Be sure to play your cards right

Most people are aware of the dangers of skimming, but the criminal’s current favourite is the lesser known ‘card-not-present’ fraud, which accounts for 80-85 per cent of losses, writes AOIFE CARR

WHEN EAMONN CARROLL* lost his job at the beginning of April this year, he received a small redundancy payment. He lodged the payment to his current account to make sure ongoing obligations such as his mortgage, health insurance and utility bills were paid.

“I figured I would move some of the money to a savings account in due course, but wanted to research the best options available, and obviously wanted to have money in my account given I had lost my income and have a family to support,” he says.

Carroll last checked his account on April 11th and due to various circumstances, not least a problem with his home computer, did not check his account again until April 23rd by which time just under €10,000 had been taken from it in various fraudulent transactions using his Laser card number.

“I was stunned. In total there were 70 transactions all made online using the long number on the front of my card. I was told subsequently by my bank that this was obtained by copying the magnetic strip on the back of my card with a swipe device, probably in a shop or restaurant,” he says.

“At first, there were three to four fraudulent transactions a day, but when they realised they hadn’t been noticed it ramped up to eight to 10 a day. The transactions consisted of 13 Leap Card top-ups worth about €1,500 as well as various mobile phone top-ups worth about €700. There were large one-off purchases of electrical goods, car parts, groceries and clothing, a number of money transfers and a couple of large sterling purchases.”

“What I thought most unusual were the €300 worth of pizza and take-away orders, all made over the final weekend before I noticed the fraud and acted. In total, just under €10,000 was taken, but almost €3,000 was credited back to my account by vendors who suspected or detected fraud.” Carroll was not contacted by his bank, Bank of Ireland, to alert him to suspicious activity on his account.

“When I reported the fraud, the manager in my local branch of Bank of Ireland told me a copy of the magnetic strip on the Laser card was made, most likely at a retailer or restaurant, by swiping my card through a reader device. This gave criminals the ‘long number’ on my Laser card, which can then be used online where a pin number is not required. When reviewing the fraudulent transactions, the bank could distinguish between those made in this manner and those genuine transactions where a pin number was used by me,” Carroll says.

“The bank told me it’s likely the stolen card details were made available to a number of ‘customers’ of the original criminals, rather then all the transactions being made by a single individual.”