With the development of means of communication and communications of people, the possibilities for making payments have greatly expanded, and the distance between the seller and the buyer has ceased to matter, since non-cash payments do not require carrying a wad of bills or a bag of coins in order to pay bills. About 70% of payments in our country and about 90% in European countries and the USA are carried out using plastic cards, which are increasingly replacing cash, allowing you to pay for any goods and services not only at the place of purchase or consumption, but also via the Internet.
The withdrawal of a huge money supply from direct circulation allows not only to significantly save on the regular renewal of paper banknotes, which wear out quite quickly, but also creates an unfavorable environment for counterfeiters, depriving them of a market for their counterfeits. New methods of protection from intruders have always caused an immediate reaction on their part and the emergence of a new criminal craft, such as the production and sale of counterfeit plastic cards. So, let's talk about the specifics of such a crime as the production of counterfeit credit and debit cards with false data.
Basic definitions
The production of plastic payment cards is a high-tech process aimed at completely recreating the characteristics of the original with the possibility of using its copy for non-cash payments.
Sales imply any method of alienation.
The general concept of fraud is contained in the corresponding article of the Criminal Code - 159. In accordance with part 1 of the article, fraud is:
theft of someone else's property or acquisition of rights to someone else's property through deception or abuse of trust.
A narrower understanding of criminal law is the concept of fraud using payment cards:
theft of someone else's property, committed using a counterfeit or a credit, payment or other payment card belonging to another person by deceiving an authorized employee of a credit, trade or other organization.
This type of fraud is qualified and can be committed only if payment cards are used for personal gain: debit and credit.
- the former are used by the owner to manage personal funds that are located in his own bank account;
- the latter provide for the disposal of bank funds (credit). In the future, the owner will need to return them.
Download for viewing and printing:
Article 159 of the Criminal Code of the Russian Federation “Fraud”
Illegal production, sale and counterfeiting of bank plastic cards
Using bank cards, the owner can remotely manage his own savings stored in the account of the bank that issued the card and is responsible for organizing the transfer of funds to the second party of the settlement: the seller, provider or other entity involved in the civil form of the relationship.
Incidents of counterfeiting in this industry can, like criminal acts of counterfeiters, cause similar financial damage.
The peculiarity of the illegal production of bank cards by criminals and/or their subsequent sale lies in the interconnection of these crimes with other illegal actions, because information about the owner and the means of payment itself must first be obtained.
To obtain such information, many illegal methods are used aimed at obtaining the original funds and the current PIN code. A fake copy is made and linked to a real bank account. Such initial actions may have the characteristics of other crimes, the purpose of which is illegal possession.
Usually, attackers use fraud to achieve this, but sometimes they do not hesitate to commit robbery.
The investigation of such crimes and the establishment of facts of falsification and sale are complicated by one important feature of making payments using cards (payment or credit) - all payments by the recipient of the funds are made remotely.
Important! The peculiarity of sales is that it can be effectively veiled in the form of a sale, donation, exchange, transfer for temporary use, but the result will be the same - the means of payment will be used to make the payment.
Actions aimed at recycling counterfeit products, when a person simply throws them away, even taking into account the fact that there is a risk of detection of counterfeit by other persons and the possibility of its use, are not covered.
All actions aimed at the unofficial issuance of payment cards to ensure free disposal of funds on them are qualified under Article 187 of the Criminal Code of the Russian Federation. This type of crime also causes significant harm to the economic sphere.
The organization and implementation of a criminal plan requires the involvement in this area of subjects with relevant special knowledge, operating in the economic structure, knowledgeable in computer technology and mastering the techniques and methods of electronic recording of information.
Download for viewing and printing:
Article 187 of the Criminal Code of the Russian Federation “Illegal circulation of means of payment”
What should the victim do? Where to go and can I get my money back?
As soon as a bank card holder suspects that part or all of the money has been withdrawn from his account, action must be taken immediately.
First, you need to make sure that the funds were withdrawn illegally, and not that one of the relatives used the card or that the amount was withdrawn monthly to write off a debt imposed by bailiffs. Then you must immediately call the bank's hotline to block the card.
After this, you will need to visit the bank branch in person to file a statement of disagreement with the transaction. It is strongly recommended to read the bank’s terms and conditions regarding the return of funds using the cancellation procedure, which is indicated in the contract.
