top of page

Credit Debit Card Fraud

In 2019, the Police received at least 695 cases reports of unauthorised use of credit or debit cards, which is an increase of 140 from the 555 reports received in 2018, with total losses amounting to at least $4 million.

 

1). What are the types of credit debit card fraud?

1 – Stolen or Lost Credit Card Fraud
2 – Account Takeover
3 – Going Phishing
4 – Fraudulent Card Applications
5 – Mail Intercept Fraud
6 – Card Not Present Fraud
7 – Fraud Conducted by Data Breaches
8 – Fake Credit Cards
9 – Altered Cards
10 – Skimming

 

2) How does credit debit card fraud happen?

In most cases, the unauthorised transactions took place after the credit or debit cards were stolen. However, in some cases, the unauthorised transactions took place as a result of credit or debit card information being compromised after the cardholders divulged their card details and One-Time Passwords (OTPs) to unknown persons via unsolicited emails, SMSes or phone calls.

​

1 – Stolen or Lost Credit Card Fraud
One of the most pervasive card scams is the use of lost or stolen credit card data.

 

2 – Account Takeover

3 – Going Phishing

4 – Fraudulent Card Applications

5 – Mail Intercept Fraud

6 – Card Not Present Fraud

7 – Fraud Conducted by Data Breaches

8 – Fake Credit Cards

9 – Altered Cards

10 – Skimming

  • Your card is stolen from your possession, or you inadvertently drop it out of your wallet. The scammer selects his or her favorite merchandise from online merchants and enters the card data as their own (they will even have that CCV number handy!).

  • By the time you or the merchant are aware of the theft, they have already walked off with the goods.

  • If it’s a rarely used card, you might not be alerted to this until you receive your monthly statement. That’s unless your credit card company grows suspicious and calls or sends you a verification text.

  • In fact, as holograms and embedded chips make it more challenging for traditional card fraud methods to work well, this scam is on the rise, according to the Javelin findings.

  • This crime most often starts with lax online card security.

  • A hacker obtains the cardholder’s data. Then, they act as though they are the real account holder and reach out to the card company. They gain their sympathy by reporting that they’ve lost their card and would like a new home. Then, they charm the agent into updating their address info.

  • Thus, that replacement card is mailed out to the scammer instead of the real account holder. All that’s left for the scam artist to do is activate the card and begin shopping online.

  • The real cardholder will not know this has occurred until they try to use their legitimate card—which the fraudster reported as stolen or lost.

  • Phishing starts when perpetrators cast their “bait”—legitimate-looking emails to unsuspecting cardholders.

  • These criminals pretend they are a company’s warranty department (using a well-known brand), a bank, or the credit card company themselves. Their goal is to lure the unsuspecting consumer into taking that bait and then reeling them in.

  • So, a consumer who purchased an Apple Watch might think they are updating their warranty registration. However, they are really sharing their personal demographic data with nefarious criminals who will use that data to commit credit card scams.

  • Phishing emails look legit, at least initially. However, carefully check to make sure that all looks correct on the landing page to which the email will direct you. If the logo looks a bit off or the language is poorly written, you are at risk.

  • a fraudster perpetrates identity theft against a person with good credit and uses his or her birth date (DOB) and social security number to sign up for a new account. However, they change one crucial bit of data—the mailing address.

  • So, they have the new account signed up to send to their own address, receive the card, activate it, and begin a spending spree.

  • But this is very damaging to the “real” person. Because he or she is unaware of the existence of this card, it could be months before they realize it has been issued to an impostor. Unfortunately, victims often learn of this fraud only when they apply for credit—and get denied due to the unpaid bill.

  • Be sure to pull your credit reports at least once per year, or apply for credit monitoring service to alert you to this scam.

  • In this case, the thief gains card numbers by picking them out of the mail before the cardholder receives it—often by grabbing it right out of the mailbox while the consumer is away at work.

  • Cardholders will often realize their card is expired, call the issuer, and learn that charges are stacking up! So, the moral of this sad story is to…

  • Card Not Present Fraud, also called email order fraud or telephone order fraud, represents a declining but still damaging segment of credit card scams.

  • the scammer obtains a card number illegally, including the CCV number on the back.

  • Then, they identify small businesses or merchants which don’t offer secure ordering platforms. They specifically target those merchants who accept phone-in, email, or even mail orders. Because they are neither physically present or in a safe online payment form environment, they slip through the cracks.

  • The merchant takes them at their word, the card goes through, and they mail out the goodies to the fraudster.

  • On occasion, an astute bankcard company may notice activity happening in unusual locations and alert the cardholder or shut down all transactions.

  • However, most frequently, the cardholder becomes aware of the issue only after receiving the monthly statement. As with the other cases, a call to the issuing bank will cancel out the card. And, a quick check of a credit report is also in order!

