Friendly fraud, digital skimming on the rise
There has been a rise in what specialist Dane Nicholson refers to as ‘friendly’ fraud perpetuated by householders who have been spending more time at home.
It’s one of several types of scams that fraud experts have noted are on the increase, fuelled in part by the move towards digital banking and e-commerce transactions.
Friendly, or first-party fraud, takes many forms, but typically involves an actual consumer obtaining goods or services from a merchant, then claiming they did not make the purchase.
They may also claim they did not receive the goods, or that they got only a fraction of the order, and request a refund based on that false claim.
Friendly fraud typically involves a friend, a relative or child getting access to a card and making use of the information online.
“This has been on the rise since the onset of the pandemic because everyone was spending more time at home,” said Nicholson at the annual JBA/JIFS Anti-Fraud Seminar last week in Kingston.
Nicholson, who is the chairman of the anti-fraud committee of the Jamaica Bankers’ Association and head of fraud prevention at National Commercial Bank Jamaica, said the explosion of digital services, primarily, has affected the volume and speed of fraudulent activities as “fraudsters employ more creative techniques of deceiving unsuspecting individuals”.
Notable, he said, is ABM/POS card skimming where fraudsters affix a fake device to the machine with the intention of capturing customers’ information.
Amid warnings that consumers should always pay close attention to the handling of their cards and the safeguarding of their PIN codes, he urged shoppers to be on the lookout for fake or dummy point of sale machines used to capture customer data.
Scammers are increasingly utilising the ‘Flipper Zero’, which is a compact, portable, and programmable device that can be used in conjunction with other skimming devices to breach other hardware; while a sophisticated tap-to-pay malware called Prilex has recently been uncovered, he said.
Prilex interrupts the processing of contactless transactions on POS terminals, and generates a message saying: “Contactless error, insert your card”. The data from the card is then siphoned once inserted.
Prilex can determine the type of bank account linked to the card, the transaction limit, and other sensitive details.
However, Nicholson also noted that contactless transactions are generally secure, because: the card has to be within four centimetres a contactless terminal to be read; cardholder details and the card security code are not stored on the chip so even if the data is stolen it cannot be used to could be stolen it could not create a counterfeit card; and that for spending above a pre-approved contactless limit, the cardholder is required to utilise their PIN to complete the transaction.
“Every contactless transaction is protected by a unique cryptogram and with mobile devices only the token, not the card PAN – primary account number – is shared with the merchant,” the fraud expert said.