Progress does not stand still, every time there are innovative products and services that make our lives easier and more convenient. And scammers just do not stand still, coming up with more and more sophisticated ways to extort or steal important data and Money. Can they somehow use your contactless card or other payment device? They can. Just as there are devices that pick up the signal from a car alarm and then apply it to your car to leave it unprotected, so there are devices that can read your “plastic” from a distance.

Card Security Measures

How to protect a card with contactless payment? We will talk about this. There are several ways to secure your money. If you often use the card itself without entering the security code, there are special covers with read protection. This is a reliable, inexpensive and convenient protection for contactless cards from being read. Everyone can afford to solve this problem in this way.

Bank cards have long and firmly entered our lives, making them an integral part of it. The improvement of technologies for the convenient use of "card" means in a contactless way, when the card itself does not need to be inserted into the payment terminal, was called an NFC card. This type of cards, although it appeared relatively recently, has already firmly entered life, as more convenient way payment. No need to constantly enter a PIN code, no need to pass the card into the wrong hands, no need to insert it into a reader. It's simple:

• choose a product;
• bring your plastic to the money terminal so that the back side looks at the terminal from a distance of about 5 cm;
• and the terminal instantly notifies you about the debiting of funds (or refusal of payment if there are not enough funds) and you can remove the card.

Payment completed. You can pick up your purchases.

How to get this card

Agree, these payments are safer and simpler. If you do not already have such plastic, then ordering it is quite simple. When ordering through any online bank, issuing a card, on average, will take 5 business days. But if you come to the bank personally for an order, for example, Alfa-Bank will complete your order in 15 minutes.

Visa and MasterCard payment systems are responsible for contactless payment, and you can contact any bank to issue a card with this specificity. Don't forget to protect contactless bank card with the help of a cover, as they say, "God saves the safe." He will not be redundant.

About fraud

Those methods of stealing the original card data that were previously do not work on a contactless card. It does not need to be handed over to the cashier or inserted into the terminals, your data will not be copied and will not fall into the hands of dishonest citizens. Contactless plastic is a pretty safe thing at this stage, but there is still a way to steal your funds. Some scammers use a specialized scanner, which can be located at a distance of 60-80 cm from you, i.e. in transport or with a large crowd of people, with some degree of probability, you can become a victim of a robbery in this way. And for such manipulation, these scoundrels will not even need your security code or card number.

How it's done? Relatively simple - the scanner affects the card, forcing it to “give out” signals that the scan reads. Whether you have a little money or a lot, it doesn't matter. Robbery is robbery. It's sad, embarrassing and illegal. If you have not secured yourself, but are afraid of a sad outcome, there are several options for protection.

How to protect yourself

• purchase a shielded wallet for contactless bank cards - is considered the most effective way protect your savings from thieves. It will protect your plastic from scanning due to an innovative coating;
• set a limit on the card in your personal account when paying small amounts that do not require the introduction of a security code.

By the way, additional protection is provided due to the fact that the card is issued with a microchip that cannot be faked. Also, during the operation, a unique transaction number is created, which reduces the likelihood that fraudsters will have time to use the account.

How does the case work?

Protective case for contactless card will prevent robbery of your financial account. The beautiful plastic construction with a built-in metal layer will protect your card by blocking radio waves, thus preventing communication between the scanner and you.

In addition to the protective function against scammers, the case will protect the card from dirt, moisture and damage.

RFID Wallet

Of course, the case is not suitable for everyone, many keep their plastics in their wallets, in special compartments, moreover, they have several cards at once, and it is not always convenient to buy a case for each, and it is doubly inconvenient to keep it in one. Here, a special wallet with stop rfid protection will come out.

By the way, if we talk about personal information, chips are already embedded in passports and other documents. So care must be taken to keep such secrets in a safe place. An rfid-enabled wallet can provide such a place. It is made of special materials that block the transfer of data to a hostile reader, even when the wallet is open. Innovative technologies absorb any radio waves, protecting your money and information from illegal interference. Features that this purse has:

• absorbs hostile radio waves from reading your information;
• protects against degaussing, even if you keep the card near magnetic radiation or radio radiation;
• if you put your cell phone in such a wallet, you cannot be eavesdropped or tracked, this is especially true in any important negotiations and the fact of illegal tracking.

