Fraud using payment bank cards

Among the crimes provided for by criminal law is fraud. It is provided for in Art. 159 of the Criminal Code of the Russian Federation and describes situations where a criminal takes possession of the victim’s property using deception or abusing the trust that was previously placed in him.

Let us consider what the elements of this crime include, and how it differs from similar types of criminal acts.

Fraud schemes with plastic cards: when transferring money to a card, through a mobile bank

If we talk about fraud with plastic cards in its everyday concept, then the methods of fraud with bank cards are very diverse. For example:

• fraud when transferring money to a card - the criminal deceives the card number and CVV code - supposedly to transfer payment or to return an erroneous transfer, and, accordingly, gets the opportunity to pay with someone else’s card on the Internet;
• fraud with bank cards through a mobile bank - the fraudster begins to connect the mobile bank to someone else’s card from his device, and obtains the connection code from the cardholder who received the SMS; this allows the fraudster to quickly withdraw funds from all accounts of the cardholder or obtain a credit card and use it;
• by adding a special device to ATMs (real or fake) that reads card data; this type has its own name - skimming (based on the data received, a fake payment card is made, with which money is withdrawn from the account);
• by installing overlays on ATMs that capture the card, or a “Lebanese loop” (special devices or just a piece of hard film that prevent the card from getting into the ATM; fraudsters spy on the PIN code and, after waiting for the victim to go to the bank, take out the card and withdraw it from it money).

Banks and law enforcement agencies are not without success in combating the listed crimes, so their prevalence in Russia is constantly changing depending on factors such as banks strengthening the protection of cards and ATMs and the technical development of fraudsters in response.

Whether the bank is obliged to return money when it is written off from a bank card or via Internet banking without the client’s consent, find out in ConsultantPlus. If you do not have access to the K+ system, get a trial demo access for free.

Internet

When paying for programs, books, music, or goods purchased online, you are often required to enter your card number. The funds for the purchase are written off, and the happy owner of the new game does not think that his card number could become known to scammers. Interception can be carried out using programs installed on the seller’s website, and then the money will be debited from the card. You can avoid this risk if, when paying for goods online:

• keep money on a special bank card, to which more funds are not transferred than necessary to make one purchase;
• use virtual bank cards;
• do not use unverified sites;
• install the Secure Code service.

Fraud with bank card numbers: technical ways to combat it

Of great importance for the fight against fraudsters who commit thefts from payment cards was the change on March 16, 2015 “Regulations on requirements for ensuring the protection of information when making money transfers...”, approved. Bank of Russia 06/09/2012 No. 382-P. These changes actually eliminated the use of payment cards on which information is stored only on a magnetic stripe: according to clause 2.19 of the Regulations, from 07/01/2015 it is possible to issue debit or credit cards equipped with both a microprocessor and a magnetic stripe. This has made it more difficult to counterfeit credit cards based on skimming information.

Then many banks (Sberbank, Gazprombank, VTB, Bank of Moscow, etc.) and international payment systems (Visa, MasterCard) introduced protection against unauthorized payments by the card owner on the Internet. Previously, a fraud scheme with bank cards was used, in which unauthorized persons paid for purchases on the Internet in those stores that required a minimum of payment details (only the card number, number and name of the owner, number and CVV/CVC code). 3D-Secure technology counteracts this method of theft - it provides for payment to be made only after entering the code received at the mobile phone number linked to the card in the online store.

IMPORTANT! Fraud with a bank card number on the Internet does not fall under Art. 159.3 of the Criminal Code of the Russian Federation, and under Art. 159.6 of the Criminal Code of the Russian Federation.

Types of fraud

Fraudulent activities can be classified into:

• Internal, which are carried out by company management and employees.
• External, the participants of which are counterparties of the enterprise and outsiders.

BY THE WAY! Internal corporate fraud is the most common illegal activity. Their peculiarity is the ease of implementation due to the availability of access to material assets and financial resources in the process of implementing work activities.

Manifestations of internal fraud may include:

• poaching the company's clientele;
• supplying competitors with confidential information of a technological or financial nature;
• falsification of documentation using original seals and company letterheads;
• attracting subordinates to carry out work outside of the job description to satisfy personal needs;
• early unjustified write-off of assets for the purpose of their appropriation, fraud with the payment of wages to employees.

Based on the nature of the actions, corporate fraud is divided into groups:

• Corruption events.
• Asset appropriation (cash or inventory).
• Preparation of fictitious financial statements with overstatement or understatement of the amount of income (profit).

FOR REFERENCE! The corruption component of fraud is manifested in bribery, provision of preferences for a fee, and extortion.

