A particularly brash form of this second type of credit card fraud is conducted over the telephone.

How the Fraud Works

You make a purchase and hand the clerk your card. Your credit card information is gathered either by scanning the card into a legitimate scanner, a secondary and illegitimate scanner or physically copied.

The information captured by the secondary scanner or physically copied can be delivered to a fraudster for later use. Fraudsters sometimes patiently refrain from using your information for months in order to disassociate the date and place where the information was taken from the date and place of its first illegal use.

Sophisticated modern fraudsters are less interested in using this information to buy things than they are in using it to gain access to more of your personal information. This is why credit card theft is so often associated with identity theft.

To get this additional information, the fraudster uses the name on the card to find your telephone number then calls you.

The caller first identifies him- (or her)self as an employee of the “security” department of the card issuer, provides a reference or badge number to give the call an aura of authenticity, and asks you to record the data in case you have to call back. The fraudster proceeds to tell you that your card has been flagged because there seems to be some unusual activity. He then asks whether you have purchased an item for $X from Store Y in Z location. Naturally, you answer in the negative and, as anyone would, thank him for calling and ask how he is going to reverse these improper charges.

The fraudster tells you the reversed charge will appear on your next credit card statement. He confirms where the statement will be sent by telling you your own address and asking you to verify. You confirm.

The fraudster suggests that if you have any more questions to call the 1(800) number on the back of the credit card and ask for him and quote the reference or badge number given earlier in the conversation. At that point you will be provided with a case reference number to record in the event there are any problems with the reversal of the charge.

The Sting

The fraudster then implies that he hates to question the credit card holder's integrity but procedures require they be assured the credit card is in the holder's possession. To prove you have the card he will ask you to turn the card over and read the last four numbers of your 16-digit card number and the last three (VISA, MasterCard, Discover) or four (American Express) digits which are the Card Verification Value (CVV) code. This is what the fraudster is really after. The CVV is not part of the card number but a cryptographic check that identifies the card number as uniquely yours. Because the CVV number is not embossed it is not printed on any receipts. The CVV is used primarily as a check in “card not present” transactions such as an Internet purchase, especially when the purchase is made in another jurisdiction, e.g. buying a book in Germany.

Once this data is acquired the fraudster politely thanks you for your cooperation, hangs up and immediately initiates an online purchase using the credit card number and the CVV number, thereby confirming rightful ownership.

Later, when your actual statement arrives, it will be difficult to deny the purchases because the credit card company will determine that not only were the credit card number and expiry date provided, but the credit card use was confirmed by the CVV number.

How to Avoid being Stung

To limit the potential for being scammed take the following precautions:

1. Never let your credit card out of your site when making purchases.
2. Provide absolutely no information about your card over the telephone or the Internet than is needed to complete the transaction.
3. Keep all of your receipts whether issued over the Internet or issued at point of sale to establish a spending profile.
4. If you have lost or misplaced your credit card, immediately call the number on the back of your credit card. Should you receive calls such as the one described call your credit card issuer immediately and report the incident.
5. Prudence would suggest recording credit card numbers along with the 1(800) numbers for quick reference.
6. Minimize your losses by dedicating one credit card for use only on the Internet. Maintain a low credit limit $500 to $1000 to limit losses that may not be covered by the credit card issuer.
7. Review your statements each month and match your credit card receipts with the statement.