joi, 23 septembrie 2010

How to stay away from credit card thieves





Be the first to review Article



Bank counter



ADVERTISING:



Stolen cards, namely the money from them, now an isolated phenomenon, it can become a problem with the rapidly increasing number of cards issued by the Romanian banks. And recent events prove that.



ING Bank has published a notice announcing that databases were broken by hakeri VISA in order to obtain data on the card and to steal money. A warning was also published recently by the U.S. Embassy, which indicate the existence of networks that cloneaza card thieves. Some readers inform us that they received e-mail messages (phishing) on behalf of banks that are asking data cards for later use on behalf of the owners and stealing money from them. What, therefore, how the card thieves operate and how to stay away from them?



Cards are cloneaza



The first method, quite rare, is the cloning cards through card readers and cameras mounted for thieves to bank ATMs. Since no information on this method in our country, but in November last year was sent a U.S. Embassy alert initiated through the American Chamber of Commerce, with the title: Bank ATMs converted to steal IDs customer sites. Alert was taken and the BCR, which informs users of their cards to how to avoid such cases. Here DotCommerce Romania alert published on site www.procesor.ro:



Fraud Alert







Alert was initiated by the U.S. Embassy through the American Chamber of Commerce



Bank ATMs converted to steal customers' IDs



˝ organized gangs appeared to install special equipment on ATMs of banks, which manage to steal both the card's number and PIN. While you make an ordinary cash withdrawal, a team sits in a nearby ATM machine's receiving information by wireless transmission equipment installed on the ATM (see photos). If you see such a device does not use ATM's that report and call the bank immediately.



The equipment used to steal credit card's number and your PIN is a cleverly disguised to look just like an ATM normal.Un device is mounted in place insert the card normally, a device that reads the number site and sends cards to those in nearby car.



Meanwhile, a wireless camera, hidden by a folding support is mounted and positioned so that it can shoot your PIN entry. The thieves copy the data and use the card's PIN numbers to withdraw large sums from several accounts in a very short time directly from your bank's ATM. ˝



ATM-ghost



Last year police arrested a Romanian bank robbers who have successfully cloned ATM cards with a ghost, managing to steal hundreds of millions of lei in the accounts of dozens of Bucharest. Ghost ATM was installed at the ground floor of a building located on Avenue Michael Bravu, the capital.



How did: bought, Internet, card readers, which they attached to a computer mounted ATM. Front of it was done so well resemble those used by commercial banks.



Basically, anyone who wanted to extract money from the ATM could not suspect cheating. Even the menu was identical to one of the original ATM. Correspond with the standard operations. The victim, after he introduced the ATM card, select the language, enter the security code and eighth, then, to extract cash. At that time, the screen appears that transaction can not occur for technical reasons. What happens in the meantime? Using computer data account and card security code was copied and saved. Not believing what had happened, "customer" card recover and go looking for another ATM. The thieves used the data thus obtained to "clone" cards to victims. They have the same identifiers as the original. Accounts accessed by cloned cards were emptied of cash, cash drawings being made from ATMs in Bucharest and Constanta.



As installed ATM



Thieves have been submitted to the administration building as employees of a company sent by a commercial bank to mount an ATM. It was concluded and a contract fictional administration, which received several hundred dollars as "rent" for accepting cash dispenser assembly. Nobody suspected of cheating made by youth.



Phishing or stolen card data



A second way to steal data on the cards is known by the name of phishing ˝ ˝. Visa has been the victim of such a method. In a warning issued by ING Bank Romania last month states:



˝ In recent days several e-mails sent to fake addresses were sent to Visa cardholders asking them to provide personal data to be coded security issue new cards. Customers were informed that this measure is necessary after several Visa databases were lost due to attacks by hackers. Visa cardholders warns them not to comply with such requests and not provide any personal information such as credit card number, card validity period, the card's PIN code, user ID or password. If you acted on such requests, you are invited to contact My'Line the number listed on back of your card or account opening application.



