Almost gone are the days of the good old-fashioned purse snatcher. With less brute force and more skill, thieves need only a minute, sometimes less, to pilfer your credit card data.
"Back in the beginning, they got the imprint of credit cards from the carbon copies they dug out of the trash," says William Noonan, assistant special agent in charge of the Secret Service's criminal investigative division. "Technology has changed things."
The number of compromised records has been on the decline for the past two years, according to the Secret Service, after reaching a record high of 361 million records in 2008. The trend might reverse this year, however, after a recent string of misdeeds.
This spring, criminals hacked, phished or skimmed their way into the systems of Michaels Stores, Sony, marketing firm Epsilon, Citibank and even security expert RSA, among others. In some cases, they obtained only names and emails. In the worst cases, they got credit card numbers.
The schemes are simpler than you think. Here are the most common ways thieves pilfer your credit card information.
Suspects: The toy store trio
Modus operandi: Sally, Simon and Bud walk into a toy store. Sally and Simon roam the aisles, while Bud waits in line to check out. When Bud is at the register, Simon comes running up to the clerk, screaming that his wife has fainted. As Sally and Simon distract the salesclerk, Bud switches the credit card reader at the register with a modified one of his own, says FICO's fraud chief, Mike Urban. For the next week, the salesclerk unwittingly collects credit card data on the modified reader until the trio returns, takes back the modified reader and restores the original terminal.
Known whereabouts: The trio will hit other retailers and restaurants, but sometimes the threesome will instead be a twosome or a solo criminal.
Suspect: The waitress at the diner
Modus operandi: The waitress whisks away your credit card and swipes it through the restaurant's register. Then she pulls a small device -- about the size of an ice cube -- from her apron and swipes it through that, says Sgt. David Schultz of the Fort Bend County Sheriff's Office in Texas. While you're scraping the last of the chocolate frosting from your plate, your credit card information has been stored in the device, known as a skimmer. The waitress returns your card and performs the same magic trick on dozens of credit cards in a week.
Known whereabouts: The data-stealing waitress has been known to moonlight as a bartender, salesclerk or at any other job that allows her to take your credit card out of sight.
Suspect: The Gas Lass
Modus operandi: The Gas Lass parks her car in front of a gasoline station off the turnpike. It's late. There's no one around except a sleepy attendant at the register inside. The Gas Lass attaches a skimmer over the credit card reader at the pump. It's a special skimmer: It emits a Bluetooth signal to a laptop close by, says Noonan. The Gas Lass pays, heads off to the motel next door and sets up her laptop to receive the data from the compromised pump over the next several days.
Known whereabouts: The Gas Lass installs skimmers over ATMs, parking meters, vending machines and other places with unmanned credit card readers.
Suspects: Harry the Hacker and Phishing Phil
Modus operandi: Harry the Hacker installs malware -- a type of software that damages or infiltrates a computer or network -- onto a legitimate website with low security. The malware instantly downloads onto your computer when you visit the site and allows Harry to access your information. In another scenario, Harry puts malware on public computers and gathers the information you share with that computer, says Urban. Harry also infiltrates the computer system of banks, retailers and other businesses and extracts personal account information, Noonan says.
Phishing Phil uses malware to go after your laptop. He sends emails with attachments that promise dancing kittens or some other bait. When the user opens the attachment, malware instantly downloads onto the computer and leaves confidential information vulnerable. Phil also sends emails from a familiar sender with a link to a contaminated website that installs malware onto your computer. Some malware, called spyware, allows Phil to capture every keystroke, including passwords to your financial accounts.
Suspects: The rest of the criminal crew
Modus operandi: So what happens to these pieces of data when they're in no-good hands? They get sold.
The waitress, trio or Gas Lass sells each swipe for $20 to $40, says Urban. Harry the Hacker and Phishing Phil will get $5 to $10 a card and may sell the information online. The person who buys the information verifies it and then sells it to a person who creates fraudulent credit cards with victims' account information attached to them. The card-maker then sells cards to other criminals who buy goods, such as stereos or baby formula, and sell them to regular consumers.
What you can do
- Set up mobile alerts for your phone if your financial institution provides the feature. That way, you can be aware of unusual activity as quickly as possible.
- Regularly monitor your accounts online, so you can identify fraudulent transactions faster, says Schultz.
- Avoid public computers. Don't log on to your email if your bank corresponds with you there. Urban suggests setting up an email account just for your finances and checking it from safe locations.
- Avoid doing business with unfamiliar online vendors, Noonan says. Stick to established merchants and websites.
- If your information has been compromised, notify your financial institutions and local law enforcement, which will contact the Secret Service if necessary. Also notify any of the three major credit reporting agencies -- Experian, Equifax and TransUnion -- to set up a fraud alert on your credit reports.