  • occurs when customer information is stolen from a merchant’s database. This information can include credit card data as well as the name, address, and other personally identifiable information.

  • While fewer thieves have the keen skills to pull off hacking, those that are successful at it inflict widespread damage, gaining access to thousands of records at one time.

  • This type of theft does not happen solely to online merchants. If you use your card at a hotel, doctor’s office, or to pay utility bills, the card data must be stored securely. However, if the merchant has lax standards, you are exposed to the risk.

  • If you are a victim of a data breach, you will receive a letter from the company whose data was stolen…once they are aware. However, a careful check of your monthly statement may alert you earlier so you can take action.

  • This type of fraud—forgery— still occurs; fortunately, it’s on the decline.

  • However, forgery does still happen. And, that’s because there are still merchants out there who have failed to upgrade to the chip reading equipment—four years past the mandated time. And, because only some cards use holograms, the lack of consistency leaves store employees confused about which cards are the real deal.

  • creates a loophole for the bad guys.

  • There are skilled forgers out there who manufacture fake credit cards that look very real. They prey on merchants who have failed to embrace EMV technology. They use the card in these establishments and run a transaction on a card that’s not linked to a real account. These transactions seem to be authentic and approve—at least initially.

  • The credit card company eventually declines the transaction when it does not match up to a valid account holder. By then, the thief has strolled off with the purchases, leaving the merchant holding the bag.

  • First off, the thief obtains the data of a legitimate cardholder.

  • Then, they alter the numbers on a “bad” card to match those on a real account. Finally, they rub a neodymium magnet on the chip and magnetic strip to scramble or erase the card’s original data.

  • They shop with the card. Of course, the chip reader cannot decipher the information, and the transaction fails. The fraudster then uses their wit and personality to “befriend” the merchant and convince them to (break their policy) and to enter the data manually.

  • Skimming is a crime that takes a lot of effort, but it happens often.

  • A fraudster equips the card swiper of an ATM or gas station pump with a small device that steals all the user’s card data. And, they set up a tiny camera nearby to capture PINs as users input that information.

  • This scam works for both credit and debit cards, placing both a credit account and the consumer’s banking data at risk. So, those using debit cards often find their accounts drained of every penny.

  • Be on the lookout for pin pads and card swipers that don’t look quite right. Are they thicker than they should be? If you are in doubt, conduct your business inside the establishment and alert their management. Banks, especially, are quick to check this out and will be glad to help.

  • Otherwise, you might not realize you’re skimmed until you get an overdraft alert text message from your bank or your credit card company.

 

3) How does one report credit debit card fraud?

  • Step 1: Contact the Issuing Bank and Cancel the Card

     

    • Your first priority should be to call the issuing bank. Tell them you need to have the card cancelled immediately; the sooner this is done, the sooner the thief will be unable to use it.

    • This also applies when you misplace a credit card. Even when there’s probably no theft involved, cancel the card anyway. It is not difficult to reactivate the card later, and someone who finds the card may be tempted to use it.

    • Note that banks require you to report the loss within a reasonable time, or you will be held liable for the charges. The “reasonable time” period is defined by the bank.

    Step 2: Make a Police Report, and Get a Copy of the Report

    • This step is crucial. The bank will demand proof that a crime was committed, and that you are not lying to avoid repayments.

    • You must make a police report, and obtain the following:

    • The name of the investigating officer(s)

    • A copy of the police report

    • A direct line to the investigating officer(s) if possible. This could save you a lot of trouble later, especially if your card was stolen in a foreign country. Never assume that a country’s police force has efficient administration.Note that simply calling and informing the police does not suffice.You must have the written report.

    Step 3: Inform Your Insurance Agent

    • If you have insurance that pertains to the situation (e.g. travel insurance if you lost the card overseas), call your agent and ask for help. The agent will usually ask you to obtain certain documents, which will be needed for any claims.

    • If you are having problems making insurance claims, like us on Facebook and look out for our next article on claims tips.

    • If no unauthorised charges have been against your card, you should now wait a week and then ask for a new card to be issued.

    • But if unauthorised charges have been made against your card, proceed to the following steps.

    Step 4: Call the Bank Again and Raise a Dispute

    • Call the bank and specify that you are raising a dispute on the unauthorised charges. Take down the name of the person you speak to, and note down the date.

    • The bank will often mail you a dispute form to fill in and return. Alternatively, you will be asked to visit a bank branch and fill in the form. The latter is usually the better choice–speak to the branch manager if possible, and have her walk you through the process of filling in the dispute claim.

    • Be sure to point out you have a police report (see step 2), and make a copy to attach to the dispute claim. If you have the claim forms from your insurer, you might want to attach them as well.

    • Once you are done with the dispute claim, make a copy of it before submitting it.

