24.5 C
New York
Sunday, June 16, 2024

How to protect a bank card from fraudsters

 How to protect your money and what to do if criminals get to the card account.

Some tips may seem elementary to you, but that’s where security begins.

Methods of card fraud

The imagination of criminals is limitless. Literally every year there are new, more sophisticated ways. Let’s consider the main ones.

Bank card fraud is called carding.

Let’s start with the “classics”. You have come to withdraw money through an ATM. Hurry up, literally on the run, enter the PIN code, while chatting on the phone. You didn’t even look at the inconspicuous guy in a baseball cap and dark glasses looking over your shoulder. But he watched you very closely. He spied and remembered the numbers that you entered. Then an elementary gop-stop – and goodbye, money.

Also, in the turmoil, you can not see that in front of you is not a real ATM, but a fake. After all, the device is exactly like the real thing. Stickers, instructions – everything is as it should be. Insert the card, enter the PIN code, and the screen displays: “The device is faulty”, “A system error has occurred”, “Insufficient funds” or something like that. Well, it happens. You go to look for another ATM. But before you find it, scammers will empty your account. After all, with the help of a phantom ATM, they already read all the necessary data about your card.

Often simulate a malfunction of ATMs. For example, late at night you return home and decide to cash out your salary along the way. Inserted the card, entered the PIN code, the amount – everything is going fine. The card reader gave the card, but the tray where the money should appear does not open. Broke? I guess! It’s dark around, you need to call the bank and figure out what happened. You have moved literally ten meters, and the nimble thieves have already peeled off the tape and taken your money. Yes, the bills were not issued by a simple adhesive tape.

Another technique is called the “Lebanese loop”. This is when a film lasso is inserted into the card reader. If you hit it, the card can no longer be pulled out. As a rule, there is an “assistant” right there: “Yesterday my ATM ate a card in the same way, I entered this combination and PIN code, and everything worked.” You try, fail and go to the bank for help. At this time, the good Samaritan takes the card and goes to empty it. He knows the PIN code. You yourself have just openly introduced it. Remember?

However, the ATM can be real and even serviceable. This is not a problem if the attackers have a skimmer. This is a device for reading information encoded on the magnetic stripe of the card. Physically, the skimmer is an overhead unit attached to the card reader, while it looks like part of the ATM design.

With the help of a transmitter, fraudsters receive information from a skimmer and make fake cards. They will use a skimmed card, but the money will be debited from the account of the original one. Hence the name of the method – skimming, from the English “skim the cream”.

How do they know the PIN? In addition to the skimmer, they have other devices. For example, an overhead keyboard. It completely imitates the real one, but at the same time remembers the key combinations typed.

As an option – a miniature camera aimed at the keyboard and disguised as a box with advertising booklets.

A type of skimming is shimming. Instead of bulky pads, a thin, elegant board is used, inserted through a card reader directly into the ATM. Further, the scheme is the same as with skimming. But the degree of danger is higher: it is almost impossible to see that there is a “bug” in the ATM. It is comforting, however, that it is quite difficult to make PWM – its thickness should not exceed 0.1 mm. Almost nanotechnology. 🙂

Phishing is a common method of online fraud. Most of you don’t need to be told what it is. Perhaps someone even received a “letter from the bank” with a request to follow the link and clarify the details. Moreover, the phishing page looked like a real one, the same colors, fonts, logos, with the exception of an annoying “typo” in the address bar.

Recently, a subspecies of phishing – vishing, has been spreading more and more. Simply put, divorce over the phone. Fraudsters simulate an autoinformer call. A frightening robotic voice tells you that your card is blocked, or has been attacked by hackers, or you urgently need to pay off your loan debt. For details, call such and such a number. You call, and a courteous “operator” asks you to “verify” the card number, its expiration date, verification code … Once you’ve dictated the last number, you can say goodbye to your money. By the time you come to your senses, they will already be spent in some online store.

By the way, due to the fact that it is not necessary to have a physical presence to use the card, fraudsters are increasingly using social engineering methods. So I was almost deceived.

I sold furniture. I posted an ad with photos on a well-known site. I indicated a number through which I do not have any authentication. Soon a man called. He introduced himself as Vasily, an employee of a company that rents apartments for rent. He told me that they liked my sofa – they take it without looking! The money will be transferred to my card right now. No sweat. I often buy on the Internet, for this purpose I have a special card. There was nothing to write off from it then, but replenish it – please. But one number was not enough for the caller – the interlocutor asked for more validity and CVV2. I did not name, but Vasily was offended. He told me who I was and where I needed to go, and hung up.

Most cards are now linked to a phone number in order to confirm transactions using SMS messages or, for example, to log in to the Internet bank. What attackers do not do to take possession of the desired SIM card: steal phones, intercept SMS, make duplicate SIM cards, and so on.

Safety rules when using cards

By issuing a debit or credit card at the bank, we receive a banking service agreement and an envelope with a PIN code. It is a pity that in addition to this set, they do not attach a memo with basic security rules for cardholders. It should include the following recommendations.

