Fraudsters hijack our plastic money

By Chloe Johnson

Banks and police are trying to stay ahead of wily credit card fraudsters - but as long as some banks mail pre-activated cards, the problem will persist

Green MP Julie Anne Genter's bank account was scammed by Canadian fraudsters. Photo / Mark Mitchell
Green MP Julie Anne Genter's bank account was scammed by Canadian fraudsters. Photo / Mark Mitchell

Unaware that fraudsters halfway across the world are preparing to hack into her bank account, Julie Anne Genter bites into a burger.

It is late evening and the Green MP has just returned home from a business trip to Wellington with an empty stomach. Wandering down the brightly-lit strip of Auckland's Queen St, she buys a Bambina burger from Burger Fuel.

But, unbeknown to her, as she swipes her bank card, fraudsters in Canada are making a copy of her private details.

An international gang working in New Zealand has altered the shop's PIN pad to record magnetic strips on eftpos cards and personal identification numbers.

Those details are then matched and transmitted overseas where they are used to make cloned cards.

Closer to home, Aucklander Adam Matthew Brown was last month jailed for two years for 16 counts of credit card fraud.

Police said Brown, 29, stole 12 credit cards from residents' mailboxes in the affluent suburb of Remuera between 2008 and 2009.

They claimed he took the new credit cards, activated them and used them at shops and restaurants around Auckland until the credit card companies cancelled them.

This week, two men appeared in the North Shore District Court charged with obtaining a pecuniary advantage through stolen credit cards. Another two men from Romania were arrested in Wellington over an ATM skimming scam.

Hundreds of people are committing credit card fraud in New Zealand every year as an easy way to obtain money.

Though police say the number of arrests has dropped in the past three years, from 1,010 in 2010 to 652 last year, security experts say the reduction in recorded cases is because fraudsters are outfoxing the authorities.

They say credit card fraud is actually increasing as the thieves develop more sophisticated methods.

According to a software security website, 474 methods of cyber crime have been identified, with most of them relating to credit card access.

So, what are the worst sorts of credit card fraud threatening Kiwis and what are authorities doing to combat the problem?

Thirty years ago, most fraud was committed through chequebooks stolen from letterboxes.

Credit cards were introduced to New Zealand in 1979 by ANZ and the Bank of New Zealand.

However, card fraud did not become prevalent until the introduction of the internet and e-business 15 years later.

Auckland police Detective Inspector Scott Beard, who has worked with the fraud squad since 1985, says the death of paper banking brought a rise in fraud cases.

Credit and bank card fraud leapt by 130 per cent in the 2008 financial year, compared with 2007, with police recording 3948 instances.

In Auckland, the number of reported credit card frauds jumped 400 per cent in just one year.

Beard says although technology initially created a stage for criminals to work on, that same technology is now being utilised to help tighten security and to track offenders.

Murray Knox, research and development director of cyber security business Mako Networks, says fraudsters create games that the banking industry is then forced to play.

The most serious fraudsters, he points out, are intelligent people who develop highly sophisticated hacking methods as their full-time jobs. "Credit card fraud is never going away, and all we can do is manage it," Knox says.

"Criminals will always be one step ahead."

A trend sweeping the world, including New Zealand, is installing malware on point-of-sale machines such as eftpos terminals.

Malware is a type of software that hacks into computer systems to access confidential data.

Last month, a grocery store chain in the US, Schnucks, discovered malware on its computer systems, compromising 2.4 million bank cards.

In the past several months there has been a notable increase in the frequency of these attacks and the success rate in exploiting point-of-sale systems to steal card data, says Knox.

"Last year, we saw quite a few incidents where payment terminals were tampered with.

"This year it's been all about malware."

One of the more widely known, sophisticated methods is called "skimming", in which pay terminals are tampered with. This fraud involves attaching a high-tech device to an ATM, which rips off data from the magnetic stripe on the back of a debit or credit card.

The card details are recorded on the device and later retrieved to create fake cards and steal money from the victim's account.


