Not so long ago, a photo of a young man who was riding the subway with wireless terminal to pay with payment cards. Immediately, many citizens woke up their inner paranoia, and they decided that this was a scammer who applied the device to the bags of citizens in order to write off the amount from contactless cards, which does not require a pin code.
Cards supporting contactless payments are no longer a rarity in Ukraine. Terminals that allow you to independently apply a card to them without handing it over to the cashier are available in almost every major metropolitan store. Furthermore. the most advanced users already pay for purchases using smartphones. It's convenient!
But every technology has a downside. The other day, my colleague saw a photo on the net in which a young man is riding the subway with a wireless terminal for paying with payment cards.
Indeed, in theory, payments up to UAH 100 are made without entering a pin code, so the colleague's fears are not at all groundless. We decided to check whether it is possible to withdraw money using such a terminal.
In order to conduct experiments, we pestered the sellers and cashiers of all the surrounding stores for several days, where terminals for contactless payment, as well as to the coffee seller, who also had such an apparatus. And that's what happened.
We put the card in the outer pocket of the wallet, apply the wallet to the device. It takes 2 seconds and he issues a check. Purchase completed.
We complicate the task. We unfold the wallet on the other side and put it in the bag. At the same time, there are several discount cards and a pack of banknotes, plus the coin compartment is also full. The wallet has a very solid appearance and if you put it in a bag, then the distance to the reader is at least 5 centimeters. Yes, and how many obstacles on the way to the signal. We apply, a second passes, and the device again issues a check. That is, the virtual criminal robbed us again.
Made the task more difficult. We fence off the wallet with a weighty yearbook - the cash register does not care about such an obstacle. Adding two more books. And then there was no notification: the device did not "reach out" to the card. That is, in order for the card to be safe, there must be at least 8 cm from it to the terminal, and there should be obstacles on the way.
We tried cards from different banks. And they all handed over our money with ease. But there was a nuance: there was only one card in the wallet. We decided to confuse the scammers: we put two plastics in the wallet. And what? The trick worked! "Bring one card," the instrument was confused.
In order not to be afraid for the safety of funds on the card, it is enough to wrap it with foil, which works as a screen for electromagnetic waves. You can also carry it in a metal box. Checked - such protection works.
But the one who starts to unfold the foil in front of the ATM in order to get the card will look too unusual. Not chocolate. There are more modern ones. For example, metal holders are something like a business card holder. Or special screening wallets.
It would seem that it is very easy to walk around and steal money from the cards of unsuspecting citizens. I walked along the minibus with such a device in my bag and collect money, at least half of the passengers will obviously have bags contactless cards. But not everything is so simple.
Pay attention to how the terminal works, - says the coffee seller, whom we initiated into the essence of our experiment. - To carry out the transaction, I enter the required amount on it, then I press the button, after which it offers me the choice of which account, main or bonus, to withdraw funds, and only after that the transaction occurs with the receipt printed. That is, it will not work to withdraw money in transport in this way, too many actions need to be performed.
However, the internal worm of doubt did not let up and on the Internet we found a description of various modified devices for fraud. The standard terminal is divided into components, while the device itself is reprogrammed like this. so that he constantly enters the same amount, for example, 99.99 UAH, and the reader is completely fixed on the sleeve under the clothes, and then, leaning the sleeve against someone else's bag, theoretically, the fraudster will be able to take off to lighten someone's wallet through the air. But even here everything is not so simple.
You need to understand that if a pickpocket stole your money, it is very difficult to prove that these banknotes belong to you, and not to him, - says banking lawyer Maria Koval. – In a non-cash transfer of money from one account to another, as in the situation described above, someone must own this bank account. Yes, you can register a legal entity for a homeless person by buying him a box of vodka, but the game will not be worth the candle. The fact is that quite quickly people will notice that money is missing from their account and they will go to the bank with a complaint. Operations without entering a PIN code are quite easy to challenge, and if complaints are massive, then the scammers' account will be quickly blocked. Therefore, having spent money on opening a company and a bank account, they most likely will not even have time to recoup these investments by unauthorized withdrawal of funds from citizens' accounts.
COMPETENT
Theoretically, there is a possibility that a fraudster can withdraw money from such a card by attaching something to it that can initiate a payment, specialists of the National Program for Assistance in the Security of Electronic Payments and Card Settlements SAFE CARD told KP in Ukraine. But, this is only theoretical. According to the Ukrainian Interbank Association of Members of Payment Systems EMA, as of today, none of the Ukrainian banks have recorded such incidents of payment fraud in practice. According to the information available to EMA experts, no cases of this kind of crimes have been recorded in the world either.
