| Other Photos |
 |
|
 |
Credit Card Scams Rising in Russia
The number of credit cards in use in Russia is growing by the day. The number of credit card crimes is rising as well. Russian criminals do not spend time thinking up new ways to deceive cardholders, rather they imitate methods tried and proven in the West.
Fraudulent operations account for 0.7-0.9 percent of all card operations in Russia, according to various estimates. That would seem to be a small number, but Ekaterina Demygina, deputy chairman of the board of Soyuz Bank, says that “card fraud has a tendency toward growth in Russia and our country has already exceeded the average European level for that indicator.” Strange as it may seem, card fraud is not a Moscow-centered problem. “The 13-percent turnover on bankcards in St. Petersburg produces 46 percent of the fraud,” says Nikolay Pyatiizbyantsev, head of the technical information protection sector at Gazprombank. “that is connected mostly with the unwillingness of the city's law enforcement to counteract that form of crime.”
There are other complications in the fight against credit card crime. “Criminals using bank cards avoid prosecution in most cases,” Demygina said. “Banks often do not even contact law enforcement since cases of illegal activities with bankcards are very poorly described in Russian legislation.”
A survey conducted by Dengi financial weekly revealed that most of the isolated cases of fraud that banks encounter occur with stolen or lost cards. Criminals use them to pay in stores where they do not checks the cardholder's identification. If the cardholder kept the card's PIN code nearby or wrote it on the card, the criminal will withdraw all money on the account.
Beginning July 1, by decision of the Association of Russian Visa Member Banks, Visa card holders will not be required to present ID for purchases totaling less than 1000 rubles. MasterCard has already removed all requirements to present ID while making a purchase. “Be more alert and don't show your cards in public places,” advises senior vice president of Svyaz Bank Arkady Komyaginsky. “I have a personal example. I pulled out my wallet in the Metro with my credit cards in it. Thieves noticed it and had picked my pocket by the next stop. It is better to keep the cards separately from your wallet and separate from other ID.” Deputy chairman of the Avangard Bank board Valery Torkhov added the following advice: “Use the SMS information service for the card. As soon as an unauthorized transaction takes place, you will find out about it and can call the bank and block the card.”
Surprise Package
Many of the fraudulent credit card operations that take place in Russia are connected with bankcards that are sent to the client through the mail. Several years ago, Russian Standard Bank sent cards and PIN codes to its customers by registered letter – a gift to thieves. Then they stop sending PIN codes through the mail and instead generated them for the cardholder over the telephone. They continue to send cards through the mail.
Two weeks ago, a group of criminals operating in Tyumen, Omsk and Kurgan, in the Ural Federal District, was uncovered. According to the Prosecutor General's Office, the group managers of Russian Standard Bank branches and postal employees. The postal employees took registered letters with credit cards in them and gave them to the bank managers, who entered false information into databases about the cardholders. Then the thieves received secret codes from operators to activate the cards and withdrew the money on the accounts through automatic teller machines. The group received about 10 million rubles in cash in that way. About 200 of the bank's clients suffered losses.
In Zlatoust, Russian Standard cards were being stolen not only in post offices, but directly from mailboxes. Then a pleasant young woman visited the people whose cards had been stolen and thanked them on the behalf of the bank for their prompt payment of the bill and gave them a gift. The woman explained that she had to she had to confirm the giving of the gift by taking down the client's personal information. The unsuspecting people freely gave their personal information. Armed with that information and the credit cards, the thieves were able to call Russian Standard Bank in Moscow and activate the cards.
Then the cards were delivered to their owners with charges already on them. The thieves arrested in Zlatoust were charged with crimes using 38 Russian Standard credit cards. Similar incidents of fraud were recorded in Nizhnekamsk, Kalmykia, Berezniki and other places last year. Russian Standard Bank says that the process for generating passwords has been instituted, for which passport information alone is insufficient.
Nonetheless, it is better to pick up a card at the bank personally. This applies not only to Russian Standard cards, but to all Russian banks that send out cards by mail. “In my view, the postal service definitely should not be used in Russia for the delivery of cards or any other secret information,” Avangard Bank's Torkhov commented.
Spies in the Machine
At the end of December last year, VTB-24 bank blocked several thousand plastic cards. It was revealed later that criminals had installed special equipment to record PIN codes and information from magnetic strips in several of its ATMs. Counterfeit cards were produced using the information gathered. VTB-24 says that 4400 of its cards and 4800 cards from other issuers were compromised. The counterfeit cards have already been used in other countries. The exact losses from the operation are unknown, but VTB-24 calculated that about $100,000 was stolen, according to bank employees.
This type of fraud is known as skimming. Skimming devices are installed directly in the slot that receives the card. Using the card a single time in such an ATM is enough to copy all of the information on its magnetic strip. Obtaining PIN codes requires greater originality, however. On the VTB-24 ATMs, special panels were installed on top of the keypad that recorded the codes entered. Miniature cameras are another popular means of obtaining PIN codes.
Several cases of the use of counterfeit ATMs have been recorded in Russia. Clients inserted their cards, entered their PIN codes and the machine displayed a message saying that it was out of order. The client proceeded to another machine and several days later the “out-of-order” ATM was removed and all the users' information with it.