This article was reported by Janna Herron for Bankrate.com.
VIDEO ON MSN MONEY
Using cash is a GREAT way to budget expenses. You get a certain amount of cash out at the beginning of the week, and that's all you can spend that week. If you spend too much, you're done for the week.
Regarding fraud and Pay Pal. I, too, had an incident where someone hacked my Pay Pal account and attempted to withdraw a large sum of money from my bank account. But in my situation, Pay Pal refused to recognize the attempted withdrawal as fraud. Since there was not enough money in the bank account the charge was returned to Pay Pal. When I alerted them about the fraud, they refused to stop the transaction and informed me they would be attempting to run the charge through again, as was their policy. Lucky for me, my bank had dealt with Pay Pal issues before.
Bottom line, if you use Pay Pal or a similar service, create a special checking account just for that purpose and deposit only the funds you need to conduct your business through Pay Pal. Live and learn.
I suspect that this problem is going to get worse as the recession deepens, and many middle class jobs in the USA are converted to low wage near minimum wage jobs. The methods described in the article are easy ways to make a quick buck, and do not require a lot of money to implement, and the return on investment is huge.
Furthermore, many police departments around the country do not have significant resources to successfully fight cyber-crime and second swiping, and sometimes cyber crime crosses state and even national borders making it very difficult to trace, which also makes it very difficult to prosecute.
About the few ways that can be done to curb one's exposure to cyber crime are to pay cash whenever possible and avoid the use of swipers (very hard to do in some cases, though), equip your computer with reputable anti-virus, anti-malware, anti phishing and.anti-spyware protection , if you E-Shop, only shop on reputable Web Sites, and do not open suspicious E-Mails.
WHAT YOU CAN DO SOLUTIONS v. 1.3
Hmmmmm...maybe before you go out to eat at night, you should stop by the ATM to take cash out so you won't have to give the waitress, or checkout guy, or whoever your credit card? Oh wait, the bad guys started installing skimmers on ATMs. Drats!
When on line shopping visit only established merchant sites. Oh wait, the bad guys can hack into many of those websites and intercept your personal information. Not to mention how does that help the struggling start-up business trying to get a foothold in the marketplace? Oh man! What to do?
About the only safe bet is to tell your boss you're taking off from work early (good luck with that!) when the banks are still open to grab some cash from the teller (Dun Dun Dun-can you trust your teller?). Then head down to your local Megalomart, “where shopping is always a pleasure”.
P.S. Just don't forget to check your receipt to make sure they didn't charge your card for cash back and pocket the money!
P.S.S. Technology has overwhelmed us all. We're screwed. Buy U.S. Savings Bonds!
The technology is there. Why not have your picture imbedded on your credit card stripe. When you swipe your card, your picture comes up on the register for visual verification.
A step I take is to write on the back of my card ID Required. To bad it's barely looked at. I've had clerks who will take my card, look at the back and do nothing. Then again, I've had clerks who will ask and I make sure to thank them for asking.
To me, the technology is there, it's just not being used. Better than a picture or whatever for your credit card would be what is called digital ID's. This means there is an encyrpted unique file on your card that only associates that card to your number. If the number gets swiped somewhere else but the unique ID on the card isn't there, it can't go through. I personally think they should start implementing that. Kind of like having a certificate on your computer that uniquely identifies your computer for access to your bank. They really should start implementing something like that. I know it can be done because the governement is doing just that. You can't log into a computer without having the unique ID's to log in. Same thing with a credit card. If a hacker doesn't have the unique ID with your card, it can't be used.
Also, if you use it online, you have to have the digital certificate installed in your browser of choice. When you are done, you can uninstall it and keep it somewhere safe in some kind of encrypted safe or on a thumb drive, so no one has access to it. Then when you go to make another purchase, you re-install into your browser and purchase again. Or you can do that with your bank. I'm not sure how expensive it can be to implement something like that, but it sure would cut the thieves out of the picture.
I ve a solution use 0 balance debit card before going out load it with cash either from your account / credit card and only use this card for all transactions.Benefits:
1) you plan your expenses
2) you dont carry cash
3) using credit card to load it you get 55 days credit
4) even if you loose / or someone misuse it its easily traceable and wont give you shocks
5) being a debit card you dont pay any interest
6) can have debit CARD IN DIFFRENT ADDRESS AND NAME SO DIFFICULT FOR ANYONE TO GET ACTUAL DETAILS
Copyright © 2014 Microsoft. All rights reserved.
Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.
RECENT ARTICLES ON IDENTITY THEFT
Tired of your wallet taking a beating at the grocery store? Here are some creative ways to save big on food costs.