Credit card hijacking

Last updated

Credit card hijacking is a form of credit card fraud and the term is used when a person's credit card is used by an unauthorized person (e.g. a thief or overaggressive vendor) to buy goods or services. The credit card owner usually has trouble reasserting control over the card, because generally it takes time for the owner to discover the theft, and the owner must distinguish legitimate purchases from illegitimate in a credible manner.

Contents

Identity theft

The first form of credit card hijacking is basically identity theft, which is the deliberate use of another person's identity. Identity theft is usually the result of serious breaches of privacy and often involves the victim compromising a great deal of financial and personal information [1] allowing the thief to charge an existing credit card account or open up new credit card accounts in the name of the victim. Methods of identity theft for credit card hijacking have involved mail interception or skimming of credit card data. The growth of online subscriptions and transactions have also brought along a variety of different phishing and the use of spyware and botnets.[ citation needed ]

Methods used

Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. There have been several demonstrations on how credit card fraud can be committed through RFID scanners. Although the possibility of credit fraud using an RFID scanner is rare, it is possible for it to happen. There are more occurrences with credit card fraud that happen through point of sale (PoS) that has been compromised with malware. The malware is typically installed by someone who hacks into the system from another location. [2] Another well known tactic for credit card fraud is the placement of skimmers on an ATM by the person or persons committing the credit fraud. [3]

Cancellation barrier

Another form of credit card hijacking is the continued charging of a person's credit card for a subscription to goods or services no longer desired by the credit card owner. This type of credit card hijacking was pioneered by major internet service providers (ISPs), credit monitoring services and online dating services, are perfectly legal, and are still common today in a wide range of subscription based goods and services. Credit card hijacking of this type came about as online subscription based marketers realized that traditional subscription systems, such as the annual subscriptions that paper magazines use, were an impediment to enrolling customers. For instance, a subscription that is US$24.95 per month costs US$299.40 annually. By breaking the subscription period into small units like months or quarters, and allowing direct monthly charging of the subscriber's credit card, the psychological and economic conflicts subscribers see are greatly reduced.

The issue which makes one subscription system a hijacking of the credit card is not how often it is billed, but the organization creating barriers that make it more difficult for users to cancel their subscriptions. Organizations which use credit card hijacking as part of their marketing strategy make online registration for the subscription easy and enforce default automatic renewal policies. By comparison, in traditional subscription-based systems such as paper magazines, the subscriber has to periodically proactively reauthorize the subscription. The most common subscription exit barrier is to not provide any online subscription cancellation mechanism at all, but to instead require the user cancel by telephone or by "online chat". Such organizations often add the additional barrier of making any subscription cancellation information difficult for the user to find, thus creating an additional delay in the subscription cancellation. This is very common with ISPs, who know the psychological barrier to making the call, which the subscriber anticipates will be unpleasant, is very high. It also allows the marketing organization to talk subscribers into changing their minds and not cancelling their subscriptions. Another common subscription cancellation barrier is to have a relatively long subscription period, a no refund policy, and to require the user upon cancellation to forfeit all money covering the present subscription period. This is very common with online dating services.

This second form of credit card hijacking was created by marketers who recognized that subscription based services generally have relatively low periodic billing amounts which will generally go unnoticed on any given credit card statement. Then, long after the user loses interest in the subscription, they forget to cancel the subscription and because the periodic billing is so low, they do no tend to notice it on their credit card statement.

One solution to this problem is to call the credit card company, request a new card with a different account number, and cancel the previous account. They will transfer the debt amount from the old account to the new account. This makes companies that have the credit card information unable to continue charging the credit card of the person.

Negative option billing

Negative option billing is the practice of sending goods automatically and billing the recipient unless the recipient is proactive in declining the goods before they are sent. Negative option billing reverses the usual direction of sales transactions. It assumes that unless recipients say 'no', they have agreed to purchase the goods. This is the common practice used in book clubs, record clubs, and magazine subscriptions with automatic renewal. Some practitioners of negative option billing prefer to call it "advance consent marketing".

Related Research Articles

Identity theft Deliberate use of someone elses identity, usually as a method to gain a financial advantage

Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term identity theft was coined in 1964. Since that time, the definition of identity theft has been statutorily defined throughout both the U.K. and the United States as the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits, and perhaps to cause other person's disadvantages or loss. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources.

Mobile payment generally refer to payment services operated under financial regulation and performed from or via a mobile device. Instead of paying with cash, cheque, or credit cards, a consumer can use a mobile to pay for a wide range of services and digital or hard goods. Although the concept of using non-coin-based currency systems has a long history, it is only in the 21st century that the technology to support such systems has become widely available.

Bank fraud is the use of potentially illegal means to obtain money, assets, or other property owned or held by a financial institution, or to obtain money from depositors by fraudulently posing as a bank or other financial institution. In many instances, bank fraud is a criminal offence. While the specific elements of particular banking fraud laws vary depending on jurisdictions, the term bank fraud applies to actions that employ a scheme or artifice, as opposed to bank robbery or theft. For this reason, bank fraud is sometimes considered a white-collar crime.

