l-company.info Articles

Online Credit Card Fraud

Fraud is the intentional representation of a falsehood as being a fact. The purpose of fraud, including e-commerce or online fraud is to deceive another party through misrepresentation and involves an illegal and dishonest transaction in order to obtain a profit.

The most important difference between traditional person to person fraud and e-commerce, mail-order/telephone order (MOTO) or online payment fraud is that the credit or debit card is not physically presented to the merchant for a transaction to take place. The fraudster simply needs the correct card information to progress the purchase. Criminal networks, often functioning in the Dark-net, steal and sell this information to other criminals and can also provide the physical credit card itself. The work, techniques, knowledge, methods and intention of using credit card information to facilitate a fraudulent transaction is known to criminals as ‘carding’.

There is a large amount of card information available to dishonest persons and transactions using this stolen information has been become relatively easy to acquire.

New measures are adopted by financial institutions and merchants that are largely protective and make fraud more difficult but these measures can be circumvented. The more protective measures in place the better the security but there are still many avenues for criminals to be deceitful. Constant cross-check methods including BIN number validations should be part of an online merchant’s risk-mitigation techniques.

Banking systems and checks

Most banks currently have several measures incorporated into their security systems that greatly reduce the risk to customers from credit card fraud:

  • Chip and PIN: Many countries mandate the use of “micro computer chips and PIN” technology that are the practicable elements of the EMV (Europay, MasterCard, and Visa) technical standard. The imbedded chip replaced the need to swipe the magnetic strip on credit cards and is considered to be more secure. They are regulated through the standards based on ISO/IEC 7816 for contact cards, and standards based on ISO/IEC 14443 for contactless cards;
  • Two-factor authentication: Many banks use text messages or tokens that generate a unique, time-limited code to help verify the legitimacy of transactions;
  • Monitoring of customer habits: some banks have complex sets of algorithms that monitor the spending habits and transactions of their customers. They frequently have the ability to identify a suspicious (often fraudulent) transaction and either request extra validation or block it entirely.