The devices are usually smaller than a deck of cards and installed near the card reader.

A small camera is often fastened nearby to capture unsuspecting customers' PINs.

Last month, skimming devices were discovered on a number of ANZ bank ATMs around the country. Although the devices specifically targeted ANZ, customers from all banks were affected because customers from other banks can use the ATMs.

The bank discovered the fraudulent transactions were being made from locations in Bulgaria.

Knox says less sophisticated methods, such as shoulder surfing (peering over someone's shoulder to see their PIN being entered) and mailbox theft, were still operating, but rare. "It's getting less common, and harder, to commit credit card fraud [by stealing cards] because you need to know the PIN. But it is not impossible."

New Zealand Post spokesman Michael Tull says banks can choose from a range of secure post options when sending bank cards.

"Banks who send such items using New Zealand Post will have discussed considerations such as cost and security when contracting with New Zealand Post, but the final decision as to the sending method used rests with the banks."

Visa risk director Ian McKindley says mailbox surfing has declined since the introduction of card-activation programmes.

"Cards are usually sent out inactive and require the card-holder to verify their identity before they are activated for use," he says.

Multiple layers of security are deployed to help manage fraud, including chip technology, PINs and fraud detection programmes, says McKindley.

However, some banks are still sending pre-activated credit cards in the mail. The ANZ bank says it stopped sending out pre-activated upgrade gold or platinum cards in 2007 after a customer's card was fraudulently used for more than $8,000 of charges.

Banking Ombudsman Deborah Battell says the banking industry is constantly working to close loopholes in security.

However, she says, card-holders should take steps to protect their personal details.

"Take good care of your card. Don't give your PIN out to anyone. Too often you see people giving their cards to children or other people and that actually breaches the terms and conditions of having a credit card," Battell says.

"Keep a good handle on your money to know what is happening with your accounts. Get on to the bank immediately if you see something unusual."


Ten days after using her card at Burger Fuel, Genter stood in a fish and chip shop watching the word "declined" flash on the eftpos screen. She was worried and puzzled.

Genter had been tramping through the Marlborough Sounds with a group of friends during the Easter break and wanted to celebrate by shouting the group dinner.

"It was about $100 worth of fish and chips and I thought, 'What? Surely I have $100'," Genter says.

"I was confused, I didn't understand what was going on."

Up to 60 New Zealanders had been targeted by an international skimming scam, and Genter was one of them.

Nearly $3,000 was taken from her account through nine different withdrawals made in Canada over the Easter break.

Genter says she could not have protected herself from the scam but the experience was a wake-up call about being careful.

She now knows she and every other card-holder in the country need to be to guard against fraudsters.

They are often sophisticated enough to stay one step ahead of the authorities.


Cards speed up spending

Hundreds of Parliamentary staff and MPs are being given new credit cards to speed up spending on backroom expenses.

The Visa will be handed out tomorrow to around 300 public servants to spend on pre-approved items like power and stationery.

Parliamentary Service communications manager Diana Wolken said the cards would cut costs and handling time for low value, high-volume transactions.

"By putting in place a user-friendly, time-efficient system with robust controls we have decreased handling time, costs and errors, and raised efficiencies."


How to avoid credit card fraud

Malware

• Do not access your bank account from a cyber cafe or from a shared computer.
• Use a combination of capitals and numbers when creating a password for internet banking.

Skimming

• Look for a green flashing light on your ATM. This is a good indication it is free from skimming devices. Watch the card as it goes into the reader. If it jitters it is probably legitimate.
• If it slides in too smoothly, it may mean a skimming device has been installed.

Mailbox and shoulder surfing

• Pick up credit cards from a bank branch. Always cover the pin-pad when entering your details.
• Place a lock on your letterbox.

- Herald on Sunday

© Copyright 2014, APN New Zealand Limited

Assembled by: (static) on red akl_a4 at 22 Aug 2014 20:47:09 Processing Time: 620ms