FRAUDCC.

TXT
COPYRIGHT American Society for Industrial Security 1989

----------------------------------------------------------------------

Title-> Protecting the plastic. (credit card fraud; includes

related article)

Authors-> Goldstein, Jack

----------------------------------------------------------------------

Subjects-> Credit card fraud_prevention

Fraud investigation_practice

Article #-> 08326979

----------------------------------------------------------------------

PROTECTING THE PLASTIC

IN THE 20 YEARS SINCE THE BEGINNING of the credit card boom, plastic
money has become a worldwide-accepted means of buying goods and
services - and equally a worldwide means of fraud. In some cases, the
frauds have been spectacular. Just over a year ago, for example,
nearly $13 million was stolen in a simple operation involving gangs
cooperating in Marseilles, France, and Madrid, Spain.

The interleaving carbon papers from credit card payment slips were
retrieved from trash bins outside restaurants (they'd been carelessly
thrown away intact rather than ripped up). Containing, as they do, all
the card information plus a specimen of the authorized user's
signature, the carbons were sent to Madrid where many duplicate fake
cards were made. In a military-style operation, the cards were then
used simultaneously to gain goods and cash - and within a month $13
million had gone.

The surprising thing about this is that payment slips containing

carbons are still in use. And while many restaurants, shops, and
hotels now instruct staff to tear up carbons in front of customers,
there are still many outlets that remain ignorant of this type of
fraud and take no actions to guard against it.

The fairly casual granting of credit via credit cards in the late
1960s marked a surprising departure in banks' formally miserly ways of
granting overdraft or credit rights. This was particularly marked in
the United States at that time. Literally millions of unsolicited
credit cards were mailed out to people, mainly from VISA and
MasterCard, who were entering the field and vying with the established
companies such as American Express and Diners Club.

This move so alarmed the US Congress that legislation followed making

it illegal to send an unsolicited credit card to anyone. To a degree,
the proliferation of cards was curtailed as the majority of issuing
companies placed annual user fees on them - now a norm in the United
States. Cardholders who held many cards then cut back to those they
used most.

But the pattern of use had been established by then, and the frauds
grew up with them. The major types of fraud are as follows:

Stolen cards. These cards commonly have a useful life of about two
weeks, after which time they begin to show up on warning lists
distributed to merchants by credit card firms. Of course if the
cardholder immediately reports the card missing or stolen, the card is
blocked at once. Thus purchases above the floor limit requiring direct
authorization and purchases in which transaction phones are used for
all credit operations reveal the stolen cards. In stores with security
personnel on the premises, an arrest can follow.

More typically, however, delays in reporting the loss of a card

commonly occur. In cases where cards are stolen from the mail,
cardholders don't notice the thefts until the bills arrive a month or
so later.

Cards are also often stolen or lost at restaurants and gas stations;
customers may not be aware until a later date that their card were not
returned.

There's a current fraud operation where a group goes into health

clubs, athletic clubs, fitness centers, or the like, opens lockers,
takes credit cards out of wallets, puts the wallets back, and relocks
the lockers. Cardholders leave the premises with no idea their cards
are missing. This scheme gives the culprits the same advantage as
stealing a card from the mail - without the prospects of a postal
theft criminal charge if caught.

Counterfeit credit cards. There are several levels of counterfeiting,

varying from exact replicas (which one group was able to make by
virtue of having obtained the same machinery as that used by the
legitimate embossing companies) down to rather crude replicas. It may
seem unbelievable, but statistics show less sophisticated counterfeits
are readily accepted by lackadaisical clerks.

Schemes using counterfeit cards take time to detect as the charges are
interspersed in a customer's bill with legitimate charges. In one case
of an organized counterfeit credit card operation, an underworld
figure stated his group made a rule of throwing away such cards after
a three-week usage.

White plastic schemes. These schemes require the cooperation of an

authorized merchant. A card is made up of white plastic having
embossed on it only what appears on the sales draft. The merchant thus
has imprinted on the sales draft what would be on any credit card
transaction. Though no service or merchandise is involved, the
merchant submits the fraudulent sales draft to the bank for credit.

Shave-and-paste schemes. The culprit in this scheme shaves legitimate

numbers off the credit card and replaces them with other numbers by
pasting them onto the card. Here the defrauders are playing the law of
averages by hoping that the new number is a current, existing credit
card number. This scam is also known as the altered card scheme.

Fraudulent application. In this type of scheme, individuals file

applications with several financial institutions with the hope that a
few will issue them credit cards. Upon receipt of their cards they use
them as fast as possible - usually using post office boxes or
addresses of convenience - and almost all information, including their
name, is false.

The following are some less common schemes:

* Merchants run through a second charge slip and submit it for credit.

* Cardholders report lost or stolen cards and continue to use them.

* Family members use credit cards without the knowledge of the

cardholders.

There are many solutions to counter the problems of credit card fraud,
but there is a monetary limitation as to what financial institutions
will spend to minimize fraud-related losses.

Competition has also led to security laxness. For example, financial

institutions signing up merchants should thoroughly investigate the
credibility and legitimacy of each and every merchant - an action many
institutions fail to carry out adequately.

In the initial stages of VISA's and MasterCard's entrance to the

credit card field, for instance, there was fierce competition to sign
up new merchants throughout the United States and no concerted effort
to investigate these merchants. The result was the signing up of many
unscrupulous merchants and the inevitable large fraud losses by the
credit card companies.

When many of the card issuers began to establish separate fraud or

security departments in their credit card operations, these merchants
were closed out. This action, due almost entirely to the work of
investigative personnel, resulted in the total losses due to fraud
being drastically reduced for a considerable period.

