How to protect a bank card from scammers 💳💰

How to protect your money and what to do if the criminals got to the card account.
Perhaps some tips seem elementary to you, but it is with them that security begins.

Ways of card fraud

The fantasy of criminals is boundless. Literally every year there are new, more sophisticated ways. Let's consider the main ones.

Fraud with bank cards is called carding.

Let's start with the "classics". You came to withdraw money from the ATM. Hurry up, literally on the run enter a PIN-code while chattering on the phone. You did not even look at the inconspicuous kid in the baseball cap and dark glasses that looked over your shoulder. But he watched you very carefully. He spied and remembered the numbers you entered. Further elementary gop-stop - and farewell, money.

Also in the turmoil you can not see that before you is not a real ATM, but a fake. After all, the machine is exactly like real. Stickers, instructions - all right. Insert the card, enter the PIN code, and the screen shows: "Device is malfunctioning", "There was a system error", "Not enough money" or something like that. Well, it happens. You go to look for another ATM. But sooner than you find it, scammers will devastate your account. After all, with the help of a phantom ATM they already considered all the necessary data about your card.

Often simulate a malfunction of ATMs. For example, late at night you return home and decide on the way to cash out the salary. Inserted a card, entered a PIN-code, the amount - everything goes fine. The card receiver gave the card, but the tray where the money should appear does not open. Broken? Probably! It's dark around, you need to call the bank and find out what happened. You have moved literally for ten meters, and smart thieves have already peeled off the scotch and took your money. Yes, yes, the banknotes did not release a simple adhesive tape.

Another technique is called the "Lebanese loop". This is when the lasso from the film is inserted into the card reader. If you please into it, the card can not be pulled out any more. As a rule, there is an "assistant": "Yesterday I just ate the ATM, I entered this combination and the PIN-code, and it all worked." You try, endure a fiasco and go for help to the bank. At this time, the good Samaritan takes the card and goes to devastate it. He knows the PIN. You just entered it openly. Remember?

However, the ATM can be real and even serviceable. This is not a problem if the attackers have a skimmer. This device is for reading information encoded on the magnetic strip of the card. Physically, the skimmer is an overhead unit attached to the card reader, while it looks like part of the ATM design.

Left - ATM without skimmer, right - with skimmer

With the help of the transmitter scammers receive information from the skimmer and make fake cards. They will use the skimmed card, but the money will be debited from the original account. Hence the name of the method - skimming, from the English "skim cream".

How do they recognize the PIN? In addition to the skimmer, they have other devices. For example, an overlaid keyboard. It completely mimics the real, but at the same time remembers the dialed keystrokes.

Keyboard overlay

As an option - a miniature camera, aimed at the keyboard and disguised as a box with promotional brochures.

Hidden camera

A variety of skimming is a shimming. Instead of cumbersome overlays, a thin elegant board is used, inserted through the card reader directly into the ATM. Then the scheme is the same as when skimming. But the degree of danger is higher: to see that in the ATM "bug" is almost impossible. It is consoling, however, that it is rather difficult to make a shim - its thickness should not exceed 0.1 mm. Almost nanotechnology. :)

Phishing is a common way of Internet fraud. Most of you do not need to explain what it is. Perhaps someone even received a "letter from the bank" with a request to go to the link and clarify the details. And the phishing page looked like real, the same colors, fonts, logos, except for an annoying "typo" in the address bar.

Recently, the subspecies of phishing is spreading more and more - wishing. Simply put, divorce on the phone. Scammers simulate the call of the autoinformer. A frightening robotic voice tells you that your card is blocked, or has been attacked by hackers, or you urgently need to pay off your loan debt. For details, call on this number. You call, and the courteous "operator" asks you to "verify" the card number, the validity period, the verification code ... Once you dictated the last digit, you can say goodbye to your money. While you come to yourself, they will already be spent in some online store.

By the way, due to the fact that for the use of the card is not necessarily its physical presence, scammers are increasingly using methods of social engineering. So I was almost deceived.

I was selling furniture. I posted an ad with photos on a well-known site. Specified the number through which I do not pass any authentication. Soon a man called. He introduced himself as Vasily, an employee of the firm that rented the apartment. He said that they liked my sofa - they do not look! The money will now be transferred to my card. No problems. I often buy on the Internet, for these purposes I have a special card. Write off from it then there was nothing, but refill - please. But one caller was not enough - the interlocutor requested another validity period and CVV2. I did not name, but Vasilii was offended. He said who I was and where I should go, and hung up.

Most of the cards are now tied to the phone number so that SMS messages can confirm operations or, for example, an Internet bank login. What just do not intruders to take possession of the desired SIM-card: they steal phones, intercept SMS, make duplicates of sims and so on.

Safety rules when using cards

Having issued a debit or credit card in the bank, we receive a bank service agreement and an envelope with a PIN-code. It is a pity that in addition to this set do not attach a memo with elementary security rules for cardholders. The following recommendations should be included in it.

1. If possible, make a hybrid card - with a chip and a magnetic strip (unfortunately, only cards with a chip in Russia are almost not used). This card is better protected from burglary and forgery by skimming.