At the same time, in this way, criminals will not be able to copy your card data in order to pay later on it on the Internet. Considering such crimes, we cannot talk about the use of skimming equipment by a fraudster, with the help of which criminals read payment card data in order to then make a "clone" of it and use it to withdraw cash from the deceived user's account, as well as to make a card duplicate.
The skimming device is designed to copy data from the magnetic stripe of the card. Fraudsters install it in the area of the card reader of an ATM or payment terminal and record the data of the magnetic stripe of the card during legitimate transactions on the card.
5 TIPS FROM "KP"
Use ATMs with caution. There can be installed an overlay on the bill acceptor, which reads the card number and pin code. So-called skimming devices.
Be especially vigilant abroad. There are a number of countries where the use of cards is dangerous.
Do not believe calls and SMS "from the bank". Even if the number seems familiar to you. Do not share your PIN or other card and account information. Better call yourself bank number written on each card.
Don't come in" Personal Area" With mobile devices. Especially if an antivirus is not installed on the smartphone. For example, a virus that reads a SIM card is common. In this case, the attacker will also receive a one-time password, which is sent by banks to confirm the operation.
Don't use a PIN to sign in mobile bank. Make a full-fledged login and password, do not make life easier for scammers.
Internet crime has recently been growing as fast as the number of global network users. 20% of fraudulent transactions with finances are connected with the theft of money from bank cards. If we count in money, then the amount of "stolen" funds is about 2.5 billion dollars.
Fraud is different. The most popular destinations associated with the theft of money from cards are phishing and skimming . In the first case, your money is simply stolen using Internet resources. They give you a fake bank page as a link, you enter your data there (if necessary, which appears sooner or later), and you're done - the scammers already have your account data!
As for skimming, everything is also very simple here - there are input readers on the ATM. That is, the device remembers the numbers that you enter when prompted to dial a pin code. The numbers are fixed, and small cameras are also installed on ATMs, with the help of which your card number becomes visible. It is not difficult to make a duplicate, since the information from the magnetic tape of your card is still read by the skimmer. When making a duplicate, it is this information that is used, and to withdraw funds, all that remains is to insert the duplicate into an ATM and enter the pin code read by the skimmer earlier.
Many often ask the question - can scammers withdraw money from a card knowing only the card number? The answer is unequivocal - of course they can. However, this does not apply to all types of cards. Let's tell you more.
Such a technique may lend itself to cards of the type master card and Visa Classic . In other words, those cards with which you can make purchases on the Internet. Cannot be "cleaned" due to this card acceptance Maestro, as well as products momentum.
It is Sberbank that has the ability to transfer funds from card to card without additional information- for this you only need to know her number. This method of translation is used by people quite actively when it is necessary to settle accounts between acquaintances. So you can - make only a minimal transfer through Sberbank online, and you will receive an SMS message with information about the name and patronymic of the owner.
It turns out that if you know the card number, then the easiest way is to agree on the purchase of goods through third-party resources, for example, Avito subject to transfer to a Sberbank card. In this situation, the fraudster will already know the card number, he will be able to find out his full name through the online account, and he will be able to make any purchase through your account on those platforms where there is no need to enter, and also where you will not need to enter the security code from MasterCard SecureCode.
How do withdrawals work by number only? Consider an example using Avito.
The fraudster will first need to find out your card number, for this he can ask you for it to pay for the purchase (allegedly, it will be much more convenient to pay off this way). You can also write down the card number, remember it, fix it on the camera, or use many other methods for this.
Next, the fraudster will need the full name of the cardholder. This is much easier to do than to find out her number. It is enough just to ask a question in whose name to transfer money. You can also use the option mentioned above with the transfer of funds through the online cabinet. There is no need to carry out the transfer to the end, because it is only necessary to reach the moment when data verification is required.
After the data is displayed, the scammer translates your data into transliteration, and this is also completely simple.
That's all, the scammer can start spending your funds from the card, while going to any resource where confirmation by CVV code is not required, there is also no transfer to SecureCode. Also, scammers choose resources where there is no need to use Sberbank one-time passwords. So you become a victim - you just need to give out three of your parameters: full name and card number, as well as its validity period.