Later, however, when the number of issuing banks increased and they
became able to issue more than one type of credit card, the surfacing
of fraudulent merchants increased again. These merchants could obtain
merchant credit card status from institutions outside the region where
they were located, and they were sent the embossing machines on
request! The only effective way to defeat this type of fraud is by a
thorough investigation and an on-site inspection of every merchant who
requests to be signed up.

Unusually high fraud activity by a merchant should be monitored and

scrutinized. When a merchant is signed up, it is agreed that either
party may terminate the agreement when desired. If a merchant has a
high incidence of fraud, it's advisable to close that business out. If
it's possible to prove fraud on the business's part, criminal
prosecution should be sought.

There have been many cases of prosecution for merchant fraud, and
these all entail determined and painstaking investigation on the part
of a law enforcement agency and the credit card fraud investigators.
Issuing card companies must have a department that thoroughly checks
out every applicant for a credit card. Fraudulent applications can be
kept to a minimum if the issuing institutions have competent staff
reviewing each application.

In the United States, as mentioned earlier, a 1970 federal law bans

unsolicited issuance of credit cards. It also generally limits a
cardholder's liability for unauthorized use to $50.

There must, therefore, be an active advertising campaign to keep

cardholders alert. They must be made aware of their responsibility to
protect cards from being lost or stolen and, if a card should
disappear, to report the loss immediately. One of the most effective
means of preventing credit card fraud is the immediate blocking of a
lost card by the issuing institution.

Future cards may use modern, sophisticated technology, such as

microchips, making the cards difficult to counterfeit. But what about
now?

On a simpler level, there's the mailing of credit cards using

registered mail, but most institutions who use this service have
terminated it on cost grounds. Innovations such as photographs and
fingerprints on cards have been considered but abandoned, often
without test runs, on the grounds they might meet with hostility from
customers.

Early attempts at using a photograph on the card were abandoned due to

the difficulty of getting the customer to come in for a second
photograph at re-issue time for the card.

Fraud departments try to get store clerks to compare signatures on

payments slips with signatures on cards. Fraud departments try to get
them to check cards against the time-honored warning list. And those
departments give clerks numerous other pointers on stolen and fake
credit cards.

The fraud department is the most important aspect and means of

combating fraud. Every issuing organization should have a separate
credit card fraud department.

Fraud investigators need to be in contact with the various law

enforcement officials who have jurisdiction in such matters - in the
United States this means federal, state, and local law enforcement
agencies (the individual case determines which agency).

The credit card fraud investigator should have at least 10 years of

investigative experience in either the private or public sector. Being
a member of a law enforcement agency in a capacity not directly
involved in investigations would not meet the qualifications. There
cannot be millions of credit cards distributed throughout the world
without a fraud investigate operation.

Some financial institutions involved in the credit card business

initially did not establish a fraud department, but they quickly - and
realistically - learned the necessity for one. One can never really
measure prevention, but one can readily realize what the total credit
card fraud would be otherwise.

The policy of criminal prosecution must be adhered to on the part of

the fraud investigator. If the apprehended credit card fraudster or
thief is allowed any avenue of restitution prior to going to criminal
court, it would drastically reduce the cooperation of law enforcement
officials. If the judge in the criminal court proceedings orders
restitution as part of the sentence, that's all well and good, but not
under any other circumstances.
This part of the policy must be made known to the public in general
and, in particular, to the participants in any type of credit card
fraud.

Spotting Fake Credit Cards

SECURITY FEATURES ARE ADDED TO credit and bank guarantee cards at

infrequent intervals, but users and merchants need to keep up to date
with them - especially where they're likely to run into cards from
overseas.

In checking for fake cards, follow the five-point plan.

1. Physical appearance. When any credit card is presented to you,

carefully examine it - take a good look at the card! Look for anything
out of place such as embossed data (name, card, etc.) that is crooked
or improperly spaced. Look at the colors of the card. Are the colors
too light or too dull? Darker in some parts and lighter in others?
Beware of any credit card that doesn't look right, as it may be
counterfeit.

2. Check expiration date. Always check the credit card's expiration

date to make sure the card has not expired. Also, carefully check the
expiration date (embossed numbering) for any evidence of alteration or
tampering. Beware - expiration dates are frequently altered to give
new life to an expired card.

3. Feel the card. Carefully feel the credit card. Does the card feel
too heavy or too light? Does the card feel too lumpy or rough on the
surface or edge? Beware - any card possessing these abnormalities
could be a counterfeit.

4. Examine name. Carefully examine the name to which the credit card
is issued. Beware of any irregularities in the lettering or spacing of
the name. Professional counterfeiters are able to shave off or iron
down the names and numbers on credit cards and then emboss new ones.
These newly embossed names and numbers are used by credit card
criminals to make stolen cards appear valid.

5. Examine back of card. All cards contain a special magnetic strip on

the back. They also contain a signature block on the back. Beware -
any charge card without a magnetic strip and signature block may be
counterfeit.

And finally, triple check signatures. Always ask the customer to sign
the credit card sales draft in your presence. Then carefully compare
the signature on the sales draft to the signature on the back of the
credit card. Then compare the signature on the ID. Triple check the
signatures by comparing the ID signatures to the signature on the
sales draft. Beware of any discrepancies in signatures.

You should also obtain authorization. Know your company policy

regarding credit card transaction authorization. Follow its procedure
to the letter. Fully cooperate with the authorization center in any
security measures or procedures it requests.

About the Author . . . Jack Goldstein is special investigator in bank

card security for State Street Bank in Boston, MA. He is a member of
ASIS.

edures it requests.

About the Author . . . Jack Goldstein is special investigator in bank

card security for State Street Bank in Boston, MA. He is a member of
ASIS.