    Step 5: Check the Transaction History with the Unauthorised Claims

    • Open the transaction history, and check the places at which the identity thief used your card. Knowing the physical locations could be helpful to investigators later. In particular, look out for websites or online services–more than a few people have given information to dating sites or video subscription sites, without realising that many of these are fronts for credit scams.

    • If you signed up for any of these sites (they may not appear under the same name in your transaction history), there is a high chance you will be liable for the charges. Nonetheless, you can at least identify them and clean out any spyware that would cause a repeat incident.

    Step 6: Seek Legal Advice on Your Liability

    • Approach organisations such as CASE, or a law firm, to learn about your maximum liability. Under guidelines from the Associated Banks of Singapore (ABS), your maximum liability in the event of identity theft is $100.

    • However, there is a chance that your bank may try to hit you with the full amount by picking on technicalities (e.g. if the police classified the case as robbery instead of identity theft). Alternatively, they may argue that the theft was a result of your negligence, and that you should be liable. It will then be up to you whether to seek legal recourse, or work out a repayment with the bank.

    • In many cases however, banks will cap your liability at $100. Most banks would prefer to write off the amount than lose a customer, or invite unwanted media attention.

​

4) Can you press charges if someone steals your credit debit card?

    • For you to be able to sue, you must suffer damages. The damages have to be quantifiable. Most credit and debit cards have zero liability for fraudulent transactions. Thus, you have zero damages from the theft. Moreover, you’re not the injured party. Therefore, you would have no standing to sue. Simply having to get a new card does not make you the injured party. This is not a quantifiable damage. The bank on the other hand, suffers damages and it would have standing to sue.

​

5) Will one get his/her money back if he/she dispute a charge? What is the legal process to this matter?

    • CHARGEBACKS CAN PROTECT CONSUMERS

    • As the Association of Banks in Singapore (ABS) explains, a chargeback occurs when a card-issuing bank initiates a reversal against the merchant for violation of card acceptance procedures or a failure to fulfil the conditions of the transaction. Disputes can occur when a cardholder did not authorise a transaction or encounters issues with the goods or services purchased.

    • The first step in disputing a transaction is to review your credit card statement regularly so that you can contact your bank quickly. A surprising number of consumers don’t review their statements and may end up paying for incorrect charges. If you wait more than a month or so to dispute a transaction, those voluminous rules from MasterCard or Visa say that it may be too late for the bank to help.

    • If you find an error on a transaction, the next step is to contact the merchant where you made the purchase. If the merchant made a mistake, they should correct the error so that you don’t have to pay for it.

    • If there is a fraudulent transaction that you don’t recognise or if the merchant won’t help, it’s time to call the bank. Bank staff will ask for details about the transaction so they can decide whether they can do a chargeback. They may also ask for a letter, a copy of your credit card receipt, or other documents to strengthen your case, which is why it is important to keep a record of your purchases. Once they have the information, they’ll review the dispute and decide whether they can charge back the transaction.

    • If a chargeback is possible, some banks will refund the money immediately, while others may wait until the dispute is fully resolved. ABS advises that full resolution of a dispute can take 4-12 weeks.

    • While many chargebacks are correct and the cardholder simply receives their money back, it’s possible that the transaction is actually valid. Some cardholders claim a transaction is fraudulent when it’s not, for example, so merchants have an opportunity to present their side of the story. Merchants will work with their bank, following the rules in the MasterCard or Visa guides, to show why the transaction is valid. If that happens, your bank will usually contact you to explain what happened and then may charge you for the transaction.

    • While cardholders who still believe they are correct can talk further with the bank, they may eventually have little recourse. Although the Banking (Credit Card and Charge Card) Regulations here explain how banks should process card transactions, there is no equivalent to the Fair Credit Billing Act in the United States that protects cardholders. To get some extra help, though, cardholders could ask the Consumer Association of Singapore (Case) for assistance if they still believe their dispute is valid.

​

6) Do credit card companies really investigate fraud?

 

    • Credit card companies will conduct an investigation upon receiving the information that your card has been used without your authorization.

​

7) What are the possible penalties that one could face if convicted of the crime?

    • According to section 415 of the Penal Code, cheating occurs when a person fraudulently or dishonestly deceives the victim to:

      1. Hand over property or money to any person;

      2. Consent that another person retains his property or money;

      3. Do anything that he would not do if he were not deceived (the person cheating must have intended for the outcome); or

      4. Omit to do something that he would have done if he were not deceived (the person cheating must have intended for this outcome).

    • The penalty for cheating under section 415 of the Penal Code is a fine and/or imprisonment for up to 3 years.

    • Aggravated cheating under section 420 of the Penal Code, which targets cheating by intentional or dishonest inducement of the delivery of property.

