Owing rampart cases of card fraud where individuals are billed for purchases they did not authorize, many Kenyans are afraid of using their debit or credit cards online when shopping.
One of the popular online card fraud case in the past years worldwide is carding. It originated from the dark web. Most of the activities that takes place in the dark web are not traceable. That’s how dark web infrastructure is structured.
What is Carding?
According to Wikipedia, carding is the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. The process encompasses exploitation of personal data, and money laundering techniques.
In other words, the scammer makes sure the stolen card is working. He then uses it to purchase a prepaid card on his name. From there, further purchases with the prepaid card will be hard to trace.
Though cases of carding has not been reported in Kenya yet, scammers popularly known as wash wash are doing it.
On this blogpost, I will focus on 8 common card fraud cases in Kenya. I will cover them from the most common to the least common.
- Card Cracking
- Chargeback fraud or friendly fraud
- Account takeover on e-commerce website
- Interception fraud
- Point of Sales(POS) Fraud
- Phishing and Vishing
- Keystroke logging
- Application Fraud
1. Card Cracking
Card cracking is the use card stolen numbers.
Two Bulgarians, Ivan Petkov and Milko Kostadinov, were arrested and charged in a Kilifi court when they were found with 44 ATM cards and over Sh2 million.
The money is believed to have been stolen from various bank accounts using the cards.
When enquiries was made on the affected banks, they were unable to trace or explain how the money was getting lost. This left them with no option but to refund the affected customers.
2. Chargeback or Friendly Fraud
This is a case where a customer makes purchases using their own credit or debit card and then disowns that transaction saying that it was not them. This kind of fraud is usually easy to trace.
Evidence can found in form of – cvv/avs match, IP address match, location data, copies of e-mailed invoices, the terms and conditions the customer agreed at the time of purchase e.t.c
3. Account Takeover On a E-commerce Website
Ever heard of people complain that their account has been hacked on a merchant site like Jumia, Amazon e.t.c? If the user had their credit card registered as a payment method on the hacked account, the fraudster will make purchases from the site until the debit account runs dry.
If this is not reported early, the fraudster can get away with it. On the other hand if the case is reported early enough, the hacker can be easily traced using the delivery address he/she has entered for the ordered items or the billing address he used in purchasing a given digital product e.tc.
4. Interception Fraud
Lets say you are browsing online and you found a product you like on a given website. Let’s call the site A. You do your own due diligence and you find out that site A is safe and secure. You use your card to purchase the product. A week later, you receive an e-mail notification that your have made another purchase (that you did not authorize) on a different site (lets call it site B) using the same card you used to make a purchase a week earlier.
This is what is called card interception fraud. The site owner or admin of site A took your card details and card information you supplied and used it to make the purchase on site B.
I recently saw a tweet of a foreigner warning travelers coming to Kenya to watch out for fraudulent e-visa scam sites especially kenyan-travels.com. They site appears legit but they will scam users ID and credit card.
5. Point of Sales (POS) Fraud
Point of sales fraud happens when a skimming device is attached to the POS devices to scan and store card information while the customer completes a swipe transaction. Several cases of scammers attaching a skimming devices on an ATM machine has been reported in US in the past years.
6. Phishing and Vishing
Phishing is very common in Kenya especially with Mpesa users and KCB bank account holders. This is where fraudsters impersonates official communication from the bank or service provider with the aim of duping unsuspecting users into revealing their credit card details. If they succeed, they will withdraw everything from the account of the victim.
7. Keystroke Logging
In order for the fraudster to succeed with Keystroke logging, they will first need install a malicious software or hardware on the target device. The malicious software will be used to capture credit card details through recording every key pressed on their system.
Keystroke logging happens mostly to users who purchase cheap used gadgets online.
8. Application Fraud
This is a type of identity theft where fraudulent actors impersonates a genuine customer to obtain a credit card. The fraudsters uses customers stolen or counterfeit documents to make their application.
How are the banks are working to curb card Fraud
Most banks are now upgrading from 3D secure version 1 to 3D secure version 2. With 3D card authentication, the system identifies you as the actual card holder before any transaction can take place by sending a One time password(OTP) on users registered mobile number. This will prove that the actual card holder is the one undertaking an online transaction and therefore it is a genuine transaction.
Global card payment industry mandate requires all the banks to move to the newest version of 3D secure by October 2022.
Ways to Safeguard Yourself Against Debit/Credit Card Fraud
- Report stolen cards to your bank.
- Be careful when using your card online. Do not give out your credit card number online unless the site is secure and reputable.
- Memorize your CVV number then scratch it off the card to avoid misuse when you lose or its stolen.
- Setup alerts of all your transactions. This way you will be notified of any fraudulent transactions on your card.
- Be careful when responding to special investment offers especially from unsolicited e-mail addresses.
- Keep track of your documents and ensure you destroy redundant copies before disposal. This way, none of your private information will be exposed.
- Be extra careful when dealing with foreign businesses or companies outside your country.
And that is it from me.
What’s your card fraud story? Share your thoughts in the comments section below.
Until next time, bye and take care.
Follow me on twitter @cheptiony.