Credit card fraud

from Wikipedia, the free encyclopedia

The credit card fraud is a form of economic fraud , in the forged or stolen credit card data is used and the account holders and / or the merchants concerned is added to financial damage.

Theft of credit card details

In addition to physical theft of cards, for example by pickpockets , credit card details are increasingly being stolen using electronic methods. To do this, the perpetrators use various options such as:

(Example: the perpetrator pretends to be an employee of a credit card company or a bank and asks for the card's data)
  • Counterfeit internet services and shops
(The perpetrators lure in online shops with very low-priced offers and seduce the victim to reveal their data.)
  • Access to e-mail correspondence
( Crackers use security gaps and mostly insider knowledge to get to the customer files, in which credit card data is also stored.)
  • Hacker attacks on department store chains in which credit card data is stolen: As the specialist portal Kartenvergleich.org reported in February 2014, a hacker attack on an American department store chain had probably led to the theft of millions of credit card details, which were then used to debit small amounts via a bot network. Many customers didn't even notice the process.
  • Occasional cases are also reported in which the victims are put under knockout drops in order to use their lack of will to pillage their accounts .
  • Taking advantage of delays in data analysis. For example, through coordinated cash withdrawals using all stolen records in a very short period of time, in a country other than the bank that issued the original cards, on a day when the bank is closed. On May 15, 2016, around 100 perpetrators in 1400 shops in Tokyo , based on data from 1600 South African credit cards, made withdrawals with a total loss of around 12.7 million US dollars in less than three hours .

Forgery of credit card details

The method of forgery takes advantage of the fact that most credit card issuers issue credit card numbers in ascending order. If the perpetrator comes into possession of a card with an expiry date, he can easily guess the next following card numbers. The check digit that is included does not provide sufficient protection because its calculation using the Luhn algorithm (according to ISO / IEC 7812-1) is publicly known.

There are also credit card number generators that create a valid, virtual credit card using the brute force method and the comparison of parameters. These are being developed along the lines of the credit card number generators used by credit card companies.

Protection against credit card fraud

Customers must check the bills sent to ensure that they are correct within a period (usually 30 days). Inconsistencies must be reported immediately in writing to the credit card company (even if other statements are made over the phone). The amount will then be transferred back, as no binding signature on the part of the card owner can be proven.

Merchants, on the other hand, have so far borne the full risk of credit card fraud. Although the prior authorization went without any problems, the money was reclaimed from the merchant in the event of fraud. This happened because the authorization only checked whether the specified card number was valid and covered, but not whether the identity matched the card owner. This is justified with data protection.

Now, according to the ZDF Wiso broadcast on February 21, 2011, this is different, at least when shopping on the Internet. The introduction of the new 3-D Secure security code simulates the customer that it would increase their security. In fact, the customer loses the security that was previously available. According to Wiso, a chargeback is no longer possible if the customer - or the fraudster - entered the correct security code. The credit card holder now bears the full risk. The credit card holder also bears the full risk if he has signed the receipts himself under predatory extortion, coercion or unconsciousness. This is the case, for example, if the credit card holder is forced to sign under the effect of knockout drops.

Nevertheless, the new 3-D Secure security code provides increased protection against credit card fraud. In contrast to the mere use of the supposedly secure standards of the CVC2 or CVV2 code, the new procedure makes it much more difficult to profitably use an illegally appropriated credit card. If the perpetrator does not have this personal password, there is almost no possibility for him to pay by credit card. However, if the perpetrator is in possession of the credit card holder's account number and date of birth, the password can be reset. A transaction is now possible.

Online payment service providers such as PayPal offer a so-called guest payment. This means that perpetrators can pay immediately with a data record. This is made possible because PayPal does not verify identity before allowing a transaction. Cent amounts are transferred to the credit card account to ensure that the rightful owner of the credit card carries out the transaction, but the perpetrator can shop unhindered as PayPal grants a limit of 1500 euros without confirmation of the verification. PayPal also enables the data to be used without knowing the 3-D Secure password.

Because the password of the 3-D Secure code is not transmitted to the online retailer and saved there, criminals do not have the opportunity to obtain a complete data set by penetrating such a retailer database.

The dealer should therefore heed the following advice:

  • Additional check of the CVC2 or CVV2 code.
  • Address verification if possible
  • Increased caution if the customer orders with a different card number than last time.
  • Increased caution if the customer orders with a card number that someone else has already used.
  • Establishment of order value limits (especially for new customers)
  • Personal contact when paying by credit card and a Packstation as the delivery address
  • Only hand over goods against a signed delivery note. The customer's signature on the credit card receipt does not replace the written confirmation that he has received the goods. After the purchase, the customer can claim that he has not received the goods. Since the burden of proof lies with the dealer, he has to reimburse the purchase price if he cannot provide proof of delivery.

In addition, merchants are obliged to adhere to the regulations of the PCI Data Security Standard when they hold the data of credit card holders.

Criminal law

"Credit card fraud" is a criminological term ; it is not common in criminal law (see below). The attempted and accomplished fraud with credit cards and the forgery of real or the production of false credit cards are punishable in Germany ( misdemeanors and crimes ). Relevant are u. a. Section 152a of the Criminal Code (“forgery of payment cards, checks and bills of exchange”), Section 152b of the Criminal Code (“forgery of payment cards with guarantee function and forms for Euro checks ”) and Section 263 of the Criminal Code (“fraud”).

For the authorized credit card holder as an unfaithful offense, § 266b StGB may be relevant.

Individual evidence

  1. Kartenvergleich.org: Credit card fraud after a hacker attack ( memento of the original from February 22, 2014 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.kreditkartenvergleich.org
  2. stern.de: Skimming at the hardware store checkout
  3. ^ Spiegel.de: Scandal over knockout drops in Düsseldorf brothels
  4. Justin McCurry: "100 thieves steal $ 13m in three hours from cash machines across Japan" The Guardian, May 23, 2016
  5. ↑ Table of contents , video unknown  in the ZDFmediathek , accessed on February 3, 2014. (offline)
  6. Verified by Visa Forgot Password Function - AUDI Bank
  7. 'PayPal allows purchases with stolen credit cards' ZEIT ONLINE - September 27, 2010

Web links

Wiktionary: Credit card fraud  - explanations of meanings, word origins, synonyms, translations