Banks' silence is golden for booming internet fraud
Scotsman.com News - Banks' silence is golden for booming internet fraud
MURDO MacLEOD mmacleod@scotlandonsunday.com
FRANK Duns believed he was being ultra-cautious. He used his credit card only when he had to, including to pay a restaurant bill while on holiday in the Isle of Man.
Just weeks later, the businessman from Penicuik, Midlothian, discovered to his horror that his card had been used to buy a £4,000 motorcycle. The card had been cloned and the details handed to an Ireland-based fraudster.
"I am still absolutely stunned how anyone could have made a transaction for so much money just like that," Duns said. "No security checks or anything. I got a full refund from the card company, but never an explanation of how this happened."
Duns is just one of the rapidly growing number of Scots falling victim every year to scams and thefts involving credit cards and bank accounts, most of which take place in cyberspace. A new branch of the English language has emerged to describe the shady practice, with phishing, pharming, keylogging and spyware among the recently coined words.
Banks acknowledge about £500m of such fraud a year in the UK - up from £213m in 2000 and £62m in 1995. But banking insiders have told Scotland on Sunday that as much as another £500m was discovered by the industry but never reported to police, under a controversial policy of dealing in-house with any theft of £2,000 or less.
It's the bigger cases that do come to light, such as the £280,000 stolen by fraudsters from comedian Harry Hill, as reported last week. Politicians and police fear that by "hushing up" such large numbers of crimes, the banks could be inadvertently encouraging more theft.
Pauline McNeill, the convener of the Scottish Parliament's Justice 1 Committee, said: "This needs to be investigated. It's important to get an accurate picture of what is happening in order to fight crime. I am concerned that by only focusing on the larger frauds we might be missing the opportunity to link crimes together and so solve more of them."
A police insider said: "From one point of view we might quite like it if the figures seem lower than they really are, because that gives us less crime to chase up. But ultimately the most effective way to stamp this out starts by knowing the full picture of what is going on."
Detectives say criminal gangs have turned to internet and card fraud as an easy alternative to "traditional" crimes such as armed robbery. Criminals calculate that even if they are caught, there is less risk of receiving the hefty sentences they would get for using guns or knives.
As a result, banks and detectives are now locked in a technological arms race against fraudsters, culminating in Chip and Pin, which will come fully into force this week. The new system will mean that customers who do not know their numbers might have their cards refused. But the system risks descending into chaos, as millions have still not received their code numbers.
And Scotland on Sunday can reveal that the latest gadget in the thieves' technological armoury "tunes in" on the new portable Chip and Pin readers as they are used - typically in restaurants.
Detective Inspector Duncan Hamilton, of the Strathclyde Police fraud squad, said: "Chip and Pin has been very effective at stopping fraud at the point of sale. But there is evidence that criminals have been using special receivers which can pick up information from a portable chip card reader."
The crime has been uncovered in continental Europe and police believe if it is not here already, it is only a matter of time.
Hamilton says the biggest cybercrime threat in his force area is gangs targeting bank and call centre workers in order to bribe or force them to reveal confidential bank information.
He said: "The gangs approach the staff in the pub or somewhere and typically offer about £200 for each set of details. If the person refuses, the promises turn to threats. But let's face it, call centre workers are not brilliantly paid and there's a high turnover and not much loyalty."
Meanwhile, the potential financial perils of using a home PC become ever more pressing. Fraudsters are firing out bogus e-mails, purportedly from banks, in an effort to get consumers to enter their account details - a practice known as "phishing".
A variation is "pharming". Software is installed on a computer which diverts the user from common retail internet sites to fake web pages which look like shopping sites. The unwitting user keys in vital details in the belief that he is buying something online, but is actually sending credit details to criminals.
Conmen also hide "spyware" programs in innocent-looking files downloaded from the internet, such as free software.
Peter Craig, of the security software company Trend Micro, said: "About 60% of UK computers are infected with spyware, and it's tremendously difficult to avoid. I visited a website with a clean PC, turned off all anti-virus protection, downloaded a free program, scanned the PC again and found 418 items of spyware."
So who is behind the new crimewave? Detective Chief Superintendent Stephen Ward, crime coordinator for the Scottish Drug Enforcement Agency, said: "We are seeing a number of organised criminal gangs from Eastern Europe moving into Scotland.
"They seem to believe that there is a lot of potential here to make money. It's not all from outside - there are the gangs from here in Scotland at it too."
