By Andy McCue, 10 November 2003 12:45
NEWS Careless shoppers are contributing to an annual £110m fraud bill from criminals who use stolen credit card details to purchase high-value goods over the internet and phone.
The 'card-not-present' phenomenon has risen by a third over the last two years, and is largely perpetrated online by criminals using credit card details from customer receipts that have not been shredded or destroyed, according to payment body the Association for Payment Clearing Services (APACS).
One in three people never shred or burn their old bank or credit card statements, one in five let others use their card to make purchases over the internet, phone or mail order and one in five rarely or never check their bank statements for rogue transactions.
APACS' Card Watch initiative is warning customers to be especially careful in the run up to Christmas and said that the details on discarded card transaction receipts contain enough details for someone to use for a 'card not present' purchase.
Sandra Quinn, spokeswoman for APACS, said in a statement that the internet is an easy and tempting target for criminals.
"Check your statements carefully for fraudulent transactions. Burn or shred those statements and card receipts - when you have finished with them. Dont let your card out of your sight and dont let anyone else use your card or have sight of your card details, she said.
APACS has published new training and education materials this week for retailers worried about this kind of fraud, outlining fraud prevention tools and advice.
The move by APACS is intended to cut the high losses from 'card not present fraud', which are second only to counterfeit card fraud - which is being tackled by the chip and PIN initiative that will see signatures replaced by PIN numbers for transactions using the new 'smart' bank cards.
Consumers are not the only victims of this card fraud and retailers often bear the brunt of any losses from fraudulent transactions.
A spokesman for the British Retail Consortium (BRC) said it is pleased at the focus on practical steps retailers can take to help foil fraudsters trying to use stolen details for internet and phone transactions.
Peter Dorrington, fraud expert at SAS UK said shoppers need to be vigilant to avoid being a victim of both counterfeit and card-not-present fraud. He advised consumers to check receipts against bank statements regularly and shred old ones, and not to let their card out of sight in shops or restaurants to make sure it is swiped only once.
Richard York, secure technology programme manager at ARM, said there is technology to help prevent card-not-present fraud but chip and PIN is the priority for banks and retailers at the moment.
"You can have card readers in PCs that has been tried and tested and works but it is not clear that the banks would want to roll that out in any quantity," he said.
Comments
There are 8 comments. Join the discussion
1. Marc Mercier
"...and retailers often bear the brunt of any losses from fraudulent transactions."
OFTEN? As an online retailer I can tell you that the merchant/retailer ALWAYS takes it in the backside when it comes to Internet fraud. The credit card companies run on one premise "if there is a problem, get it out of the merchant." There are two kinds of fraud. Credit Card theft (which most merchants with good gateways and processors will detect immediately), and what is known in the trade as a 'chargeback'. A chargeback is exactly what it sounds like. Chargebacks usually occur because the merchant & his server backend didn't verify the card and processed the card. A month or so later John Doe (owner of the card and the credit line) notices a slew of charges on his card he didn't create. He calls his company. Company immediately seizes the funds back from the merchant(s) involved. The merchant had shipped the product to who they thought was the recipient... John Doe. Now the merchant is out not only the monies, but also the product(s) (plus shipping). Second scenario, which is the most revolting, is that John Doe orders some items. He receives the items. WOOHOO! Being a devious Mr. Doe... he calls the credit card company knowing the 'lingo' (which I am not going to post) he gets the item costs charged back to the online retailer. Yet again, the retailer takes it in the back side because it's always assumed the retailer is at fault.... a mentality the credit card companies will someday regret.
2. anonymous
Agreed, credit card users are too careless, but why can't retailers be banned from showing the details on printed receipts? Many outlets already 'star out' part of the number to avoid this type of fraud.
3. Adrian Strahan
Quite a lot of credit card receipts show ALL the card details including the full card number, expiry date and the name of the bearer. If this information was not shown there would be fewer instances of fraud from discarded receipts.
The onus should therefore be on the retailer to remove this information - shredding or burning receipts wouldn't be necessary then.
4. Nic
Shoppers are to Blame! Ha - what a joke - did we setup the systems to print the entire card number and expiry date - I don't think so! If information on receipts didn't print everything - Problem solved! Regulation & Standardisation - ASAP
5. anonymous
"one in three never shred or burn"??
I'm absolutely sure 8/10 don't do this in any effective way, not least because they have neither a shredder nor an open fire. And why should they? We don't ask for this sensitive information to be printed out and given to us.
A quick check in my wallet reveals 8/10 retailers conceal several digits of the card number on the sale voucher - that's the way to do it.
6. anonymous
Shoppers are not the only ones who are careless - retailers contribute by printing card details on receipts. I have received a receipt from one High Street retailer (admittedly more than a year ago) which printed my switch card details sufficiently to enable someone to buy afresh over the internet using just the receipt for my details. Many of these stubs are left on the streets or put in street bins.
7. A. Foster
Consumers have some accountability, but so do credit card companies. There is no reason for all card details to show on the copy of a transaction kept by the customer. Automated tellers blank out numbers - very few transactions use carbon copy any more. Perhaps companies like WorldPay need to think how to help manage their customers' difficulties
8. anonymous
The retailers/banks should make sure that the credit card slip they print does not contain all of the card information. Larger retailers provide the transaction receipt with at least 4 digits unreadable. I have noticed however that many retailers print all the card number and the valid date. This information is inviting fraud. Its like loosing your house keys with your name and adress attached to them.
I think we have put up with the banks and credit card companies whinging about fraud for too long. Smart card technology has been around for years and whats wrong with puting a photo on the reverse of the card? My view is that as long as fraud costs the banks less than the investment to tackle it then they wont really do much about it.