After reviewing the submitted application, bank employees will cancel all illegal transactions carried out with the bank card and return the debited money to the owner’s account. But this will only happen if it turns out to be possible. Recently, scammers have been using the latest debiting techniques that make it impossible to return funds to their rightful owner.
There may be situations when banks refuse the transaction procedure for no apparent reason. Then the victim of the fraudsters’ actions must file a complaint with the police or prosecutor’s office.
To make the process of returning money stolen from the account faster, the victim must, in addition to the application to the bank, attach the following documents:
- Details of calls and SMS messages for the last month taken from the mobile operator.
- An extract from the bank about all transactions (transfers and receipts of funds) carried out with the card for the current year. This will clearly show where/from where the funds were sent, from whom/to whom and in what quantity. The extract also informs about the data of the other sender/recipient.
- If the bank refused the transaction, then in order to further contact the police or prosecutor's office you will need to take a corresponding letter of refusal.
Types of fraud with bank cards
Today, almost every resident of the country uses payment cards, so this area is becoming increasingly attractive for many fraudsters.
The development of electronic technologies has also influenced the increase in methods of committing fraudulent acts in this area. Every day, hundreds of cases of fraudulent misappropriation of citizens’ funds through their payment cards are registered.
Avoiding attacks or minimizing the risk of financial losses is often possible only by being careful and following certain rules dictated by specialists, which will be mentioned below.
Advice! To protect yourself from attacks, it is extremely necessary to know about the methods used by criminal elements. A person’s awareness is the key to his security.
PIN code
One type of fraud is the illegal seizure of the cardholder’s personal code.
The introduction of a digital code designation allows you to identify the card owner and establish the possibility of carrying out actions with cash. Data entry is made through special. device - Pin Pad.
Often, to determine the code, attackers place a separate device near the reading sensor. A counterfeit Pin Pad records the password entered by the owner through an ATM (in some cases, the code entry is recorded on a mini-camera). After establishing a code that provides access to the payment instrument, all funds are simply withdrawn from the account.
The owner may only have time to receive an SMS notification upon the withdrawal of all his cash.
Phishing
Another type of fraudulent activity with payment instruments is via the Internet.
Phishing refers to the sending of emails to potential targets. Typically, an attachment to a letter requires the user to confirm his (confidential) data when going to a “duplicate” of the original company website. The unsuspecting victim of criminals assesses the situation as real and carries out the actions required of her independently, thus providing the attackers with access to funds.
Vishing
Another ornate fraudulent method that arose relatively recently.
The actions are similar to the previous ones, but are performed via voice notification. Cases of making such calls are the most common. The method has its own nuances. The attacker imitates a robocall, pushing the victim to take necessary actions that reveal confidential data.
The owner receives a call allegedly informing him:
- About the commission of fraudulent actions in relation to his personal payment card and the need to follow instructions;
- Then the instructions themselves are given. Typically, during the briefing, the injured person receives a telephone number to call back immediately;
- After the call, the fraudster introduces himself under a false name, thus proving his identity and says that he is a representative of a particular bank.
A person, thinking that he is following the instructions of a bank employee “for the purpose of reconciliation,” enters the personal payment instrument number from his mobile phone.
Other data can also be “compared”:
- the period during which the card is valid;
- valid PIN code;
- holder's passport details, etc.
The information obtained is used for personal gain to steal money through mobile banking.
Improved method
The peak of fraud cases using mobile banking occurred in 2012.
Then messages were sent out en masse. The text informed the recipient that his card was falsely blocked and that he needed to dial the specified number to carry out unblocking actions. A number of citizens were trusting of such tricks and did everything they demanded.
Advice! In this case, it is not recommended to immediately carry out actions dictated over the phone. To exclude cases of fraud, the data should initially be clarified by calling the bank.
The deceived person calls the number provided. The scammer answers him, but introduces himself as a specialist from a banking institution or an employee of a service that ensures customer safety, asking whether he has a connection. If this option is available, the “false employee” asks you to provide basic information regarding the account. By deception, they obtain information about the card number, access code and validity period.
The citizen himself allows the criminal to perform “unblocking” operations, but the latter only withdraws all funds from the account.
But not everyone has a “mobile bank”. In this situation, the victim is asked to go to the terminal and perform a series of operations. Confusing the citizen, the latter is dictated to actions aimed not at “unblocking”, but at transferring his own savings to accounts and telephone numbers prepared in advance by the attackers.
