With the holiday shopping season in full swing, consumers be aware: ‘Tis the season to avoid cybercriminals who are out to scam you through cardless ATM transactions and credit card fraud. The latest incidents reveal that these digital thieves are changing their tactics, and we must stay vigilant.
According to Experian, 1 out of every 109 transactions was a fraudulent attempt during the 2015 holiday season. In 2016, that number climbed to 1 out of every 97 transactions, and last holiday season, 1 out of every 85 transactions was an attempt at fraud. Clearly, this is a disturbing and disruptive trend.
While this type of theft can happen to anyone, being aware of the most common types of cyberattacks can help you avoid being the next victim. In this post, we’ll look at the dangers of fraud that consumers are facing this holiday season.
Cardless ATM Transactions
Many financial institutions are now offering cardless ATM transactions that allow customers to withdraw cash using their mobile phones. While this technology serves as a convenience for customers, it has also exposed some key vulnerabilities. Bad guys are combining phished or stolen account credentials to add a new phone number to a customer’s bank account, and then using the added device to drain cash from hijacked accounts at cardless ATMs.
When Fifth Third Bank released its first wave of cardless ATMs earlier this year, fraudsters were ready to attack. Fifth Third started hearing complaints from numerous customers who were receiving text messages on their phones that claimed to be from the bank. The messages contained a link with a warning that their account had been locked. When customers clicked on the link to unlock their account, they were led to a phony website that looked identical to the Fifth Third site, where they were prompted to enter their credentials, including usernames, passwords and PIN numbers. The scam impacted 125 of the bank’s customers.
As this story illustrates, cardless ATM scams aren’t new, and they are becoming more prevalent as more banks turn to this technology. However, you may want to think again before using a cardless ATM for your next transaction.
Credit Card Fraud
Every year, millions of consumers fall victim to fraud, wreaking havoc on their finances. According to the Federal Trade Commission, credit card fraud was the most common form of identity theft in 2017 (133,015 reports), followed by employment or tax-related fraud (82,051 reports), phone or utilities fraud (55,045 reports), and bank fraud (50,517 reports).
Credit card fraud typically happens in two ways.
The first common hacker scheme is known as “skimming.” This is where criminals install a very small device or malware program on a card reader machine that wirelessly transmits personal payment information when the credit or debit card is swiped.
It's been almost two years since the nationwide shift to chip card technology for debit and credit cards officially began. This technology has curtailed a lot of point-of-sale skimming because it uses a random code, versus a static personal data code stored on the card’s magnetic strip. However, there are still many unmonitored ATMs, gas station pumps or other local retailers, such as dry cleaners and mom-and-pop shops, who do not have the ability to encrypt the payment data, leaving consumers vulnerable to their credit cards being skimmed.
The second scheme popular among hackers stems from data breaches that fraudulently expose credit card data. As chip cards have become more prevalent, thieves are looking for ways to steal sensitive information carried via these transactions. In some recent cases, hackers have broken into the payment information servers of merchants. The most recent attack was the Marriott Starwood data breach, one of the largest breaches of consumer information, affecting 500 million customer records. You may also remember the T.J. Maxx and Marshalls data breaches that affected over 45 million consumers. You’ve likely also heard reports of cybercriminals creating fake mobile apps and websites to look nearly identical to the real merchant sites where they collect personal information to create duplicate credit cards and make phony purchases before retailers and customers ever notice.
During this busiest shopping time of the year, consumers need to be on alert as hackers work hard to compromise and steal our money and information using many of the methods mentioned above. The best line of defense is to be ever watchful for fraudulent charges to your accounts.
How to Watch for ATM or Credit Card Fraud
Whether you shop online or in-person, it is recommended to routinely monitor all your bank accounts for questionable purchases or potential identity theft. In many cases, fraudsters leave signs that you may be able to detect if you are vigilant. You may be more likely to spot fraud if you:
- Monitor your bank accounts regularly to spot and report any suspected problems quickly. Depending on your financial institution, you may also be able to set up alerts for large purchases and other red-flag transactions.
- Watch for bills from unknown sources and track calls from collections agencies about accounts you didn't open.
- When in doubt about a transaction, contact your financial institution directly – either in person or by phone using the number on the back of your card.
- Check your credit report regularly and look for unfamiliar inquiries, new accounts you didn't authorize, or addresses of locations where you've never lived.
- Enroll in a credit monitoring or identity theft protection
The most important thing to remember when trying to protect yourself, your family – and your business – from credit card fraud, is to act quickly. This will help stop thieves from stealing your cash from your ATM or selling your stolen credit card information on the dark web. Being persistent by monitoring your accounts and reviewing your personal information daily is the best way to stay on top of potential threats of fraud this holiday season.
To learn more about how IBIS Technology helps to protect your business from identity theft and fraud, schedule an assessment with us. We’d be happy to set a time to answer any questions and help you learn how to keep your data safe.Image designed by vectorpocket / Freepik