According to a new white paper by information security specialist Steve Darrall of CQR Consulting, Australia is experiencing something of a credit card fraud epidemic.
In recent months, ATM machines have been blown sky high, card skimming machines have grown increasingly more prevalent in our suburbs and credit card fraud, online and offline is at an all-time high.
The white paper claims that card skimming alone now costs Australians more than $49m a year, and that's just in 2008. In all, total credit fraud made up around $120m from two main groups:
- Counterfeit cards and card skimming ($49m)
- Card not present fraud (CNP) concerns your mail, telephone, fax and internet transactions. ($71m)
Two banking security initiatives have been offered by CQR as a better way of protecting against credit card frauds and they hope that the wider adoption of these measures can help the banks/card companies better protect consumers:
1. Payment Card Industry Data Security Standard (PCI-DSS):
Developed by the major credit card brands, this standard applies to all organisations that store, process or transmit cardholder payment data, regardless of size or transaction numbers.
2. Payment Application Data Security Standard (PA-DSS).
This standard applies to software applications designed to store, process or transmit payment card information.
Mr Darrall believes that what's holding back the mass adoption of these standards are costs and mindset of the merchants. Darrall told PC Authority that while the banks are very interested in adopting these standards, merchants have not been so crash hot about the idea. Furthermore, this isn't an area for complacency. Even with the introduction of more advanced chip and PIN cards, "this isn't the magic bullet" we might be hoping for, but a step in the right direction says Mr Darrall.
The card skimming problem
Even with the growth of online fraud and banking phishing schemes, physical card skimming is a growing problem.
Physical card skimming uses electronic equipment to steal your PIN at the ATM. And it can be much harder for customers to detect. But according to Mr Darrall, there are techniques you can use to minimise your risk.
|Card skimming device attached to ATM (Image source: Consumerist)
It can be tricky to spot the difference between a normal ATM and one that has already been tampered with.
Mr Darrall says that ATM's shouldn't have anything protruding from their edges and that most scamming devices can actually be lifted from the machines with a little bit of pressure (although he doesn't advocate going out and ripping apart your local ATM).
|A card skimming device (Image source: Consumerist)
These photos from Consumerist show just how easy it is for fraudsters to trick unsuspecting users at the ATM. Pinhole cameras are just one of the tricks employed to grab your PIN. Mr Darrall says that hiding your hand over your PIN is the first basic line of defence against scammers, although it's not 100% foolproof.
| A card skimming device (Image source: Consumerist)
ATM skimming is getting so high tech that some gangs are resorting to using Bluetooth and fake keyboards to 'catch' your PIN when you enter it, so holding your hand over the keyboard will make little difference in this case.
Again, it's worth checking the machine for any raised edges, says Mr Darrall. That will usually give the scammers and skimming devices away, he said.
|Fake Keyboard on ATM (Image source: Consumerist)
Different types of card readers and how the banks are responding:
The most common are Dip rippers and motorised rippers (the part which you scan your card down, at petrol stations for instance) - by understanding what they look like, you'll know how to spot different kinds of fraudulent activity.
Mr Darrall says that some banks are now moving to Dip readers with jerky read patterns. You may have noticed how some ATM's will read your card slowly and pretend to jerk it across the magnetic strip. This is done on purpose to foil card skimmers, that generally need a fast, clean swipe to steal the magnetic data, says Mr Darrall.
So what can you do, if you're still concerned?
According to Mr Darrall, there are a couple of techniques worth using to save your hard earned money from the crooks:
- Have more than one account and keep only a small amount of money in the account that you regularly access from the ATM or make online purchases with. If you need more for regular purchases, spread your money across multiple accounts to limit the damage done from potential fraud.
- Using EFTPOS machines at your local retailer will also help, because these machines are far less likely to be targeted by scammers.
- If you're not sure of the ATM, go to another one. It may seem obvious, but you'd be surprised how many people aren't willing to try another machine to collect their cash from.