Not even a pandemic can slow down, let alone stop, credit card fraud. A Wall Street Journal report reveals that the amount of fraudulent credit card charges rose by 35% year-over-year in April. This increase appears extraordinary given the significant reduction of consumer spending over the past months.
Credit card fraud or carding appears unstoppable. It is interesting how the crooks behind it are defying the pandemic and recession. There is more to know about this enduring and evolving cyber threat that affects over 100 million consumers in the United States alone.
1. Cybercriminals learn carding from the dark web
The dark web has long been associated with illicit and illegal activities. It is not surprising that it is used as a resource by wannabe cyber thieves. Felonious minds eyeing the menacing business of carding fraud have been signing up for online classes on how to commit this scheme.
According to Featurespace, a Cambridge-based tech firm, tutorials and references on carding are widely available on the dark web. These criminal resources, authored by self-confessed experienced cybercriminals, provide detailed instructions on how to commit the crime. They also present links to carding sites, which sell stolen credit card details.
“As more of this fraud is now being perpetrated by clued-up amateurs working out of their bedrooms, they are harder for financial institutions to spot and stop – their spending patterns often mimic those of their victims,” explains Sean Neary, a senior product officer at Featurespace.
2. Credit cards are better than debit cards, says a former cyberthief
The cases of credit card fraud are soaring, but this does not mean that consumers should switch to debit cards. Frank Abagnale, a fraud expert, who was once a cybercriminal himself, warns: “Want to avoid identity theft? Never, ever use a debit card.”
Abagnale describes debit cards as “certainly and truly the worst financial tool ever given to the American consumer.” For him, the use of debit cards puts one’s money and bank account at risk. Ironically, he promotes the use of credit cards even as carding fraud continues to be a major threat. The former professional impostor says credit cards are better because of laws that limit liability to a certain amount. Many card issuers also offer 0% liability under certain conditions.
3. COVID-19 inspired credit card phishing schemes
Defrauders are doubtlessly ingenious that they managed to take advantage of the coronavirus pandemic to advance their schemes. The FBI, IRS, World Health Organization, and even the United States Secret Service have released separate warnings on various scams designed to take advantage of the COVID-19 noise. “Criminals seize on every opportunity to exploit bad situations, and this pandemic is no exception,” says IRS Commissioner Chuck Rettig.
Phishing cases, in particular, have increased significantly. These attacks are used to harvest sensitive information such as credit card numbers. Fraudsters may pose as charitable organizations that collect donations for the benefit of victims or those who fight the pandemic in the frontlines. Cybercriminals may also try to deceive people into divulging their credit card details by sending emails or making calls as the IRS or state unemployment insurance agencies.
Moreover, bad players offer at-home test kits, alcohol, hand sanitizers, face masks and shields, pills, and even vaccines. Many tend to readily pay for these items with their credit cards given the COVID-19 paranoia.
4. Cybercriminals don’t have to use credit cards to make money out of them
The most common ways to use stolen credit cards involve purchases or payments. They can also be used to make money indirectly. “Credit card numbers can be converted into cash by buying up gift cards and purchasing easily sellable items to resell through online marketplaces such as eBay,” according to cybersecurity specialist Joseph Steinberg.
However, making payments is not the only way for cybercriminals to cash in on the credit card information they managed to steal. They don’t have to swipe the plastics or have vendors charge specific card numbers. They can sell their stolen details to other cybercriminals on the dark web, for example.
According to Symantec, many are willing to pay at least $45 for the details of one credit card. Imagine how much cybercriminals make from the data of hundreds or thousands of cards. High-profile data breaches such as those suffered by Adult Friend Finder and Marriott International, both of which involve over 400 million accounts, may have made instant black market billionaires.
5. Credit card fraud is the most common form of identity theft.
Credit card fraud is a type of identity theft. In fact, it was the top form of identity theft in 2019 based on data from the Federal Trade Commission (FTC). The agency received more than 270,000 credit card fraud reports, which is more than 40% of the total number of identity violations in the past year.
Cases of fraudulent credit card transactions have been increasing over the years. A deceleration in the growth of cases seems unlikely. The best consumers can do is to become more cautious. It helps to get acquainted with the signs: bank/credit card statement errors, credit report discrepancies, failure to receive bills, and credit calls/reminders for unpaid bills.
For businesses, the red flags include the following: high rates of shopping cart abandonment, low average shopping cart size, high frequency of failed payment authorizations, a surge in chargebacks, and several payment failures from the same user, IP address, and device ID or digital fingerprint.
Credit card fraud is nothing new, but its prominence during a pandemic and recession merits some attention. Its perpetrators constantly tweak and upgrade their attacks. They already employ bots and sophisticated strategies to mimic human activity. Also, newbie cybercriminals have access to effective guides on defrauding others. It’s only logical to be more mindful of the threat.