Fraud with plastic cards in Russia - legal ways to combat it

Special types of fraud appeared in the Criminal Code of the Russian Federation on December 10, 2012 (see Law No. 207-FZ dated November 29, 2012 on amendments to the Criminal Code and a number of other legislative acts), including payment card fraud.

Previously, actions that now fall under qualified offenses were considered fraud under Art. 159 of the Criminal Code of the Russian Federation. An important milestone in the qualification of fraud, including with payment cards, was the Resolution of the Plenum of the Supreme Court of the Russian Federation dated November 30, 2017 No. 48.

The consequence of the emergence of new special offenses of fraud for citizens already convicted or under investigation was the reclassification of their actions (see, for example, Resolution of the Presidium of the Samara Regional Court dated May 29, 2014 No. 44u-86/2014). The fact is that new types of fraud were considered by the legislator to be not so socially dangerous - the maximum penalty for committing them is lower than for fraud under Art. 159 of the Criminal Code of the Russian Federation (4 months of arrest versus 2 years of imprisonment for non-aggravated acts).

Note! If you suspect that fraudulent transactions have been committed, you must contact law enforcement agencies and write a statement about the commission of a crime.

You can make such a statement for free by clicking on the picture below.

How to return money written off from an individual’s bank card without his consent? The answer to this question is in ConsultantPlus. Get trial demo access to the K+ system and access the material for free.

Anti-corporate fraud

Preventing the occurrence of fraud within an enterprise should be aimed at strengthening control over the work of personnel. For this purpose, a system of double control and additional verification of officials vested with a wide range of powers is being introduced. Systematic independent expert audits will minimize the risks of financial fraud and fictitious transactions with materials.

It is recommended to create a security service; if necessary, access control of all visitors and employees is introduced. If a violation of labor discipline is detected, the manager must show will and punish the offenders. As a motivating factor for impeccable work, you can use the creation of the most comfortable working conditions and offer employees decent payment for their actions.

Composition of the crime for fraud with payment cards

Regarding the subjective side of fraud with plastic cards, we note that this is an intentional crime (direct intent). Moreover, despite the fact that the theft does not occur “from the pocket” of the victim, the criminal expects to satisfy his self-interest precisely at the expense of the card owner, and not the bank through which the funds are stolen.

The subject of this crime is a person over 16 years of age.

The object is, as in other parts of Chapter 21 of the Criminal Code of the Russian Federation, social relations in the field of property rights. There is no consensus on the subject of the crime - in this case, the following are considered as such:

• cash;
• the cardholder's rights to stolen funds.

Perhaps the subject differs depending on what purpose the criminal pursued by misleading an employee of a bank or trade organization: for example, obtaining a loan for salary card holders clearly indicates that the subject was the rights of the real card owner.

IMPORTANT! The card can only be a payment card - debit or credit - but not a fuel or other discount program card that does not contain funds for theft.

The objective side is specific in comparison with other types of fraud - it is not the owner of the property who is misled by deception or abuse of trust, as usually happens in the “classic” fraud of Art. 159 of the Criminal Code of the Russian Federation, and an employee of a bank or trade organization. The composition is material, that is, the theft is recognized as committed after the criminal receives money or other property benefits and the fraudster has the opportunity to dispose of the stolen property.

Phones and other mobile devices

But if Mobile Banking is installed on a mobile device, then visiting sites that can launch a virus program into the device and replace the Internet Banking window with your own design is possible. It is necessary to be extremely careful about any, even minimal, changes in the interface. At the same time, such fraudulent programs can simultaneously block the receipt of SMS messages about withdrawing money from the account. Failure to receive a message about your own operation will already be a signal to update your anti-virus software.

A lost phone with Internet banking installed on it will be a fraudster’s dream, despite the fact that browsers do not remember passwords to enter your personal account; the password could be read by a virus program. Based on this, you need not only to think about the safety of mobile devices, but also to be attentive to the situation when a mobile device is sent for repair.

Distinguishing fraud with plastic cards and related frauds

It is obvious that not every type of fraud perceived by citizens as fraud using payment cards is recognized as such by criminal law. Qualify under special art. 159.3 of the Criminal Code of the Russian Federation, for example:

• skimming, if the resulting fake card is used to purchase goods, obtain a credit card from a bank (Article 159.1 of the Criminal Code of the Russian Federation in the latter case is not applicable, since for fraud in the field of lending, the presence of a borrower is fundamental);
• making offline purchases using a stolen card;
• obtaining a payment card using forged documents (see Certificate-summarizing the study of judicial practice of consideration by the courts of the Samara region of criminal cases of crimes under Articles 159.1 - 159.6 of the Criminal Code of the Russian Federation).

The production and sale of counterfeit payment cards constitutes an independent crime - Art. 187 of the Criminal Code of the Russian Federation. In the case where a person produced and then used a bank card in a trade organization, what he did is qualified under the totality of Art. 187 and 159.3 of the Criminal Code of the Russian Federation.