Andrew Goodwill, the managing director of Early Warning, a company which develops anti-fraud databases, said: "Gangs target graduation lists and universities in the former Soviet Union for the best maths and IT graduates. They face the choice of not much money in honest work or quite a lot of money working for criminals."
A police insider in the former Soviet Union said: "The gangs here think you in the West have too much money and that you are not careful with it. We were told for decades that you were decadent capitalists and that you were weak. That message had its effect even on our criminals."
Meanwhile, the banking industry generally prefers to compensate customers - to the tune of around £1bn a year - rather than tell the police of every case and suffer a public crisis of confidence.
A banking industry source confirmed: "We don't report the smaller ones because of the impact on the image of the bank. Customers' confidence would be affected.
"Banks also hate having their staff on the witness stand. You don't know what a defence lawyer might ask, and you might be forced to reveal information about procedures which you wouldn't want people outside the company to know about."
Paul Leckie, a partner in Unisys global financial services, which provides security analysis to the industry, added: "If it's under £2,000 then they don't bother reporting it."
But while they may be reluctant to involve the police, the banks cannot be accused of doing nothing. Based in Northampton, Barclaycard's anti-fraud centre has a rogues' gallery of wanted fraudsters and figures charting the team's progress in the never-ending battle with the conmen.
Rebecca Mckee, the anti-fraud team leader, said: "When you speak to a customer, having detected a fraud, it's quite a shock to them and they need reassurance."
Sometimes the work involves talking to the people who will ultimately be snared by the team's investigations. "It's exciting. You get a buzz," Mckee said.
But Duns remains surprised at what he sees as the lack of control over card use. He said: "I recently bought a car with my debit card and no security checks were done.
"I find it worrying that considerable sums can go through electronic machines with no questions asked."
HOW THE CARD CHEATS CAN TARGET YOUR IDENTITY
ID THEFT - Criminals steal personal details, for example through discarded bills and use the information to divert credit cards and cheque books to an alternative address and even get loans in the victim's name.
CLONING - A card is swiped through an electronic reader to retain the details. A copy of the card is then produced which can be used by a fraudster.
PHISHING - A rogue email, usually purportedly from a bank and requesting financial details.
PHARMING - An email invites users onto a computer link to divert a computer from shopping websites to fake retail pages set up by criminals for bank details.
SPYWARE - Computer programmes keep a log of what a user does at their computer and which internet sites they visit. Commonly used by marketing companies.
How to stop the cheats from grabbing your cash
The top tips to keeping your money safe include:
• Never let your cards out of your sight - their details could be written out by hand and swiped through a reader in a matter of seconds, leaving you potentially vulnerable.
• Narrow down your pack of cards so you keep tabs of each one. It will also make it simpler if you have to remember fewer numbers.
• Do not write down your personal identification numbers. Banks allow you to change them to something a bit more memorable.
• Never use a cash dispenser which looks in any way unusual. Some have sniffing devices on the front and some are actually 100% fake.
• Join a card protection scheme, such as Sentinel, which insures you against all losses, keeps a track of your plastic and does all the work cancelling the cards if you become a victim.
• Shop in outlets set up for chip and pin rather than card and signature - there is less chance that you and your card can be parted.
• Shred all your documents, or rip them up into very small pieces if a shredder seems melodramatic. If you have a home fire you could even consider burning them.
• Make sure no one is looking over your shoulder when you use your card. Gangs operate in teams - one checking the number and others angling to steal or clone the card, maybe much later.
• If someone phones up purporting to be from your bank, offer to call back. No bank staff will ever have a reason to ask you for your PIN number. Most banks do not e-mail customers, and those that do will address you by name.
• Install spyware protection on your computer in addition to anti-virus and firewall software. And keep it up to date. Unlike anti-virus programs you can operate more than one spyware killer. Use it regularly.
• Ignore spam e-mails with offers that are too good to be true. You have not won the Canadian Lottery - there is no Canadian Lottery to win. And no one is offering you the latest iPod for nothing.
• If your children use your computer for instant messaging teach them not to click on strange links or to tell you if they have.
• Police recommend checking out www.getsafeonline.com for the latest advice. A tip for connoisseurs of junk e-mail: the word 'the' appearing in odd places means it is likely to be from eastern Europe. Most Slavic languages have no definite article and placing 'the' wrongly is a common mistake.
TERESA HUNTER
PERSONAL FINANCE EDITOR
February 12, 2006 at 01:28 PM in Financial Services | Permalink
| TrackBack (6)
| Top of page
| Blog Home
