A Case of Fraud Classification — A Sherlock Holmes’s Mystery
Case -1
Sherlock! There’s something quite devious going on with these payments, whispered Watson.
Indeed Watson! Holmes murmured his tone grave. Moriarty’s behind it, Pulling strings in the shadows of financial transactions!
‘A real villain, that one!’, Watson muttered, a shiver running down his spine.
Exactly, Watson! Holmes agreed, his eyes gleaming with determination.
Moriarty’s playing a dangerous game, manipulating payments for his gain.
Case -2
My dear Watson, a most perplexing scheme has emerged within the realm of payments, Sherlock mused, his gaze distant yet focused.
What has transpired, Sherlock? Watson inquired.
It appears my esteemed brother, Mycroft, has staged a scheme of deceit, Sherlock revealed, a shadow of concern crossing his face.
Mycroft? Watson gasped, disbelief coloring his tone.
Indeed, Watson! It seems ‘he has orchestrated a fraudulent transaction, masquerading behind a veil of familiarity’, Sherlock explained, his voice grave with suspicion.
We must tread cautiously, for even those closest to us may harbor dark secrets!
Well!
You must be quite puzzled about what exactly are we trying to say! Well, let’s delve deeper to clarify things!
Case 1 showcases a common fraud tactic known as ‘criminal fraud’ and Case 2 depicts the most prevalent type of fraud, ‘friendly fraud’.
In simple terms, Fraud in payments refers to dishonest or illegal actions aimed at gaining money or goods unfairly. It can involve various deceptive practices, such as using stolen credit card information, making false claims to obtain refunds, or manipulating payment systems to transfer funds unlawfully.
Speaking of payment fraud, there are two main categories:
Criminal Fraud
This involves a criminal intent to steal from another person or business.
Here are some popular examples:
- Card Skimming: Fraudsters use devices to steal card information from ATMs, gas pumps, or other card readers.
- Phishing: Emails or texts are sent pretending to be from a legitimate source, tricking people into revealing personal information like credit card numbers.
- Identity Theft: Criminals steal personal information like names, social security numbers, or credit card numbers to make unauthorized purchases.
- Account Takeover: Criminals gain access to someone’s online accounts (e.g., bank, shopping) and use their payment information for purchases.
Friendly Fraud
This involves a disagreement about a transaction, but not necessarily criminal intent. Here’s the most common example:
- Chargeback Fraud: A customer claims they never received an item or service, but they actually did, and disputes the charge with their bank.
You can know more about Friendly Fraud and Criminal Fraud here!
But wait!
Is it really that serious?
Yeah!
And you would be surprised to know which fraud type accounts the most!
It is the elephant in the room, the Friendly Fraud.
According to a survey conducted by Expert Market,
- 86% of chargebacks are probable cases of ‘friendly fraud’.
- Friendly fraud has been increasing by 41% every two years.
Hold on to your hats!
Because we’re about to go down a rabbit hole of Payment Fraud!
In a general Payment fraud setup, Banks monitor the account for fraud, investigating and reimbursing affected customers. They deploy security measures like encryption and authentication to safeguard transactions.
Nevertheless!
There is another hidden character to tackle these instances!
Any Guesses?
It is none other than the Godfather, the Card Network.
Card networks, like Visa, Mastercard, etc, facilitate transactions, setting standards and security protocols. They monitor activity in real time, flagging suspicious transactions and collaborating with banks and merchants to prevent fraud. Together, they ensure the security and integrity of the payment ecosystem.
And voila!
We are entering the quintessential matter!
You might have come across the Fraud dispute category and its reason code classifications by different card networks like Visa, Mastercard, and more.
For instance,
- 10.1 — EMV liability shift counterfeit fraud classification by Visa
- 4837 — No Cardholder Authorization classification by Mastercard.
But!
All these classifications are card network-specific.
We are here to embrace our inner Sherlock Holmes and unscramble the puzzle!
The Fraud Classification for Dummies
Before moving on to the main picture, let us first take a closer look at the fraud categories:
1. EMV (Europay, MasterCard, and Visa) Chip and PIN Fraud
- Lost/ Stolen Cards: One of the common methods; if your card is lost or stolen, fraudsters can attempt to use it in physical locations. Although the PIN adds protection, they might get lucky by guessing common PINs/ social engineering tactics.
- Offline PIN Compromise: In rare cases, malware or modified card terminals can capture your PIN as you enter it. This, when combined with stolen card data, compromises security.
- Phishing Attacks: Fraudsters may trick victims into giving up their card details and PINs through fake websites or emails disguised as legitimate banks or merchants.
2. Skimming and Magnetic Strip
Skimming devices can be installed on legitimate card readers (like ATMs, gas pumps, etc). When you insert your card, the skimmer illicitly reads your card data (such as Card number, Expiration date, and Your name) including information from the EMV chip. This data can be used to create counterfeit cards with magnetic stripes to be used in locations that haven’t yet adopted EMV technology.
Another point to consider here is, that the magnetic stripe on your card contains static data, meaning it never changes. This means any time it’s copied, a perfect replica of your card can be used for fraudulent purchases.
3. Card-on-File [CoF]
Many websites and merchants allow you to store your card information with them for faster future purchases. This means they save your card details securely on their system. And it does have its loopholes;
- Compromised Merchant Systems: Fraudsters exploit weak security in merchant databases to access stored card details.
- Phishing Attacks: Fraudsters trick users into providing card information through deceptive emails or websites.
- Insider Threats: Employees with access to stored card information may misuse it for fraudulent transactions.
4, 5. Card Present [CP] and Card Not Present [CNP]
Card Present refers to transactions where the physical payment card is presented during the purchase, such as swiping or inserting the card at a point-of-sale terminal. In contrast, Card-not-Present transactions occur when the card isn’t physically present, typically in online or over-the-phone purchases.
- In Card Present scenarios, payment fraud can occur through skimming devices, counterfeit cards, lost or stolen cards, compromised PINs, etc
- In Card-not-Present situations, fraud can happen via phishing attacks, account takeovers, identity theft, etc.
6. EMV Liability
EMV Liability refers to the responsibility for fraudulent transactions involving EMV chip cards. Card networks implement this to incentivize merchants to adopt EMV technology. If a merchant hasn’t upgraded to accept chip cards and a fraudulent transaction occurs with a chip card, the liability may shift from the card issuer to the merchant. This encourages businesses to use more secure payment methods, reducing counterfeit card fraud risks.
7. Monitoring Program
Fraud Monitoring Program is a system used by card networks to detect and prevent fraudulent transactions. It continuously monitors card usage to identify suspicious activity. Card networks implement these programs to safeguard cardholders, issuers, and merchants from financial losses. By promptly flagging potential fraud, they ensure the security and integrity of electronic payment systems, maintaining trust in card-based transactions.
The Main Picture
How did you solve this so easily, Sherlock? asked Watson.
It’s Elementary, my dear Watson! Replied sherlock. I knew all this by simply reading Backspace’s column or as it is popularly known as a blog on chargeback fraud.
So, from now on, if you want to know all about chargebacks and disputes, I suggest you give their blog a read. Sherlock remarked as he lit his pipe.
Well, I just might Sherlock, I just might! said Watson, and both comfortably settled on their lounge chairs for an evening soiree with Mrs. Hudson