      1. Hand over property to any person;

      2. Partially or completely make, alter or destroy a valuable security* (such as credit cards, stored value cards and automated teller machine (ATM) cards);

      3. Make, alter or destroy a signed and sealed document which may become a valuable security.

    • The penalty for such aggravated cheating under section 420 of the Penal Code is a fine and imprisonment for up to 10 years.

    • Cheating by personation. According to section 416 of the Penal Code, cheating by personation occurs when the cheater:

      1. Pretends to be some other person;

      2. Knowingly substitutes one person for another; or

      3. Tells the victim that he or some another person ( the cheater’s accomplice, for example) is someone else than who they really are,

    • Regardless of whether the other person is alive or dead.

    • The penalty for cheating by personation under section 416 of the Penal Code is a fine, and/or imprisonment for up to 5 years.

    • Illegally obtaining personal information under section 416A of the Penal Code for a person to obtain, retain or supply someone else’s personal information for the purposes of facilitating the commission of an offence. This is provided that the cheater knows or has reason to believe that such information had been obtained without its owner’s consent.

    • If the identity theft had taken place by technological means, the cheater could instead be charged with an offence under sections 3 to 6 of the Computer Misuse Act,

    • The penalty for illegally obtaining personal information under section 416A of the Penal Code is a fine of up to $10,000 and/or imprisonment for up to 3 years.

​

8) What can we do to protect ourselves from credit card fraud?

  • Receiving your new card

     

    • You will need to activate your credit card before you can use it

    • Always ensure that you update your personal particulars, e.g. mobile number, email and address with your bank

    • Apply for SMS alerts so you’ll be informed of certain transactions. Lower the threshold to an amount that you are comfortable with.

    • Keep your password or PIN separate from your credit card

    Using your card

    • Keep an eye on your card during the transaction

    • Keep an eye on your card during the transaction

    • Check the details on the sales slip before signing

    • Never sign a blank sales slip

    • Cross out any blank space for entering money amounts

    • Cancel incorrect sales slips and tear up cancelled slips

    • Save sales slips to compare with billing statements later

    • Notify your bank when you go overseas to help them identify fraud better

    • Never leave your credit cards or sales slips lying around

    • Monitor and review your monthly statements, especially after an overseas trip

    • Check all transactions, even the small ones — criminals are known to test out with small amounts first

    • Notify your bank or card issuer immediately of any suspicious transactions to prevent any further fraudulent charges Check the details on the sales slip before signing

    • Never sign a blank sales slip

    • Cross out any blank space for entering money amounts

    • Cancel incorrect sales slips and tear up cancelled slips

    • Save sales slips to compare with billing statements later

    • Notify your bank when you go overseas to help them identify fraud better

    • Never leave your credit cards or sales slips lying around

    • Monitor and review your monthly statements, especially after an overseas trip

    • Check all transactions, even the small ones — criminals are known to test out with small amounts first

    • Notify your bank or card issuer immediately of any suspicious transactions to prevent any further fraudulent charges

    Shopping online

    • Only shop at reputable and legitimate merchants’ websites

    • Update the firewall, anti-virus and anti-spyware in your computer

    • Use a credit card with a lower credit limit for telephone and online transactions

    • Check if the merchant you are dealing with is using a secured website — look for “https” in the web page address or URL

    • Avoid performing online transactions in public places such as cyber cafés

    • Never send credit card details via email, as they are not adequately protected

    • Save and/or print the order confirmation

    If you lose your credit card,

    • let the card issuer know immediately. If your card is stolen, make a police report and inform the card issuer.

    • Once you report the loss, your maximum liability for unauthorised charges before reporting the loss to the card issuer will be capped at $100. This cap applies provided you:

      • Have not acted fraudulently

      • Were not grossly negligent

      • Informed the card issuer as soon as reasonably possible after you became aware that the card was lost or stolen

 

9) Your professional advice or view as a lawyer with regards to this topic?

Unauthorised use of another person’s credit or debit card is a serious offence. Consumers should always be vigilant when making a purchase.

Need Legal Services?

ARLC Solutions is a subsidiary of Abdul Rahman Law Corporation. Our aim is to make your life easier. Whether you are representing yourself in court or part of a law firm, we can save you hours of drafting time. We do this by helping you prepare and draft everything you need whether it’s court documents or Corporate Agreement for you to move things fast and affordably. To keep updated on the law, you can sign up for our seminars, which will help you understand the legal issues that impact you.

Abdul Rahman Law Corporation (ARLC) is a boutique law firm that offers comprehensive legal services across a range of practice areas, from estate planning, probate and conveyancing to Syariah matters. If you’re looking for a socially-conscious legal practice with uncompromising standards of excellence, ARLC is definitely the law firm for you. Contact us for a free consultation today.

bottom of page