If you have a number before your eyes plastic card, then it will not be difficult to find out its type. Accordingly, it will not be difficult for an experienced fraudster to estimate, according to the available data, what type your card belongs to. To do this, it will be enough for him to know the number of digits and the number with which the number itself begins.
Then the “most difficult” remains - to find out what the card has an expiration date. Everything is simple here - the card is valid for three years, respectively, 12 months for each year. In total, we get that there will be 36 varieties of dates for the validity period. Going through 36 options in order to add a card to a resource for payment is a matter of 10 minutes. There are no restrictions on entering information, so you can iterate until the card is added.
Now you are fully aware of how
By card number and CVV code, stealing money is even easier. There are many more resources for paying for goods and services using a CVV code when paying than simple stores that do not require this information. ? To make a withdrawal, you need to know the following:
After that, you just need to choose any product you like in the online store, or transfer money to an account with a bookmaker, payment system, e-wallet account, etc. It is enough to enter all the data and confirm the operation in a timely manner - and the money will be debited from the account.
Thus, it turns out that if a person knows the card number, then he may well write off funds from it, and in order to carry out this operation, there is no need to look for all the other data about the card owner, because this can be done quite easily. Now you know how fraudsters can easily find out the name of the cardholder and how you can choose the expiration date of someone else's card on your own.
What can be said in favor of protection from such misconduct? It is quite simple to protect yourself from Internet scammers - you just need to use Everyday life type cards Maestro Momentum or cirrus. Such cards are issued by Sberbank, and without additional security information, an outsider will not be able to withdraw or transfer funds from your card, or make a purchase on the Internet.
In addition, it is worth considering which ATMs you use when withdrawing funds. It is best to use those devices that are located in the offices of Sberbank or those that you use constantly and consider them verified. Fraudsters will not be able to put a skimmer reader on such ATMs, so such devices are the most secure.
As for security measures, in addition to those listed, it is worth paying attention to the fact that you need to use Internet banking resources with great care. Fraudsters do not sit still and constantly improve their skills in sophisticated theft of money from cards.
Now it is very popular to create viral forms of pages that are a complete copy of popular resources for paying for services or goods. These include social networks, online stores, bank websites, etc. You should always carefully look at the site address and compare it with the original. If you notice differences in them, then know that they are trying to deceive you!
So, is it possible to withdraw money from a card knowing only its number? Based on the information above, it is certainly possible. This can be done in several ways - with or without a CVV code, using contact details, by reading information when withdrawing cash from an ATM, etc. The more information about the card and its holder is in the hands of a fraudster, the easier and faster he will withdraw money from the card.
In fact, all security measures are rather conditional for all cardholders. If someone outsider can find out your name and card number, one can only hope that he turns out to be an honest and decent person and will not use this information for his own personal benefit. If you take much more security measures to ensure that your bank card is less vulnerable, the chances that you will become a victim of an Internet scammer will be minimized. However, the minimum probability of being deceived will still remain.
All this does not mean at all that you do not need to keep your hard-earned savings on bank cards - this is not at all the case. You just need to be careful in the calculations and try, if possible, not to give out information about yourself and your card. It is especially important to secure your gadgets, which you sometimes use to view information on your account. Now, in recent years, cases have become more frequent when it is through phones and tablets that passwords are cracked. Based on the data already available, the fraudster will have access to the cardholder's account.
Pay attention to the degree of safety of using your gadgets. If they are equipped with the highest quality anti-virus systems, it will be difficult for scammers to slip you a phishing link so that you, having followed it, lose control over access to your bank account. Otherwise, in the absence of this protective degree, you will be much more vulnerable if you use Sberbank Online through your phone or tablet.
Try also not to use the card as the main payment force - after all, cash will never be able to displace electronic money, even despite the convenience of their use. By the way, the most interesting thing is that cardholders most often become to blame for being victims of fraud. You do not need to share your card details with anyone, either in person or over the phone. This can only be done if you yourself are sure that you are reporting the data to a bank specialist or a reliable person. If the phone number by which you were contacted does not inspire confidence and is suspicious, you should not even talk about such things as bank card details.
Based on the above, it is worth highlighting a few points in particular:
Always follow these rules, and you will not become easy prey for scammers. If you are not satisfied with how safe Sberbank is, you can always change the bank for storing funds, but before that you need to think carefully whether it is worth doing and whether another bank will be more reliable.