Phone fraud, or more generally communications fraud, is the use of telecommunications products or services with the intention of illegally acquiring money from, or failing to pay, a telecommunication company or its customers.

Prepaid mobile phone "Pay-as-you-go" mobile phone service

A prepaid mobile device is a mobile device such as a phone for which credit is purchased in advance of service use. The purchased credit is used to pay for telecommunications services at the point the service is accessed or consumed. If there is no credit, then access is denied by the cellular network/Intelligent Network. Users can top up their credit at any time using a variety of payment mechanisms.

An e-commerce payment system facilitates the acceptance of electronic payment for online transactions. Also known as a subcomponent of electronic data interchange (EDI), e-commerce payment systems have become increasingly popular due to the widespread use of the internet-based shopping and banking.

A chargeback is a return of money to a payer of some transaction, especially a credit card transaction.

Identity fraud is the use by one person of another person's personal information, without authorization, to commit a crime or to deceive or defraud that other person or a third person. Most identity fraud is committed in the context of financial advantages, such as accessing a victim's credit card, bank accounts, or loan accounts. False or forged identity documents have been used in criminal activity or in dealings with government agencies, such as immigration. Today, the identities of real persons are often used in the preparation of these false documents.

Telemarketing fraud is fraudulent selling conducted over the telephone. The term is also used for telephone fraud not involving selling.

An identity score is a system for detecting identity theft. Identity scores are increasingly being adopted as a means to prevent fraud in business and as a tool to verify and correct public records.

Internet fraud prevention is the act of stopping various types of internet fraud. Due to the many different ways of committing fraud over the Internet, such as stolen credit cards, identity theft, phishing, and chargebacks, users of the Internet, including online merchants, financial institutions and consumers who make online purchases, must make sure to avoid or minimize the risk of falling prey to such scams.

Sevici

Sevici is a community bicycle program in Seville inaugurated in April 2007, modeled after the Vélo'v service in Lyon and Vélib' in Paris. Its purpose is to cover the small and medium daily routes within the city in a climate friendly way, almost without pollution, roadway noise, traffic congestion and to reclaim the urban streets with non-polluting vehicles.

Credit card fraud Financial crime

Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.

Credit card card for financial transactions from a line of credit

A credit card is a payment card issued to users (cardholders) to enable the cardholder to pay a merchant for goods and services based on the cardholder's accrued debt. The card issuer creates a revolving account and grants a line of credit to the cardholder, from which the cardholder can borrow money for payment to a merchant or as a cash advance. There are two credit card groups: consumer credit cards and business credit cards. Most cards are plastic, but some are metal cards, and a few gemstone-encrusted metal cards.

Wireless identity theft, also known as contactless identity theft or RFID identity theft, is a form of identity theft described as "the act of compromising an individual’s personal identifying information using wireless mechanics." Numerous articles have been written about wireless identity theft and broadcast television has produced several investigations of this phenomenon. According to Marc Rotenberg of the Electronic Privacy Information Center, wireless identity theft is a serious issue as the contactless (wireless) card design is inherently flawed, increasing the vulnerability to attacks.

Digital Security refers to various ways of protecting computer's internet account and files from intrusion by an outside user.

2011 PlayStation Network outage Cyberattack

The 2011 PlayStation Network outage was the result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. The attack occurred between April 17 and April 19, 2011, forcing Sony to turn off the PlayStation Network on April 20. On May 4, Sony confirmed that personally identifiable information from each of the 77 million accounts had been exposed. The outage lasted 23 days.

Carding (fraud) Crime involving the trafficking of credit card data

Carding is a term describing the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

SpyEye is a malware program that attacks users running Google Chrome, Opera, Firefox and Internet Explorer on Microsoft Windows operating systems. This malware uses keystroke logging and form grabbing to steal user credentials for malicious use. SpyEye allows hackers to steal money from online bank accounts and initiate transactions even while valid users are logged into their bank account.

Sinemia was a subscription-based service for discounted movie-ticket plans. Sinemia advertised a variety of subscription types, including those allowing users to watch movies in every format available at any movie theater with no limitation on the dates or movie showtimes, however the service was plagued with problems. Sinemia was the only international movie-ticket subscription service that operated in the UK, Canada, Turkey, and Australia alongside the US. Sinemia ceased operations in the US on April 26, 2019.

References

  1. "FTC - ID Theft, whats it all about?". Archived from the original on 2008-09-28. Retrieved 2008-09-12.
  2. "Visa Fraud Prevention | Credit & Debit Card Fraud Detection". usa.visa.com. Retrieved 2021-11-13.
  3. "How does ATM skimming work?". HowStuffWorks. 2010-11-08. Retrieved 2021-11-13.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.