  • If possible, make yourself a hybrid card – with a chip and a magnetic stripe (unfortunately, cards only with a chip are almost never used in Russia). Such a card is better protected from hacking and forgery by skimming.
  • Learn the PIN by heart. If there is no hope for memory, write it down on a piece of paper, but keep it separate from the card.
  • Never, under any circumstances, disclose to third parties the PIN code and CVV2 code of the card, as well as its expiration date and to whom it is registered. No bank will ask you for these details. And to transfer funds to your account, only the 16-digit number indicated on the front side of the card is enough.
  • Do not use so-called salary cards for payments in stores and payment for online purchases. It is better to transfer money from a card account to a personal account or set daily limits for all types of transactions.
  • Choose ATMs located inside bank offices or in secure locations equipped with video surveillance systems.
  • Do not use suspicious models of ATMs. And before inserting the card into the terminal, carefully inspect it. Is there anything suspicious on the keyboard or in the card reader? Is there a strange tray with advertisements hanging nearby?
  • Do not hesitate to cover the keyboard with your hand and ask to step aside especially curious comrades in the queue. If you have problems, do not use the advice of “random assistants” – without going anywhere, immediately call the bank and block the card.
  • If you have lost your card, as well as if you have reason to believe that third parties have learned its details, immediately contact the bank and block it.

The easiest way is to call. If you have a card in your hands, the customer service number can be seen on the back of it. As a rule, contact centers work around the clock. If the card remains in the ATM and you do not know the phone number of your bank, call the company that maintains the ATM. The number must be indicated on the terminal.

In addition, find out about the possibility and conditions of card insurance at your bank. Some credit institutions have special programs to protect customers from fraudsters and compensate them for damages.

Safety rules when using banking

Without leaving your home, you can take advantage of a large package of services. For example, pay for something or transfer money to your own or someone else’s account.

Banking is a remote banking service.

There are Internet and SMS banking. The first allows you to carry out transactions through the client’s personal account on the bank’s website or through the application, and the second involves informing about transactions via SMS messages.

To use banking without the risk of losing money, you must observe the following basic precautions.

  • Do not log in to the Internet Bank from other people’s computers or from public unsecured networks. If this does happen, at the end of the session, click “Exit” and clear the cache.
  • On your personal computer, install an antivirus and update it in a timely manner. Use up-to-date versions of your browser and email programs.
  • Do not download files obtained from unverified sources, do not click on unreliable links. Don’t open suspicious emails and block the sender right away.
  • Do not enter any of your personal data unnecessarily, in addition to your username and password.
  • Check the address bar. A secure HTTPS connection must be used. And the slightest discrepancy with the bank’s domain almost certainly means that you are on a phishing site.
  • Come up with a complex password to enter your personal account, and also use one-time passwords requested by banks to confirm actions in your personal account.

Remember! Banks do not send messages about the blocking of cards, and in a telephone conversation they do not ask for confidential information and codes associated with customer cards.

To protect the SIM card to which the card is attached, promptly notify the bank upon receipt of suspicious messages and in no case call the numbers indicated in them. Inform the bank if you have changed your number or lost your SIM card. Set a password on your phone and do not remove the block from the screen if someone else is watching your actions. And if the SIM card is issued to you personally, then prohibit its replacement by proxy.

What to do if fraudsters have debited money from the card

Disputes between customers and banks are not uncommon. The former, having learned about the unauthorized debiting of funds from their accounts, ask to return their hard-earned money, and the latter often shrug their shoulders: “You yourself told everything to the scammers.”

In 2011, Federal Law No. 161 “On the National Payment System” came into force, designed to streamline and change for the better the practice of providing payment services. In particular, he established the legal framework for the entire payment system as a whole and adjusted the rules for the implementation of non-cash payments, as well as the issue and use of electronic money.

In 2014, Article 9 of this law came into force. The norm protects bank card users from fraud. The law establishes the presumption of innocence of customers. The bank is obliged to reimburse the amounts transferred from the customer’s account as a result of a transaction not authorized by him, unless it is proved that the client himself violated the procedure for using the electronic means of payment.

From September 26, 2018, banks by law will be able to block customer cards if they suspect that fraudsters are transferring money from them. After blocking, the bank must inform the account holder about this, and he will have to either confirm the operation or report the theft attempt.

In other words, the law distinguishes between the responsibility of the bank and the client.

  1. Did the bank inform the client about the unauthorized transaction? If not, the responsibility lies entirely with the bank. If reported, go to point number 2.
  2. Has the client informed the bank no later than the next business day after notification from the bank that this transaction was performed without his (the client’s) consent? If not, the responsibility lies with the customer. If you have informed, go to point number 3.
  3. Was the bank able to prove that the client violated the procedure for using electronic money? If so, the responsibility lies with the customer. If not, the responsibility lies entirely with the bank and it is obliged to reimburse the client for the entire amount of the disputed transaction.

A prerequisite for reimbursement of unauthorized debited funds is to notify the bank about the use of the card without the consent of its holder.

It is necessary to inform the bank that the card is being used by someone else no later than one day following the day when the client discovered the fraud.

Compliance with this deadline is very important. Overdue – you can not count on a refund.

In addition, the client must have proof of the notification in his hands. We are talking about the second copy of the appeal to the bank with a note of acceptance made by an authorized employee, or a written notice of sending a valuable registered letter with a list of attachments to the bank’s address.

An appeal to the bank does not cancel or replace an appeal to law enforcement agencies.


So, a brief algorithm of actions in case of illegal debiting of funds from a bank card is as follows:

  1. Do not panic, call the bank and block the card. Plus, we ask the operator to name the account balance and the last transactions made.
  2. During the day we run to the bank and write a statement. Be sure to endorse your copy of the application from an authorized employee of the bank.
  3. If the employees of the credit institution in any way interfere with this and refuse to accept the application (the forms have run out, the technical break, and so on), we contact the prosecutor’s office.
  4. We write a statement to the police. Especially if you are faced with robbery or robbery.
  5. We are waiting for a refund.

If the bank refuses to reimburse the funds debited from the card, referring, for example, to a violation of the procedure for using electronic money, you can defend your rights in court

Related Articles


Please enter your comment!
Please enter your name here

Latest Articles