About the author: Tonya Robertson
Passionate about tackling fraud, Tonya has assisted and contributed to the success of many high profile investigations for a number of international law enforcement and government bodies. She currently oversees fraud prevention in Europe for South African Airways (SAA), takes part in the European Airlines Fraud Prevention Group and Europol’s Airline Global Action Days, and is on the IATA Fraud Payment Standards Working Group. Tonya also shares her knowledge at major industry events, conferences and webinars.
Credit Card Fraud – the Crimes Behind the Crime
Recently my friend's credit card got compromised. If I’m honest, I wasn’t really that surprised. She has more cards than her purse can hold and only reconciles her purchases when she happens to find some crumpled receipts in her coat pocket. She called me for advice and once she’d read through the suspicious transactions and convinced me that she definitely hadn’t made the purchases for £500 of champagne and 3 airline tickets to Majorca, she decided to call her bank's fraud department to report it.
About half an hour later she called me back to say it was all sorted and then followed this up with, “I still don’t understand what’s so bad about credit card fraud? It’ victimless, right? The banks happy, I’m happy, the merchants are insured and nobody got hurt.”
I’ve heard this sort of reasoning many times and as comforting as it may be to some, it is very far from the reality of what the real consequences of fraud are, and the human element behind every transaction.
We often hear that fraud is a facilitator for other crimes and that the actual fraud is not the most damaging crime itself. But what other crimes are actually being committed and who are the victims? What is the true cost of credit card fraud – both personal and financial?
As we delve deeper into this murky underworld, the true impact of this apparently victimless crime should fuel everyone’s desire to stop this activity, in every form. Not just from a financial perspective, but a moral one as well.
The scale of the crimes varies but the outcome and the repercussions can reverberate long after the event. A lot of the lower level operators will target individuals. This is rather for personal gain than part of a larger organized crime group. While this may be an easy payday for a criminal, there are those who are much more ambitious and perhaps feel that the gains of something on this level are not worth the risk or their time and this is where the serious and organized criminal elements enter the playing field.
So how do you extract maximum gains from one piece of plastic? With fraud screening solutions improving, criminals are increasingly turning to more complex and sophisticated methods to maximize gains.
One of the most severe examples I’ve seen is how three compromised credit cards destroyed a 50-year-old family-run business in one day, through an elaborate Corporate Referral Fraud scheme. And they weren’t the only victims of this crime who would have to deal with the consequences for years to come. In many ways, this is the perfect fraud. A combination of good old fashioned impersonation, a fake referral and the anonymity and speed that the digital world of internet and email affords us. Couple that with a way to bypass technology and fraud checks and you have an almost guaranteed success rate. But what other types of crime was this fraud facilitating?
Let’s take a journey to the other side to see how this version of a social engineering scheme plays out.
Weaving the web of deceit
The fraudster performs some online research to find a Company with multiple international offices. He searches for an executive’s name and title and then sets to work creating an email address which is very similar to the real corporate email address but just adds an extra character.
The fraudster then impersonates a genuine employee, usually a senior executive, of one of the companies’ overseas branches and contacts the main office to ask who their corporate travel agent is, usually under the guise that their usual agent is closed due to relocation or similar. Once he finds this out, the fraudster will contact the travel agent and advise of the referral with the aim of securing flights for numerous employees either through a credit line or using stolen credit cards as payment.
The fact that the fraudster presents himself to the agency through a “chain” and through a recommendation from a known corporate client, creates false trust and the agency may then feel safe issuing the ticket as the sale came through the referral of a trusted corporate company employee.
In the numerous examples I’ve seen, it was obvious that airline tickets were being purchased for large groups of travelers using compromised card details and large groups meant maximum gains but who were these people and what was their reason for travel? What struck me as particularly odd is that they would never utilize the return portions of their tickets. It turns out that the unfortunate passengers were indeed victims of trafficking and en route to an unknown fate in their destination country. The travel agent didn’t escape unscathed either. Bookings of this volume are usually worth in excess of €100 000 and that’s a significant amount for one business to lose in a day.
We know the problem - so what's the solution?
Criminals know where the vulnerabilities and weaknesses are and rely on their being some level of disconnect amongst the various players. The ability of an industry to work collectively towards solving this problem is also key, and so is disrupting the ‘business model’ of criminal enterprises behind human trafficking and the funding of other crimes.
Criminals also rely on the fact that many cross border frauds such as this one traverse so many jurisdictions that it is very difficult for law enforcement to take any action. Often the credit card may be issued in the United States, the travel agent who has been defrauded is in Europe and the actual flights are booked between Accra and Dubai. With multiple police reports filed in dozens of different countries, many times even though the same crime is being perpetrated over and over again there is no central point of intelligence collation.
Having knowledge of how this kind of fraud works enables potential victims to detect red flags and cease transacting before it’s too late. Never underestimate the due diligence you perform on both referred and new clients. You could be one phone call away from saving your business and the unfortunate destiny of one of the many victims on the receiving end of this crime.