"Phishing is a form of Internet fraud that aims at obtaining personal information relating to using the card and card number, validity, user ID and password. Those who follow the fraudulent obtaining of such information creates a web site that mimics in detail the official website of a legitimate organization, usually a financial institution (insurance company, bank or company issuing the card). Phishing site is practiced by sending an e-mail that the recipient is required to access the site (a replica of the official website) and provide personal details, including security codes. ˝



According to information published by DotCommerce, phishing is one in which users are tricked to a website and enter your pesonale, bank account or credit card account in a fraudulent facsimile of the company site for a reinstatement of the account or Another plausible reason. The final goal is settlement of accounts or steal their identity pacalitilor by initiators operation. According to statistics, 5% of recipients of such messages being given demands.



According to Commerce Dot, hakerii sent last year over 20 million e-mails, in several countries, among which Romania, to invite owners to join the Visa Verified by Visa system. "Hackers are extremely dangerous by their inventiveness. They were able to copy to the smallest detail Visa page. Moreover, even the server that sent the e-mails very carefully chosen: https: / / door. visa.com / personal / security / vbv "said Madalin Matica, Director Dot Commerce Romania.



"By completing the required data card holders receiving such e-mail may remain without money in the account. It's the same group of hackers who, in late 2009, several major computer attack American banks, including Citibank and .



To use cards safely, Roman owners should contact the Visa issuing bank to register 3D Secure, the world's most advanced technology platform for secure online payment transactions by credit card. Information are available including the Internet, the banks' own sites. Currently, there are four banks that joined the 3D Secure: Alpha Bank, BCR, Raiffeisen Bank and Bank.Phishing-Tiriac is one of the most common methods of fraud cardholders, especially those who do not follow carefully respecting safety.



Here's VISA card fraud alert:



VISA phishing email - "Verified by Visa Enrollement







Target Company: VISA



From Address: update@visa.com Subject Line: Verified by Visa Enrollement



Page Content URL: 164.77.203.11/personal/security ...



How to protect against data theft



1. Never click on a hyperlink in the email received. If you think that is a real email copy link in your browser



2.Utilizati anti-spam software.



3.Utilizati anti-virus software.



4.Utilizati personal firewall software type



Update 5.Faceti commonly used software.



6.Cautati to all elements which will increase security of personal data page (https)



Beware of online shopping



Another way you can run out of money on the card is when shopping online. According DotCommerce, phishing fans turned their attention to the Romanian virtual shops. Hakerii using a fake website, identical to the original, they receive information about the cards they are shopping in stores. The first attempt at identity theft on the site went bestcomputers.ro



Whether or not you are registered in the database to store bestcomputers.ro, it is possible to find in your inbox from a company email with the subject "online confirmation.



A useful tip: Do not access and / or buy from other sites that resembles the design bestcomputers.ro site, but have not written the address correctly: www.bestcomputers.ro, or redirects to pages that you containing unknown addresses (eg http://83.16.108.242/htdocs/anuleaza.html).



Traders are enough your name, card number site, type its expiration date, CVV2 code to complete the transaction process sigurantă.Orice other information collected by the shop order form, only helps to complete your profile under our company



Very important! Best Computers in its processor cards authorized DotCommerce Romania will never ask for your card information such as bank PIN, or code CVV2/CVC2 CNP's full.



One such attempt took place and the NBR site, last year, when a haker copied a page of the central bank and sent e-mails trying to get donations for flood victims.



Theft with POS



Another method of stealing credit card data would be through a POS (reader) false. A reader asked us, via email, as this would have happened at a gas station in Bucharest OMV, but company representatives, contact the Banking counters, they would be denied this happened. Here, briefly, what the reader said: ˝ seller took my last card at a POS identical with one normal and handed me a terminal, saying Raiffeisen to enter your PIN. After I took it and entered your PIN terminal and put on the counter. After a minute he said that the deal did not work and again in May entered a PIN. This time he passed through the POS card and bank transaction was successful. But, first, he copied my card magnetic stripe and PIN also. That happened somewhere early on January 5. Friday, when I looked in the account I was just surprised to see that cash raised in London. It seems that I have set the card and used it for cash withdrawals. "Lucky" was that I noticed my early lifting cash and was able to block the card. Damage was pretty big bank indemnifies you anyway because it's "PIN based transaction." In conclusion, if someone tells you that the transaction did not work and you say to May enter PIN again then that someone should show you a voucher that says the reason was not accepted first transaction ˝ says that happened .