2. Learn the PIN code by heart. If there is no hope for memory, write it down on a piece of paper, but keep it separately from the map.

3. Never, under any circumstances, notify the third parties the PIN code and CVV2-code of the card, as well as its validity period and on whom it is registered. No bank will ask you for these details. And for crediting funds to your account, only the 16-digit number indicated on the front side of the card.

4. Do not use so-called salary cards for payments in shops and payment for online purchases. It is better to transfer money from a card account to the front account or set daily limits for all types of transactions.

5. Choose ATMs located inside bank offices or in protected points equipped with video surveillance systems.

6. Do not use suspicious ATM models. And before you insert the card into the terminal, carefully inspect it. Is there anything suspicious on the keyboard or in the card reader? Is there a strange tray with advertisements around?

7. Do not hesitate to close the keyboard with your hand and ask to step aside particularly curious friends in line. If you have problems, do not use the advice of "casual helpers" - not leaving anywhere, immediately call the bank and block the card.

8. If you lose the card, and if you have reason to believe that third parties have found out its details, immediately contact the bank and block it.

The easiest way to call. If the card is in your hands, you can see the support number on the back of it. As a rule, contact centers are open around the clock. If the card was left in the ATM and you do not know the phone number of your bank, call the ATM service company. The number must be specified on the terminal.

In addition, learn about the possibility and conditions of insurance cards in your bank. Some credit institutions have special programs to protect customers from fraud and reimburse them for damage.

Security rules for using banking

Not leaving the house you can use a large package of services. For example, pay something or transfer money to someone else's account.

Banking - remote banking.

Allocate Internet and SMS banking. The first one allows you to perform transactions through the client's personal account on the bank's website or through the application, and the second one means informing about transactions via SMS messages.

To use banking without the risk of losing money, you must follow the following basic precautions.

1. Do not enter the Internet bank from other people's computers or from public unprotected networks. If this does happen, after the session is over, click "Exit" and clear the cache.

2. On your personal computer, install the antivirus and update it in a timely manner. Use modern versions of the browser and mail programs.

3. Do not download files received from unverified sources, do not click on unreliable links. Do not open suspicious emails and immediately block their sender.

4. If necessary, do not enter any of your personal data, in addition to the login and password.

5. Check the address bar. A secure HTTPS connection must be used. And the slightest mismatch with the domain of the bank almost certainly means that you are on a phishing site.

6. Think of a complicated password to enter your personal account, and use one-time passwords requested by banks to confirm actions in your account.

Remember! Banks do not send out messages about blocking cards, but do not ask confidential information and codes associated with customer cards in a telephone conversation.

To save the SIM card to which the card is tied, promptly notify the bank when receiving suspicious messages and in no case call the numbers indicated in them. Inform the bank if the number is changed or the SIM card is lost. Set the password on the phone and do not remove the block from the screen, if someone outside observes your actions. And if the SIM-card is registered on you personally, then prohibit its replacement by proxy.

What to do if scammers write money off the card

Disputes between clients and banks are not rare. The first, having learned about unauthorized write-off of funds from their accounts, ask to return their blood, while the latter often get their hands up: "You told the fraudsters yourself."

In other words, the law distinguishes between the responsibility of the bank and the client.

1. The bank informed the client about the unauthorized operation? If not, the responsibility lies entirely with the bank. If so, go to item number 2.

2. The client informed the bank not later than the next business day after notification from the bank that the transaction was completed without his (client's) consent? If not, the responsibility lies with the client. If informed, go to item number 3.

3. The bank was able to prove that the customer violated the procedure for using electronic funds? If so, the responsibility lies with the client. If not, the responsibility lies entirely with the bank and it is obliged to reimburse the client for the full amount of the contested operation.

An obligatory condition for reimbursement of unauthorized written off funds is the notification of the bank about the use of the card without the consent of its holder.

To notify the bank that the card is being used by someone else, it is necessary no later than one day after the day when the customer discovered fraud.

Compliance with this deadline is very important. Overdue - you can not count on a refund.

In addition, the client must have a proof of notification on his hands. This is a second copy of the application to the bank with a note of acceptance made by an authorized employee or a written notification of sending a valuable registered letter to the bank's address with a list of investments.

The appeal to the bank does not cancel or replace the appeal to law enforcement agencies.

Сonclusions

So, a short algorithm of actions for illegal write-off of funds from a bank card is as follows:

Do not panic, call the bank and block the card. Plus, we ask the operator to name the balance on the account and the last transactions committed.

Within a day we run to the bank and write an application. We must necessarily issue a copy of the application from the authorized employee of the bank.

If the employees of the credit institution somehow prevent this and refuse to accept the application (the forms have ended, the technical break, etc.), we appeal to the prosecutor's office.

We write to the police. Especially if you are faced with robbery or robbery.

We are waiting for a refund.

If the bank refuses to refund funds written off the card, referring, for example, to a violation of the procedure for using electronic funds, you can assert your rights in court.