A recent report from the European Security Transport Association (ESTA) found that nearly 20% of the adult population in Great Britain has been targeted as part of a credit or debit card scam. As a result, the UK has been termed the ‘Card Fraud Capital of Europe’ [1], with UK citizens twice as likely to become victims of card fraud as other Europeans. Plastic card fraud is a lucrative exploit for criminals and the proceeds may be used to fund organised crime. Smart payment cards (Chip and PIN cards) were introduced in the UK to replace magnetic stripe cards and support PIN verification of card transactions. By the end of 2005, more than 107 million of the 141.6 million cards in the UK had been upgraded to smart cards [2]. Levels of plastic card fraud fell by 13% to £439.4 million in 2005 [3] and again to £428 million in 2006 (Figure 1). The reduction has been widely attributed to the rollout of smart cards with Chip and PIN authentication.

Department of Computer and Information Sciences, University of Strathclyde and Associates, Glasgow G1 1XH, UK. Types of Card Fraud Scam. The UK Payments Association (APACS) has identified five categories of card fraud: Counterfeit Card Fraud, Skimming, Mail Non Receipt, Lost and Stolen Fraud, Card not Present

Counterfeit Card Fraud Scam. Counterfeit cards are also referred to as cloned cards. Counterfeit cards are made by altering and re-coding validly issued cards or by printing and encoding cards without permission from the card issuing company. Most cases of counterfeit fraud involve skimming of valid card details, a process whereby the genuine card details from the magnetic stripe are electronically copied onto another card, without the legitimate cardholder’s knowledge. In most cases, the cardholder will be unaware that their card details have been skimmed until card statements reveal that illicit transactions have been made on their account.

Skimming. Department of Computer and Information Sciences, University of Strathclyde and Associates, Glasgow G1 1XH, UK - Skimming of card details can happen at retail outlets where a corrupt employee can put a card through a skimming device which will copy data from the card’s magnetic stripe so it can be used to encode a counterfeit card. Skimming can also occur at cash machines where a skimming device has been fitted. A skimming device is attached to the card entry slot where it records the electronic details from the magnetic stripe on the back of the inserted card. A separate pin-hole camera is hidden to overlook the PIN entry pad to record the PIN number. Fraudsters can then produce a counterfeit card for use with the captured PIN to withdraw cash at a cash machine. Criminals can also shoulder surf, whereby they watch the user entering a PIN and then steal the card for their own use. Another type of device can be inserted into a cash machine where it will trap the inserted card. A fraudster can then suggest retrying the PIN. Once the genuine cardholder gives up and leaves to contact the card issuer or cash machine operator, the criminal can then remove device, retrieve the card

and then use it with the PIN details they have observed.