Raiffeisen Bank representatives told us that the bank was not registered any such complaint, so no hand in the fire stuffing the authenticity adventures. Especially as we WCO representatives said the author of the message above would be desirable, in fact, hit the company's image, in revenge for a disservice.



However, the representative DotCommerce Romania, Madalina Matic, said such fraud is possible on the card:



˝ In Romania, there were (and are there) and fraud attempts made by POS, ATM and e-commerce. Described is a "classic" using a fake terminal to copy the contents of the card magnetic stripe credit / debit card, following after her as "print" a card that will contain the existing data on the original card. If owns and PIN = has access to an ATM where can withdraw cash. If he can only but try card details via online fraud.



What I recommend: If you have information about a fraud: Romanian Police contact / Brigade for Combating Organized Crime or a card processor that will take specific measures. What to check: any POS terminal prints a resolution approving any application. On the same bill / resolution you can see the name of the bank who tried processing via POS. Receipts (even those with errors) to be taken by the cardholder. If you take two copies of the receipt of error because some contain full details of the card. Announcing soon enable fraud and banking institutions and non-bank entities to take special measures to block / monitor card. And obviously to seize ghost terminal.



Do not tell anyone PIN card



PIN is very important for a card. Besides ATM and POS must not disclose it to anyone (no bank or card processor, or store-virtual or not). Neither a banking entity or non-specialized bank will not require such detail. Internet phishing frauds using the same method: will send an email claiming to be a growing security or attempt to access your account and request access to Internet-enabled pages identical to your bank (even address URL is the same) that will capture the data bank, including PIN will be required. The rule is: never give anyone your PIN.



In Internet transactions is not required but never required PIN CVV CVV2 code: this number is printed on the back of credit card / debit cards and is composed of the last three digits (PTR Visa and Mastercard) or four for American Express. This number is similar but provides a PIN over-secure against those who were able to see the front of your card (eg for transactions on imprinting). ˝



What are our chances to recover money stolen card



Matica Madalin from DotCommerce Romania, explain the trail of an investigation in case of fraudulent transactions:



a) the fraudulent transaction via ATM (Automated Teller Machine) - Small chance of recovering damages. Issuing bank accused of alienation Cardholder PIN. Cardholder must still deal to advertisements, to cancel the card immediately to request an investigation (which should be analyzed video - all ATMs have / should have a camera). Long investigation and little chance of recovering amounts.



b) transactions via POS (point of sale-commercial) - more likely to recover the loss. It immediately claim fraud, the card lock is required, ask dealer bank receipts and compare signatures. If they do not match then lose comercinatul verified because the signature on the receipt with the card back (in Romania a few merchants do this check). In most cases, the trader loses money.



c) transaction via e-commerce: a better chance of recovering the money. It immediately claim fraud hangs / cancel the card, the bank requires processor / store details about delivery and technical details (all data posted by fraud, IP, etc.). It



try analysis and the delivery address used. In most cases the losses are borne by the processor / bank / institution that issued your card and shop rarely lose. Cardholder has high chances to recover the loss. If you joined the 3DSecure card very well occur because there are an additional password details for the credit / debit card, password known only to the owner.



If a Cardholder rely unduly refund is considered fraud attempt, and punished with 15 years jail.



None of the insurance transactions of banks in Romania All information they hold. We tried to make such an assurance to our vendors and have not found any insurance company in Romania to understand / accept what we want.



Our insurance (no guarantee but I think we are the only sure) are signed with U.S. companies. Besides being the only ones who are certified by the data security and payment system (certification PCI-DSS - Payment Card Industry,



Data Security Standard) sacerem Could such an assurance.



Banking policies but are considering a rate Frade / losses they will incur ˝ adds DotCommerce Romania representative.