Written by Shouldn’t a modern payment system free me from these paranoid concerns?
I’m not paranoid, I’m just careful. The fraudsters are not only getting more brazen, they are also innovating. Sometimes I want to applaud them for their invention, speed-to-market and flexible business models, even though I know I shouldn’t. Only the other day I was writing about the dominance of mobile payments in the car parking business. Seems like I wasn’t the only one looking at exploiting new opportunities in this space.
Make a mock-up of a legitimate Pay by Phone notice, attach them to the back of traditional Parking Meters/Payment machines, but with your mobile phone number as the contact details, and you’ll have all the techno-savvy punters willingly texting you their credit card details, and not even know they’ve been ‘had’ until they come back to their car hours later to find they’ve incurred a parking fine for £60. You could probably harvest a 100 numbers an hour before the Parking Inspector comes around, and they’d be too excited at the prospect of generating all those Parking Fines to even notice the rogue signage. You of course discard the SIM at the end of the day and move on.
[From Beware Pay by Phone Cashless Payment at Car Parks]
OK, so this was just some speculating, but I’ll best the fraudsters have thought of it too. I’m constantly amazed (and, frankly, impressed) at the ingenuity of fraudsters. Look at these guys, for example, who came up with a brilliant idea for laundering stolen payment cards:
UK police have arrested nine people accused of using stolen credit cards to buy music they made themselves from iTunes and Amazon… The gang is accused of creating several songs before using an online US company to upload them to Amazon and iTunes for sale. Between September 2008 and January 2009 the group allegedly used around 1500 stolen or cloned British and American credit cards to buy $750,000 worth of songs. Apple and Amazon, who at the time were unaware of the plot against them, paid royalties totalling $300,000 out on the sales.
[From Finextra: Gang arrested for buying own music online with stolen cards]
Now you’ve got to admit that’s pretty neat. If they’d kept the sums down, they might have got a way with it. Thanks goodness they were greedy. But we can’t keep relying on the criminals greed to keep a lid on their activities. They are taking advantage of new technology in ways that legitimate businesses are not.
At the moment, most consumers would see a local phone number and trust that to mean that their call was really going there. Few would understand the potential of Voice over IP to route the call anywhere in the world. Fewer consumers still would understand that an IVR system that answered a phone call and asked for identity verification and card details might not be what it seems.
[From Phishing at a new level with a fake bank contact centre]
This is such a good idea I want to try for myself.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]
Dave, this is a perfect example of what is wrong with cards. Stripe has to be elimnated as you and I have agreed before. The bank/ service that does that will be on to something imho.
I think you can get paranoid about all types of card payment methods. I always look carefully at ATM machines to make sure they haven’t been “fixed”. I also shield the numbers I type in when purchasing at a store and look around for cameras facing me. And so it goes on. Up till now – not problem.