May 16, 2002. Copyright 2002. Graphic News. All rights reserved.

Credit card fraud skims off millions

LONDON, May 16, Graphic News: You stare at your credit card statement in disbelief, trying to remember how on earth you ran up such a bill. Well, it could just be that you didnÕt run up the bill at all. It may be that someone stole your identity, created a clone of your card, and started spending your money. 

Card cloning, or ÒskimmingÓ, is doubling year-on-year, with estimated global thefts of up to £6.2 billion (9.9bn euros, $9 bn) expected in 2002.

While skimming is affecting credit card users throughout the world, Britain, the U.S., and Mexico have become the centres for this latest scam.

In Britain the police, banks and retailers have joined forces to crack down on counterfeit credit cards with a scheme known as the Dedicated Cheque and Plastic Crime Unit. The unit -- managed jointly by the police and Member banks of the Association for Payment Clearing Services (APACS) -- will run initially as a £5.6 million (9m euros, $8.2m), two year pilot.

In the United States the FBI has teamed with the National White Collar Crime Center to launch its Internet Fraud Complaint Center and the Secret Service is building a database to quickly pinpoint where credit cards are being skimmed.

In both countries the target is neither petty thieves nor malicious hackers on the web, but organized crime. According to Tim Parsons of the City of London Police, organized crime gangs from the Continent and Eastern Europe, Asia, Russia and Africa, are targeting central London because of the thousands of people who visit daily. 

ÒTourist areas are especially being hit because they tend to be easy targets,Ó added Parsons. ÒPeople normally always have credit cards on them.Ó 

The gangs recruit gofers, who then find temporary work within restaurants, hotels and filling stations. The recruits are given pager-size magnetic-strip readers known as skimmers. The devices -- which can be purchased for as little as £70 (110 euros,  $100) over the Internet -- can capture all of the credit or debit cardÕs details in the few seconds that it takes to swipe the card through the gadget.

When unsuspecting customers pay their bill, their card is first swiped through the legitimate credit card machine, but then is also swiped secretly through the smaller skimmer.

The gofers then pass the gadgets onto counterfeiters, who pay them the equivalent of around £100 (165 euros, $150) for their part in the crime. The counterfeiters then download the information onto a computer and make up a fake card.

The ÒclonedÓ card is embossed with the details of the victimÕs credit card and passed on to gang members who, police say, may sell it for between £275 (440 euros, $400) and £480 (770 euros, $700), depending on the perceived credit limit. 

Gold or platinum cards are normally targeted because of their higher credit limit, meaning the bank takes longer to realize there is a problem. And criminals spend, on average, between £2,000 and £8,000 (3,000-12,000 euros, $2,800-11,200) per card over a two-day period before discarding the card. 

While the process of getting a cloned card onto the streets can take less than a day, the customer is none the wiser, since his own credit card is in his wallet. Victims remain oblivious to their loss until they check their statements at the end of the month.

Other scams include the creation of bogus credit card numbers using account generators available on the internet. These programs are derived from the Luhn formula -- the same formula credit card companies use to generate 16-digit card numbers. The first six digits are the Bank Identification Number or BIN, and the last digit (called a check digit) verifies that the formula adds up. From just one legitimate credit card number, these account generators can produce hundreds of usable numbers which are used to rack up multiple fraudulent sales from online merchants whose security doesnÕt block sales to sequential numbers.

False merchant sites are usually mafia-run porn sites set up solely for the purpose of capturing personal data. On such sites, the owner asks for credit card numbers purportedly for access to paid content areas or as proof of age. However, the site never actually charges the consumerÕs account for the content, but uses the card to make fraudulent purchases.

Consumer Tips 
¥ DonÕt let your card out of your sight.
¥ Keep your receipts.
¥ Review your account statements carefully, and notify your bank immediately of any discrepancies.

/ENDS

Sources: Chubb Group, City of London Police, VISA, Hypercom, Florida Department of Law Enforcement