Important! This type of fraud is based on citizens’ ignorance of the powers of representatives of financial institutions - the latter cannot demand electronic keys and ask to dictate the account number.
Non-electronic phishing
This type of fraud is committed when citizens make cashless purchases and dial their PIN code on their own.
Deception schemes require the creation of target organizations, retail outlets, etc. Sometimes existing companies can be used, where fraudsters or their proxies get a job in advance.
During the purchase and settlement operations, a service is provided. Payment requires the buyer to enter his PIN code. Reading comes from a replacement device that stores data by copying it from magnetic tape. The victim's funds are withdrawn from the account using a regular terminal.
Virus
This method is the most dangerous due to its technological complexity.
To extract data from payment instruments, a virus specially created by attackers (or at their request) is used. It is separately implemented into the electronic system of the terminal.
Such a scheme implies the presence of deep knowledge in the computer field, the features of “hacker” programming.
Other common scams
- Theft of means of payment followed by zeroing out the owner’s personal account. In most cases, theft of money from an account occurs when the owner or bank does not respond in a timely manner. In the first case, the owner finds out about the loss late, in the second, the financial institution does not have time to take measures to block the account;
- Counterfeiting of original cards. All information about a person’s account acquired illegally is copied onto a prepared “blank” - a plastic blank;
- Payment for various services, purchased goods via the Internet, using the real account of the injured person;
- The card becomes available to the criminal when the address data is changed or when the requirement to issue a duplicate credit card is implemented;
- The "double rolling" method is often used. This fraudulent scheme involves a conspiracy among a number of companies. When rolled repeatedly, several copies of the slips are obtained, which are subsequently used to implement the criminal plan.
SMS messages from spoofed numbers
A fairly simple method, which is implemented according to a scheme similar to the previous example. Only in this case, the cardholder’s phone receives not a call, but an SMS message from a number similar to the bank’s number.
So, in mid-2022, many users of Sberbank cards began to receive messages from number 9000, which asked them to evaluate the work of the bank branch staff. Moreover, Bank No. 1 has never had such a short number. Sberbank uses a similar number – 900, which the scammers took advantage of.
The message asked the user to rate the bank's performance on a 10-point scale, with a response SMS message being sent with a number corresponding to the rating given. The user sent a message, after which another one came, in which it was recommended to register card details to compile general statistics.
Having received the card details, the attackers performed a “verification” operation, under the terms of which 1-3 rubles were debited from the card account. Considering the number of Sberbank card holders, the approximate amount of damage can be calculated without calculation.
Advice: all short bank numbers must be written down in the phone book, and if the number turns out to be unfamiliar, then no reply messages should be sent to it. If possible, you can contact the bank’s technical service and clarify the information.
Brobank.ru: As a result: every modern fraud scheme is designed specifically to weaken the vigilance of the card owner. Therefore, if the slightest suspicion arises, the easiest way is not to take risks, but to check the information in any available way.
5 / 5 ( 2 voices)
about the author
Evgeniy Nikitin Higher education majoring in Journalism at Lobachevsky University. For more than 4 years he worked with individuals at NBD Bank and Volga-Credit. Has experience working in newspapers and television in Nizhny Novgorod. She is an analyst of banking products and services. Professional journalist and copywriter in the financial environment [email protected]
Is this article useful? Not really
Help us find out how much this article helped you. If something is missing or the information is not accurate, please report it below in the comments or write to us by email
How to avoid becoming a victim and what to do if you discover a fake
In order not to fall under the intricacies of attackers, you should remember:
- a bank card for making payments is absolutely free for any client;
- it is not purchased secondhand or at the suggestion of banking employees.
It can be issued by:
- at the place of application directly at the financial institution;
- send by mail in the form of a registered letter;
- by postal delivery by courier.
To exclude the possibility of it being taken over, the owner should be extremely careful when in public places: restaurant, store, etc. where non-cash payments are possible. You should not let go of the card. To use it, the scammer needs no more than a minute - as soon as the person is distracted, he will definitely take advantage of it.
The reading device itself can fit in the palm of your hand, so it is unlikely that others will notice any manipulations.
