Skip to main content
Sticker Shock: How Familiarity Breeds Card Fraud

We all know what to do when we get a new credit or debit card. Sign the back, log in or ring to activate the card, destroy the existing one.

But what if the sticker on the front of the new card, detailing activation procedures, is actually a nefarious attempt by a criminal to have you log into a domain they control and download malicious malware on your PC? Or what if the activation call center is actually a bogus telephone service linked to a premium rate phone line established by the criminal, which means the customer pays through the nose to supposedly activate the card? What happens when the protocols designed to stop fraud are used to perpetrate it?

Worrying, isn't it? Would you spot any tell-tale signs of criminal activity or would you be oblivious to it because the card replacement conventions are all too familiar to you?

Worse yet, what if the card the criminal has packaged up and sent to you is simply an attempt to get you to destroy your current card? Why? Well, when you come to realize the misrepresentation, you are most likely to ask the issuing bank to have a new card (and maybe a new PIN for security reasons too) sent to you through the mail. And if a criminal knows that genuine card is on its way, they can make targeted arrangements for redirection or intercept. And suddenly they have an "in" to your current account or credit line.

Leveraging consumer experience and trust in accepted conventions is becoming big business for the criminal fraternity.

On the other hand, many people are now being told what their bank would "never do":

“We would never ask you for your full security password." "We would never request that you divulge your PIN." "We would never send you an email or text asking you to click on a link."

This is the message consumers we being told — but what is our experience? The experience is informed by other interactions. How many of us click willingly on links posted by friends, family, colleagues, or even strangers on social media? How many of us have divulged full bank log-on details to a digital wallet provider or online aggregator for convenience purposes?

What we need is a higher level of mutual authentication between customers and their banks, such that true security activity can be assured and criminals shut out. The only surprise I want from my bank is exceptional service. I don’t want to find out that their trusted processes and protocols have been hijacked to gain access to my money.

As the US market hurtles headlong into the environment of "out of cycle" card replacements (having new chip cards issued before the existing magnetic stripe ones have expired), there is a pressing need for heightened consumer awareness of any potential risks, and closer scrutiny of the replacement protocols.

related posts