Technology does not stand still. Fraudsters come up with more and more sophisticated methods of extortion and theft of finances, so you should play it safe once again, securing your money.

Life hack for protection

You don't always have the funds to buy a wallet or card case. Here you will come to the aid of ordinary foil. It, of course, is not so convenient to use as a case or purse, but in the absence of extra finances, it will save you from stealing the last rubles. Watch origami workshops on how to fold cases or wallets, and create something similar out of foil. As the saying goes: “protected means armed”.

Buying a case

Where are cases or wallets with stop rfid protection sold? Beware of cheap fakes, they may tell you that their product really protects, and in fact you can’t check this in any way in such stores, you can simply be deceived. It is better to use branded stores or outlets that specialize directly in this product.

Thus, you will avoid not only fakes, but also marriage. Consult with the sellers, they will tell you about all kinds of options, recommend the necessary properties, help you deal with the purchased item, explaining how to use it and eliminate your doubts, if any. This "pleasure" is not cheap, but, on the other hand, you will be calm, and your money will be saved, being under reliable protection.

Keeping money on the card is very convenient. But this is associated with certain risks, and if you do not follow the basic security rules, then you will have to say goodbye to the accumulated funds very quickly. the site shares tips on how to protect your bank card from scammers.

How to protect your bank card from scammers

According to forensic experts, the volume of fraudulent debits from clients' bank accounts annually exceeds 100 billion rubles - an astronomical figure. Fraudsters act cunningly, taking advantage of the flaws of the modern law enforcement system and its weak technical base - write off small amounts of 70-100 rubles. Because of such a trifle, not everyone will go to the police, and if the figure is multiplied by a couple of hundred, then an impressive amount is obtained for a fraudster.

Be aware of privacy

Protection of personal information - the basics that will protect and secure your card from fraudsters and reduce the risk of spending your own funds.

Do not share your PIN and details with strangers

This is one of the basic rules, which, despite all its obviousness, for some reason is not always observed.

The worst option is to write the PIN code on the card itself or on a piece of paper that is always next to it (for example, in one case). In this case, the attacker will only have to go to the ATM and withdraw everything that is on the account if he gets your card at his disposal.

It's not a good idea to give your PIN to a shop clerk, a waiter, or the boy next door (if you're asking him to withdraw some money). Protecting the combination, which is actually the key to your wallet, is worth special care.

If it so happened that the PIN code was compromised, then it is urgent to change it. A number of banks allow you to do this even by phone.

If you think that the data printed on the plastic - the "expiry date" of the card, the owner's name and three digits on the other side (CVC code) - are needed only for a "reference" purpose, then you are mistaken. This data allows you to remotely identify means of payment and make payment on it.

If an attacker has the card itself or its full data, he will be able to withdraw money, as an option - through an online transfer to an anonymous wallet or by making a purchase in a fake online store.

Be careful when voicing information to accept payment for an online sale. If you are offered to transfer money - transfer only the card number. The rest of the details are not needed.

Be especially careful with the CVC code. With online identification, it plays the role of a PIN code. Never, under any circumstances, post a scan or photo of your card in the public domain.

Do not voice codes from SMS

This is also a classic. Fraudsters use various methods of social engineering to cash out their victim's card by hook or by crook.

For example, they contact the cardholder and announce to him that he won the lottery. And now they, allegedly for crediting the prize, require full details. After some time, an SMS with a code arrives on the victim's phone, which the attackers also request. And the owner of the plastic, to celebrate, informs him, not suspecting that he actually helped them make a transfer from his card to another, or even gave them access to his Internet bank.

If such a situation has occurred, and you begin to receive SMS from your bank, do not rush to tell anyone, but carefully read which operation you are confirming.

Important: some especially “advanced” criminals can use special equipment to intercept SMS from the bank, so it’s better not to tell anyone your card details.

Don't save passwords on your computer

If you actively use remote banking on the Internet, follow a number of simple rules:

• Do not agree to the browser's offer to save the password or card data. They can be removed from the server.
• Do not save passwords on other people's computers (in an Internet cafe, with friends, etc.) and even on a work one.
• If unauthorized persons have access to passwords, change them immediately.
• For prevention purposes, it is recommended to change passwords at least once every 2-3 months.

