NESTA Crime Online - University of Brighton Repository
NESTA Crime Online - University of Brighton Repository
NESTA Crime Online - University of Brighton Repository
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Credit card fraud takes place mostly online. The categories <strong>of</strong> credit card fraud that<br />
show the fastest growth include a substantial online component. This is reflected in the<br />
increase <strong>of</strong> card-not-present fraud (CNP), counterfeit cards 37 and card ID theft, since<br />
these types <strong>of</strong> fraud are more likely to occur online. Such methods are becoming more<br />
important than the use <strong>of</strong> lost or stolen cards, or theft from the mail. 38<br />
Figure 2 shows that these three categories <strong>of</strong> credit card fraud have proliferated in the<br />
last decade, reflecting the rise in online transactions. Fifty-four per cent <strong>of</strong> card fraud<br />
was on CNP operations, the fastest growing form <strong>of</strong> credit card fraud, with average<br />
growth rates <strong>of</strong> 40 per cent per year from 1997 to 2007. APACS estimated that in the<br />
UK, the share <strong>of</strong> Internet/e-commerce fraud on CNP activities was about 73 per cent <strong>of</strong><br />
the total in 2006 (£154.5 million). This figure rose by 32 per cent from 2005, when<br />
Internet losses were £117 million and accounted for 65 per cent <strong>of</strong> CNP losses. 39 Using<br />
fraudulent credit card data for online purchases can be easy and fast, as a final sale<br />
does not require the card or the cardholder to be present. <strong>Online</strong> purchases can later be<br />
sold for cash. 40<br />
Fraud based on counterfeit cards temporarily fell from 2004 to 2006, perhaps due to the<br />
introduction <strong>of</strong> chip and pin technology, but it picked up in 2006 to 2007 – at a 46 per<br />
cent growth rate as cybercriminals discovered ways <strong>of</strong> outsmarting and circumventing<br />
these preventative technologies. Chip and pin technology was described as an<br />
‘extremely secure’ method <strong>of</strong> payment by representatives <strong>of</strong> banks and retailers. 41<br />
37 This category can involve undertaking old style fraud, by skimming (ATM skimming, manipulated Pin Entry<br />
Devices or a range <strong>of</strong> other more sophisticated techniques).<br />
38 CNP fraud involves the use <strong>of</strong> stolen card details to pay for goods and services over the Internet. Card ID<br />
theft occurs when a criminal uses a fraudulently obtained card or card details, along with stolen personal<br />
information, to open or take over a card account in someone else’s name. Counterfeit card fraud involves<br />
copying the information <strong>of</strong> the magnetic stripe in the card to forge a fake card that can be later used in ATMs<br />
or to make purchases. As defined by APACS (2008): “Fraud: The Facts 2008”.<br />
39 APACS, “Fraud: the facts” (2008).<br />
40 For more information on this aspect see the section <strong>of</strong> this report on cybercrime value chains.<br />
41 Sandra Quinn, director <strong>of</strong> corporate communications for APACS in 2005 noted that: "We don't think they can<br />
use fake machines because the machines themselves are engineered to read the chip so they must be reading<br />
the chip very carefully”; “Chip and pin security warning”, BBC News, available at<br />
http://news.bbc.co.uk/1/hi/business/4108433.stm. This was reiterated during a recent interview with a senior<br />
APACS staff member in 2008.<br />
Page 18