IMPORTANT! The fundamental sign of a crime under Art. 159.3 of the Criminal Code of the Russian Federation is misleading an employee of a bank or retail outlet - for example, when in order to issue a credit card to the supposed holder of a salary card, the fraudster presents a fake passport (see paragraph 17 of the resolution of the Plenum of the Supreme Court of the Russian Federation dated November 30, 2017 No. 48). When a criminal withdraws cash using a counterfeit or stolen card from an ATM, this does not constitute fraud, since there is no person being deceived using the plastic card. Such a crime is theft (Article 158 of the Criminal Code of the Russian Federation).

Motive, purpose, emotions

Since fraud is one of the types of theft, the following conditions regarding the subjective side of the composition apply to it :

1. Motive. Usually it is self-interest - however, we must remember that this is far from a mandatory factor.
   “Noble fraud” is also quite possible, when the criminal, although he takes possession of other people’s valuables through deception or broken trust, then does not use them himself, but transfers them to someone free of charge. In particular, in the practice of investigating criminal cases, there have been situations when, when committing fraud with complicity, one of the group members voluntarily renounced his share in favor of an accomplice (for example, if he urgently needed money). Fraud did not cease to be a crime, but there was no mercenary motive in the actions of this person.
2. Target. It is precisely the alienation of someone else's property or the acquisition of rights to it. The purpose of this crime is always selfish.
3. Emotional-volitional part. In order to qualify a crime as fraud, it is necessary that the perpetrator is aware of all the essential aspects of this crime. This means that he must know that he is appropriating other people’s values ​​for free, and also using lies or using trust for evil.

Common Questions

What to do if fraudsters received your card details and debited the money?

If fraudsters were somehow able to gain access to the card and debited funds from it, then the victim should:

1. Contact the bank and block the card.
2. Write a statement at the bank office stating that the specified operation was not carried out by the victim.
3. Write a statement to the police about the theft of funds from the card.

What should I do if they call from the bank and ask for card details and access code?

Under no circumstances disclose your card details to anyone, as well as the CVC code located on the back of the card. Bank representatives know who the card is registered to and see the client’s information.

Fraudsters also use SMS messages with a message that the card is blocked. The client calls back to the specified number, and the scammers report that there was a failure on the server and ask for the card number and PIN code that was sent to the victim’s phone. Once this information is shared, scammers can control the victim's account.

What is phishing?

Phishing is the theft of card data by creating mirror sites. That is, scammers create a mirror site exactly like the original. The difference may be one letter of the domain name. Next, the client enters personal data, pays for the purchase and is left without a service and without money. As a rule, scammers fake the websites of airlines, insurance companies and banks themselves.

If you have logged into online banking and have not received an SMS about logging in, we recommend that you immediately contact the bank and block your account. You can unblock it by contacting the bank with your passport and a mandatory password change.

Sources: Resolution of the Plenum of the Supreme Court of the Russian Federation dated November 30, 2017 No. 48

You can find more complete information on the topic in ConsultantPlus. Free trial access to the system for 2 days.

Phishing

Fraudsters use several standard mechanisms for stealing money:

• a mobile phone, sometimes not even linked to an account, receives a call from a bank employee or even its security service. The client is told about questionable movements on the card and is asked to provide the CVV - the code for verifying the authenticity of the card by the payment system. You should never report anything if the call was not made by the client using the support number; any information can be used for theft. It is better to interrupt the call and call your bank manager back yourself;
• The client receives a letter signed by his servicing bank. The link offered in the letter leads to an analogue of your personal account, where you need to enter your login and password. Banks never use this method of working with clients; any letters to personal email with a request to provide personal data, card number or enter your login and password signed by a bank employee will be sent by a fraudster.

An analogue of phishing is pharming, but this method is more complicated and only works with small banks. It is impossible to replace the official Sberbank page with a fake one and gain access to citizens’ online bank, but theoretically, using the capabilities of DNS servers, this can be done with small credit institutions. In Russia, information about such cases was not reported to the public press, either because this type of theft was not used, or bank security services managed to prevent such cases and prevent the leakage of dangerous information that could cause damage to reputation in the media.

New method of theft

Recently, fraudsters tried another modern method of stealing funds from plastic cards using mobile communications. From the number 900, which shows that the message came from Sberbank, a message is received prompting you to send a response SMS to confirm or cancel the money transfer. Next, the frightened client receives a call from the number 8-800-555-5550. A person who introduces himself as a bank employee confirms the need to send an SMS to cancel the transfer. If the client does this, then the money goes away. Modern mobile communication technologies make it possible to operate in this way, replacing real telephones with telephones of a credit institution.