There are many rumors on the Internet that money from a bank card can be stolen simply by knowing its number. The forums discuss stories from life, recommend giving up the possibility of buying via the Internet and transfers to charity, and advise not to tell anyone even the card number. But is it really so? What do scammers need to know in order to “steal” money from a bank card?
Every day new ways of swindling money are invented!
Internet banking is developing in parallel with the evolution of online trading. Today, any bank tries to protect its cards and its customers as much as possible in the restless sea of the Internet. The protection of any bank card includes several degrees. Her number is not secret.
Companies have implemented enough means to protect bank cards from thieves
No matter how high-quality protection banks boast, scammers still continue to steal money from cards. At the same time, they act quite cynically, not disdaining even cards for which money is collected for the treatment of seriously ill people. Fraud is based primarily on the illiteracy of card users.
You may encounter it when selling something online on message boards or waiting for some kind of transfers to your card. The scheme is simple: the cardholder receives a call on his mobile, informing him that he is ready to buy goods or transfer money to his account. At the same time, they ask for the number and expiration date of the card, the name of the owner, as well as the numbers printed on the back.
Then an SMS message is sent to the phone of the fraud victim asking him to confirm the payment and the code. The scammer calls back and demands to tell him the code. At the same time, not everyone realizes that we are talking about withdrawing money from the account, and not about crediting them.
Do not disclose to unauthorized persons anything other than the card number and full name!
Remember that the card number and full name of the owner is the only information that you can safely share with someone else. The date of issue and expiration date, the numbers on the back, and even more so the codes that come to your own mobile phone no one needs to know but you!
The number of unauthorized withdrawals from bank cards in the period from 2015 to 2016 increased by more than 5 times, AlfaStrakhovanie informs. Can scammers withdraw money from the card, knowing the card number, and how to protect themselves from this, experts say.
A significant number of thefts of funds from cards occurs with the connivance of their owners. This takes place, according to experts, due to our gullibility and insufficient knowledge of the precautions required when using remote access to bank accounts.
How fraudsters can withdraw money from the card using this method: the attackers send an SMS to the owner with a notification about her imaginary blocking.
To solve the alleged problem:
The data of interest to fraudsters is the card number, its expiration date, the name of the owner, CVV and CVC codes. Do not fall for the trick of intruders, do not tell them anything and do not follow any instructions. It is better to call the bank yourself at the indicated on plastic card phone.
A phone call can also come without a previous SMS, for example, in response to your advertisement for the sale of an unnecessary baby stroller on one of the sites. A person who introduces himself as a potential buyer may ask to tell him the number and expiration date of the card, ostensibly to transfer money to it.
Another answer to the question of how fraudsters can withdraw money from a bank card without the knowledge of the owner may be related to the use of specially created software products. They are one of the main threats to owners of mobile devices, according to RIA Novosti with reference to Kaspersky Lab analysts.
A malicious Trojan can:
The solution in this case is to install an antivirus on your smartphone or tablet, obtain software only from trusted sources, and be attentive to incoming emails and messages, especially those containing links and attachments.
Skimming is the secret reading of card data. To do this, attackers install linings that are invisible to the eyes of a layman on ATMs.
At the same time, fraudsters can try to get a PIN code using hidden video surveillance equipment, simply peeping from the side, and even stealing the contents of wastebaskets near ATMs with receipts thrown there.
When using the card, experts advise not to throw away the received receipt near the ATM, but when entering the PIN code, cover the terminal keyboard with your palm.
In many stores today you can see terminals PayWave technologies and PayPass, for payment through which it is enough just to swipe a bank card over the device. Owning such a device can not only outlet, but also the fraudster standing next to you in line or in transport.
Journalists from Komsomolskaya Pravda experimentally tested whether scammers can withdraw money from a card in a purse or clothing pocket. The study showed that such a transaction is possible at a distance of several centimeters from the card. Neither the leather of the bag, nor the fabric of the clothes are an obstacle in this case.
Experts advise wearing a card in a shielding shell - foil, case or wallet made of metallized material, etc.
In addition to these methods, there are other tricks of scammers. So, knowing only the card number, an attacker can try to find the expiration date empirically. This data is sometimes enough to pay in some online stores.
If it becomes necessary to resolve the issue of how to return the money withdrawn by fraudsters from a bank card, the expert community advises:
If the bank card account was insured by an insurance company, the user affected by the actions of fraudsters will be able to receive insurance compensation.