“A client should check for attached devices before using an ATM, Torkhov noted. “Of course, it is hard for the average user to tell the difference between a regular machine and one with mechanisms for fraud attached but, if anything seems suspicious, it is better not to use the machine.” “Nor is it worth it to use cards in poorly marked machines or ones from banks no one has ever heard of,” added Lyudmila Deryagina, head of the payment systems and electronic commerce department of Orgresbank. One should be cautious against letting others see a PIN code being entered as well. In standard bank agreements on plastic cards, it is explicitly stated that the bank does not bear any responsibility for operations carried out using a PIN code.
If you have been the victim of fraud and the bank refuses to compensate your losses, do not fret. Go to court. Under the Civil Code of the Russian Federation, the only basis for taking funds from an account is the client's instructions to do so. Therefore, if a bank refuses to compensate a client for a loss, the court will always side with the victim.
Swindlers at Your Service
Besides ATMs, sales points and restaurants are potential sites for skimming. A criminal has only to enter a card in a terminal equipped with a skimming device to record all of its information. Last December, the Ostankinsky District Court in Moscow sentenced a group of card frauds to several years in prison. The group included a producer of counterfeit cards, a phony customer and a cashier at an Elektroflot household appliances store. The cashier accepted the counterfeit cards from foreign banks from the “buyer” for payment for an item. The payment was made through a Gazprombank terminal. The court noted at the sentencing that such a complex scheme with the use of high-technology gadgetry showed a high level of preparation by the criminal group.
“Exposure of such fraudulent schemes usually occurs after the ostensible cardholder has paid for the good and safely left with the illegally obtained valuables,” they explained at Gazprombank. “The cashier, who is part of the conspiracy, will swear on oath that the carts presented met the requirements of the payment system and contained all necessary protective elements and the purchaser provided documents verifying his identity and matching the information on the card. Proving a conspiracy is nearly impossible. In that case, the bank has either to break the agreement with the trader or petition him to remove the unscrupulous cashier from his position.”
But Russians most often become victims of skimming abroad. This summer, a spate of theft using Russian cards was recorded in Turkey. The criminals used a simple trap, inviting trusting tourists to withdraw money at a convenient rate at local stores called “post offices.” In the West, drawing money at a store's cash register is a fairly common service. In Turkey, however, they required that the PIN code be used to withdraw the money, although it is not necessary to carry out the operation. “The card data fell into the hands of crooks and the tourist, to save a couple of dollars, gets the headache of dealing with the money that was taken from the card,” noted Denis Khrenov, director of the department for non-trade operations at Globex Bank. In Russia, payment systems' rules do not allow cash withdrawals from store cashiers.
It is difficult to protect oneself from skimmers. The most important thing a cardholder can do is probably to pay attention to what is being done with his card by a salesperson or waiter. “To increase the security of payments, obtain a beginning-level card – an Electron or Classic. As a rule, they are less attractive to thieves,” one banker advised. In addition, Electron cards, unlike higher-level cards, are unembossed, that is, the cardholders' name and account number are not raised on the card. That means there are no imprints that can be used for unauthorized purchases. Even though unauthorized purchasing is now considered an outdated technology, it is still fairly broadly distributed in England and several other European countries.
Out-of-Line Online
The Internet has brought not only new uses for the bank card, but new forms of fraud as well. Two and a half years ago, the first instance of phishing was recorded in Russia. The term is derived from the words “phone” and “fishing.” Confidence scheme aimed at obtaining a user's credit card numbers and passwords. Criminals send letters on a bank's letterhead by electronic mail asking for confirmation of personal information, such as card numbers, PIN codes, passwords, and so on, perhaps to update records.
If the cardholder clicks on a link in the letter, he lands on a site where any information entered is received by criminals. That information will allow them to make purchasers over the Internet or by creating a counterfeit card. “It is important for bank card holders to remember that banks never ask for information by electronic mail,” said Alexey Esennikov, head of the bank card department of Moscow Credit Bank. “Those letters should be deleted. If a bank client answers such a message, it is necessary to contact the issuing bank immediately, block the card account and reissue the card.”
Often, all that is needed to perform a fraudulent operation over the Internet is the card's number, expiration date and the CVV2 code on the back of the card and the cardholder's name. All of that data is found on the card itself. Therefore, it should not be shown to anyone unnecessarily. “there is a large number of Internet stores where that information is enough to make payments and buy goods,” one banker noted. “But,” said Elena Dvorovykh, director of the payment card department at Promsvyazbank, “the ease of an operation on the Internet depends on how the processing system of the issuing bank of the card is set up. If the bank spends a lot money on the improving security mechanisms, including online monitoring, such operations will simply not go through.”
All the same, says Komyaginsky, it is better not to use your credit card on the Internet. “If there is a great need to do so,” the banker said, “it is better to use virtual banking cards intended for use on the Internet or have a separate regular card on which only the amount of the cost of a specific item can be placed. And be ready to lose that money too.” It is better to use a card on the Internet only on known and recommended stores. It is desirable for the store to have a certificate of quality from the Verified by Visa or MasterCard SecureCode payment systems. “If you periodically make payments on the Internet, to your cell phone provider, for instance, it is better to go into the office once and authorize them to make a regular withdrawal from your account,” Torkhov advised. “It's convenient and safe since you won't use your card number on the transaction. The provider already has the card information, so the transaction is conducted safely.”
Elena Kovaleva
All the Article in Russian as of Mar. 05, 2007
|
|
|
Photo: Sergey Mikheev