Distinctive features that allow you to recognize a fake bank card:
- there is no volume of the logo located on the hologram or its characteristic shine is not visible, the background itself is matte, and the image is not clear;
- a strip intended for affixing the owner’s signature or a magnetic strip that is not at the same level with the surface of the card and protrudes noticeably above it, which is detected the first time you run your finger across it;
- peeling of the laminating film is observed in the area of the edges of the plastic, it does not fit tightly on the hologram and near the protruding text part;
- some characters on the card can be erased manually (the structure of the microfont and/or the preprint may be unstable - repeating part of the initial 4 digits);
- There is no white color on the end of the product.
There are quite a lot of signs indicating the authenticity of plastic cards, and all of them primarily depend on which payment system a particular card belongs to.
Important! If any of the indicated signs of counterfeit are detected, the card cannot be used. It is prohibited to transfer it to third parties or use it in a bank. If possible and willing, contact law enforcement regarding this fact. As a last resort, just throw away the fake.
Advice from experts on preventing card fraud
Crime can be prevented - for this purpose, it is necessary to create conditions that prevent fraudsters. To do this, experts recommend following these tips:
- Personal data of the cardholder, such as a PIN code, should not be disclosed to anyone, even a trusted person. It is impossible to record it on paper and, even more so, to store such records along with the card;
- To withdraw cash from your card, it is better to contact the financial office. institution or use the nearest ATM. Fraudsters will not operate within the territory covered by bank branch surveillance cameras. In some cases, it is better to contact the cashier directly to withdraw funds;
- To eliminate cases of peeking and memorizing the code, if there are unauthorized persons near the ATM, you should close the keyboard from them and only then enter your code. But it would be better to simply turn to people showing uncharacteristic interest and politely ask them to move a little to the side so that they can carry out the necessary transaction from the ATM;
- Cases of assistance from third parties in withdrawing funds from the card should be excluded. It would be better to contact a representative of the banking institution or call support. As a last resort, ask your relatives for help in advance;
- There is no need to make purchases through unreliable and unverified sites. During any operations on the Internet, you should ensure that there is support for special 3D-Secure technology. It provides the ability to verify the validity of a transaction using a one-time password. The latter is sent by message to the client’s phone number;
- If you purchase something online, you need to ensure that your antivirus is updated in a timely manner;
- If your phone has a Mobile Bank connection, you can use the blocking by sending a separate message to a special. check. How exactly this action is performed, you need to find out from the organization where the account was opened;
- You should avoid carrying a significant balance on a card used for virtual purchases;
- Make sure to insure your means of payment in advance. This will allow you to return the funds. The insurance program will provide financial security;
- As soon as the card is lost and there is reason to believe that information about it is known to other persons, you must immediately take measures to block it by contacting the bank;
- To keep abreast of all transactions, you need to use the SMS client notification service;
- Protection is also possible by limiting the cost limit by the holder. To establish a ban, the owner must submit an application;
- When in places where payments are made in cashless form, you need to carefully monitor the actions of the seller (cashier);
- When rolling a slip (card imprint) in a store and without bank authorization, you need to make sure that the slip is destroyed;
- It is recommended to check your account statement regularly, at least once a month. Claims can be submitted to the bank.
Phishing - duplicate site
The most used scheme by scammers is to create a duplicate website that is visited by the owner of the bank card. This scheme is also the simplest. The bottom line: scammers create a duplicate of a website, most often the official websites of banks are used, to which they lure the card owner. The latter may be sent a letter with a link and a request to visit the site to perform a certain operation. There are many variations here.
An unsuspecting cardholder follows the link and ends up on the well-known website of his bank. Not all victims can immediately notice the difference, since duplicate sites are made identical to the original. The following is the standard scheme:
- Under the pretext of checking data, the bank operator asks the victim to fill out a form indicating card details, cvc code, and even pin code.
- After receiving this data, the page is reloaded, and the victim is taken to the real bank website.
- While the unsuspecting user is “wandering” through the official website of his bank, the scammers, having received the necessary information, withdraw funds from the card balance.
When money is discovered missing, it is almost impossible to change anything. Fraudsters can use foreign accounts that do not fall under the jurisdiction of either Russian banks or law enforcement agencies. That is why phishing is considered a simple and at the same time effective option, designed to avoid the inattention of plastic card owners.
Advice: no bank ever asks its customers for a PIN code for cards. When visiting a bank's website, the user should pay attention to the address bar or site address. Finally, you can always contact support to get confirmation.