Credit card fraud continues to be a menace especially in developing countries. But credit card companies and issuing banks are working to stay one step ahead of large global syndicates.
During a recent investigation into a crime syndicate that was dealing in a large volume of counterfeit credit cards, I was surprised to find that the Kingpin’s lair in Jakarta, Indonesia, was a dingy apartment crammed full of computers. Here his faithful staff gambled online 24 hours a day working their way through hundreds of credit cards and lists of credit card details until the cards finally were blocked and no longer accepted. They wired their winnings to banks in offshore jurisdictions as laundered funds through legitimate accounts. An avid gambler, the Kingpin enjoyed his work.
Being without the use of the plastic cards, for even a short time, can be extremely inconvenient. There was a time when the customer, if astute enough, could take the credit card carbon paper copy from the shop assistant and rest easy. No longer. Credit card fraud – a professional, international business run by resourceful syndicates with industry insiders on their payrolls – was estimated by The Nilson Report as costing USD$3.8 billion globally in 2002.
For a fraud examiner, understanding the extent and types of this fraud, as with any other fraud, increases professional knowledge. But for those investigating fraud in financial institutions, it’s essential.
Credit Card System Rudiments
A credit card bears the brand name and logo of a company that controls and regulates the cards. A bank, which is required to meet the standards set by the credit card company, actually issues the card. The credit card company raises funds from charges to the bank. These charges include fines for malpractice. When a customer incurs a loss due to fraud, the credit card company underwrites it, but it reclaims the money from the issuing bank.
This relationship is important because although the customer takes solace from seeing the credit card company symbol on their card, the responsibility of “caring” for them actually befalls the issuing bank.
Furthermore, when a customer makes a purchase at a retailer, the issuing bank may not have a credit card terminal in the retail outlet. Of course, banks share facilities and so any card reader will be able to process the transaction. However, this means that the transaction is entrusted to the processes of yet another bank.
In any country the security of card information relies on the bank’s protocols, systems, and general security levels. While investigating fraud in Asia, I’ve seen that many banks have woefully poor security measures because of lack of funds or understanding of the risks.
Increasingly, the onus is on the card issuer rather than the card user to prevent fraud. One of the banks’ main tools is fraud detection software that looks for unusual patterns and anomalies. Another is robust security measures over the control of the card readers. However, the banking sector outside of the United States and Europe seldom uses these detection methods.