Monday, December 15, 2008

Credit card crime is on the rise. How not to become a victim

Credit and debit card scams are on the rise but you can take steps to stay safe.
According to the first official survey of personal fraud in Australia, about 3 per cent of credit card holders can expect to experience card fraud this year, while nearly 60,000 people could be conned out of their confidential banking details in "phishing" scams.
And don't think it won't happen to you. In the case of card fraud, the Australian Bureau of Statistics study found the vast majority of victims - 70 per cent - were employed, married and Australian-born, with nearly half of them highly educated.
The chief executive of the Australian Bankers' Association, David Bell, says: "So long as there's been money in the system, there's been fraud - it's an ongoing issue. In terms of the quantum, it's relatively small but that's not the point - the point is it should be prevented . . . because not only does it result in financial issues for customers and banks, it also goes to the person's sense of security with their accounts."
Australian Payments Clearing Association data for last year shows fraud remains a fraction of overall payments: 44.5 cents in every $1000 of transactions in the case of credit and charge card fraud, 7.1 cents in every $1000 for debit cards and less than one cent in every $1000 for cheques. However, while cheque and debit card fraud are falling, credit and charge card fraud are rising - up from 36.9 cents the previous year. About 70 per cent of that increase relates to cardholders making purchases overseas via the internet and telephone.
Generally speaking, you won't be held liable for losses to fraud, Bell says, as long as you don't contribute to the loss by your actions.
"So, for example, with a debit card if you were to write your PIN [personal identification number] on the card and you lost it and someone removed funds, it would be a hard ask to get your money back," he says.
However, even if you're not financially liable, there will be a cost in terms of time and inconvenience as you sort out genuine transactions from fraudulent ones, rearrange any direct debits and wait for a new card.
So what can people do to protect themselves from financial fraud? These days it's not just a matter of never signing a blank cheque or making sure no one is "shoulder surfing" while you enter your PIN at the ATM.
Crime agencies and regulators say the increasing technological sophistication of criminals means it's also about safeguarding your computer from hackers and protecting yourself from identity theft when you go online.
DEBIT CARDS
Your PIN is the key to debit card security, Bell says. You should never give it to anyone, even a member of your family. And your bank will never, ever ask you to reveal it.
You should have a different PIN for each financial instrument or channel, such as your debit card, credit card and internet banking.
As with passwords, it doesn't hurt to change your PIN occasionally. But don't use numbers or codes that relate to things such as your birthday or age.
That's why social networking sites such as Facebook and MySpace are causing concern. Some people put sufficient personal information on them that a fraudster can "steal" their identity.
CREDIT CARDS
Never, ever lose sight of your credit card when you're paying.
"When you go to a restaurant, don't hand over your credit card and let someone take it away," Bell says.
Unscrupulous operators can record card details (including its three or four-digit verification code) and then use them for online or phone transactions.
Email is not a secure way to transmit information and if you're going to give your credit card number to somebody over the phone, make sure you know who you're talking to. Make sure you sign your card as soon as you receive it and have your mail collected or diverted if you're expecting a card while you're away.
Having a separate card with a low limit for internet transactions may save you some heartache if your details are intercepted online.
"Having a very large credit limit on a credit card does potentially expose you," Bell says.
The new chip-and-PIN credit cards offer a step up in security but, again, you must protect your PIN.
PHISHING
Criminals hope to catch people when they send out "phishing" emails purporting to be from the bank asking you to confirm your account details, password and PIN, supposedly for a "security upgrade" or some other ruse. The email may even contain a link to a replica website. Crime agencies say you should never click on such a link and it's good practice to always type your financial institution's website address into your browser.
Remember, your bank will never ask you for your password or PIN, Bell says, and certainly not via insecure email.
The ABA, the Australian Securities and Investments Commission and the Australian High Tech Crime Centre have a joint website (protectfinancialid.org.au) that provides more detail on how to protect your financial identity, while the Australian Competition and Consumer Commission's scamwatch.gov.au site offers help in identifying common internet scams.
ONLINE TRANSACTIONS
The Government's Stay Smart Online website, http://www.staysmartonline.gov.au, says you need to protect passwords for online banking and other internet transactions just as much as you would your PIN for a debit card.
That involves making sure your computer is protected by up-to-date anti-virus, anti-spyware and firewall programs and setting your browser security at a sufficiently high level.
It also suggests you should confirm the data is encrypted and safe from prying eyes by looking for the prefix "https://" in the address bar and for a locked padlock symbol at the bottom of your browser window.
Always log out from internet banking when you're finished and go the extra step of also closing your browser.
"If any other windows 'pop up' during an internet banking session, be suspicious, especially if it directs you to another website which then requests your customer identification or password," the website says.
SOCIAL NETWORKING
An Australian Federal Police spokesman says you should configure your web browser so it won't remember the data you enter into forms and you should never select "Remember me on this computer" or similar boxes on websites.
You could even go as far as deleting cookies after your internet session.
If you use social networking sites, treat everything on the site as if it were publicly available information. Don't display your date of birth, address or other personal information. Check the site's privacy settings to make sure they're high enough to resist non-friends finding out too much about you.
Don't accept "friend" invites from people you don't know and don't accept the name of a user at face value - they may not be who you think they are.
Be careful about using applications on these sites as they're run by third-party companies that may also get access to all your personal information.
The growth of identity theft has prompted credit bureau Veda Advantage and security group Secure Sentinel to announce last week a $65-a-year service that alerts individuals by email whenever there's a change in their credit file.
IF YOU BECOME A VICTIM
Tell the police immediately.
* Alert your bank or financial institution.
* Get a copy of your credit report and check it.
* Close all unauthorised accounts.
* Keep all documentation.
Source: Australian Federal Police