfeiting and Credit Card Fraud (http://www.rcmp­grc.gc.ca/count­contre/cccf­ccp­eng.htm)at the Royal Canadian Mounted Police websiteAvoiding Credit and Charge Card Fraud(http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre07.shtm) at U.S. Federal Trade Commission

26. Hassibi PhD, Khosrow. Detecting Payment Card Fraud with Neural Networks in the book titled "BusinessApplications of Neural Networks" (http://books.google.com/books?id=ZQDgRmQwvN4C&pg=PA141&lpg=PA141&dq=Khosrow+Hassibi+Detecting+PAyment&source=bl&ots=_Yw3y6ihs1&sig=IRUtVY34qmXVnIJSGDsdMcS7R_Y&hl=en&sa=X&ei=cvhlUe7sBueqywGe9YCIBw&ved=0CDYQ6AEwAQ#v=onepage&q=Khosrow%20Hassibi%20Detecting%20PAyment&f=false). WorldScientific. Retrieved 10 April 2013.

27. IBM RiskTech. "Risk — Smarter Risk Management for Financial Services"(http://agility.financetech.com/risk­management). Risk — Smarter Risk Management for Financial Services.Retrieved 14 July 2011.

28. Richardson, Robert J. "Monitoring Sale Transactions for Illegal Activity"(http://www.iima.org/CIIMA/13%20CIIMA%206­1%20105­114%20Richardson.pdf) (PDF). Monitoring SaleTransactions for Illegal Activity. Retrieved 14 July 2011.

29. FraudLabs. "10 Measures to Reduce Credit Card Fraud"(http://www.fraudlabs.com/fraudlabswhitepaperpg1.htm). 10 Measures to Reduce Credit Card Fraud forInternet Merchants. FraudLabs. Retrieved 14 July 2011.

30. Alhothaily, Abdulrahman; Alrawais, Arwa; Cheng, Xiuzhen; Bie, Rongfang (2014). "Towards More SecureCardholder Verification in Payment Systems" 8491. pp. 356–367. doi:10.1007/978­3­319­07782­6_33(https://dx.doi.org/10.1007%2F978­3­319­07782­6_33). ISSN 0302­9743(https://www.worldcat.org/issn/0302­9743).

31. BankInfoSecurity. "FFIEC: Out­of­Band Authentication" (http://www.bankinfosecurity.asia/articles.php?art_id=3823). FFIEC: Out­of­Band Authentication. BankInfoSecurity. Retrieved 14 July 2011.

32. Early Warning Systems. "Early Warning Systems" (http://www.earlywarning.com/042811.asp). EarlyWarning Systems. Early Warning Systems. Retrieved 14 July 2011.

33. Financial Services ­ Information Sharing and Analysis Center (FS­ISAC). "Financial Services ­ InformationSharing and Analysis Center" (http://www.fsisac.com/). Financial Services ­ Information Sharing andAnalysis Center. FS­ISAC. Retrieved 14 July 2011.

34. FFIEC. "IT Booklets » Information Security » Introduction » Overview" (http://ithandbook.ffiec.gov/it­booklets/information­security/introduction/overview.aspx). FFIEC IT Examination Handbook ­ Credit Cards.FFIEC. Retrieved 14 July 2011.

35. FFIEC. "IT Booklets » Retail Payment Systems » Retail Payment Systems Risk Management » RetailPayment Instrument Specific Risk Management Controls" (http://ithandbook.ffiec.gov/it­booklets/retail­payment­systems/retail­payment­systems­risk­management/retail­payment­instrument­specific­risk­management­controls/credit­cards.aspx). FFIEC IT Examination Handbook ­ Credit Cards. FFIEC.Retrieved 14 July 2011.

36. [3] (http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre07.shtm) Avoiding Credit and Charge Card Fraud

13/05/2015 Credit card fraud ­ Wikipedia, the free encyclopedia

http://en.wikipedia.org/wiki/Credit_card_fraud 13/13

Credit Card Fraud: Prevention and Cures(http://www2.idaho.gov/ag/consumer/tips/creditcardfraud.htm) Idaho Office of Attorney GeneralUS Federal Trade Commission Consumer Sentinel Network Report(http://www.ftc.gov/sentinel/reports/sentinel­annual­reports/sentinel­cy2009.pdf)Making Business a Little Less Risky ­ Fraud and Risk Blog (http://lessriskybiz.blogspot.com/)

Retrieved from "http://en.wikipedia.org/w/index.php?title=Credit_card_fraud&oldid=661986238"

Categories: Credit cards Identity theft

This page was last modified on 12 May 2015, at 11:51.Text is available under the Creative Commons Attribution­ShareAlike License; additional termsmay apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is aregistered trademark of the Wikimedia Foundation, Inc., a non­profit organization.