Be careful with contactless payment

Paying with one touch is convenient, but not entirely safe. If the card is lost, anyone who finds plastic can pay for it in the store. A few trips - and the balance is exhausted.

There are several ways to protect yourself from this:

• Disable contactless payment, leaving only authorization by PIN;
• Set the limit on the amount of payment - by default it is 1000 rubles, lower it to 500 rubles, and even to 100.

Be sure to set up SMS notifications. If you lose your card, you will immediately know about unauthorized transactions.

If convenience is important - use special protective covers for the card - they are inexpensive, but they protect reliably.

The theft of funds from PayPass bank cards was most widespread in the metropolitan metro - where there is a huge crowd of people. Fraudsters acquire readers that read information from a payment instrument and discreetly place it next to a bag or clothing; transactions up to 1,000 rubles are successful. Be carefull!

Do not open suspicious MMS and links

If you receive a message on your smartphone from an unknown sender, especially with an enticing, "teaser" message, do not rush to open it. If you have opened it, do not follow the links, especially the short ones. There is a risk of launching viruses on your smartphone that intercept information and transmit it to their "owners".

Contrary to popular belief, even Apple can be attacked by such a virus.

Danger can come from everywhere: SMS, MMS, instant messengers. Stay vigilant!

Pay attention to the number and address of the sender

Familiar numbers pose no less danger. Modern technologies do not stand still, and scammers have learned to "mimic" - more precisely, to forge messages and send them on behalf of official representatives.

For example, they can have the same email address as the Federal Tax Service, but with a change in one character in the name or with a different domain zone. The letter will contain a link leading to an infected resource, or it will simply contain a virus file.

Attackers may try to scare the client in order to find out his card details. For example, they will send him a message stating that a huge fine has been imposed on him or that he is being summoned to court. Or, on the contrary, they will report a “winning” in the lottery.

Some scammers manage to acquire free numbers, starting at 8-800, and start calling the victims, pretending to be bank employees. Check if they call you hotline, very simple: just go to the official website of the bank and compare the numbers. If you receive a call from someone else, hang up immediately.

Other malefactors forge numbers of operators. For example, instead of the number 900, a message may come from the number 9OO, in which instead of zeros there is an English O. Or instead of a small English l (el) in the name of Alfabank, a capital I (ai) can be written - in some fonts these letters are indistinguishable.

If the content of the email seems strange or suspicious, then the best thing to do is to simply ignore it.

Use trusted ATMs

It will not describe in detail how fraudsters counterfeit cards by reading data from magnetic tape using skimmers and other technical devices, as well as how they obtain PIN codes when using keyboard overlays. We only note: there is such an opportunity, and it is easy to get such devices on the "black market". Having received the data, the fraudster will be able to withdraw money without having the card itself.

Such devices are installed on ATMs that are located in crowded and dimly lit places - in underground passages, on the streets, in the basements of large shopping centers, etc. The older the ATM model, the easier it is to install skimmers on it.

Therefore, in order to protect your money, it is best to withdraw money, pay for services or replenish your card account at terminals that are located in the bank itself under the gunpoint of many video cameras. Or in large shopping centers where ATMs are guarded.

How to secure your bank card online

The lion's share of fraudulent transactions falls on the worldwide web. The Internet is still a fertile ground for those who want to cash in, abusing the trust of ordinary users.

Use antivirus

Tips follows from the previous one. If you read mail from a computer, then be sure to enable the e-mail check module in your antivirus settings. If from a smartphone, then purchase a special anti-virus program for mobile devices. The license is not expensive, and the benefits from it are huge.

The antivirus will not only prevent the download of dubious files, but also protect against frankly fake emails.

Set up two-factor authentication

If possible, make additional identification by voice, face (photo), or fingerprint. Even if your smartphone gets to an outsider, and that somehow get access to mobile application bank (for example, will use hacking programs), then he will not be able to fake biometric data.

Sign out of your online banking account

After finishing your online banking session, don't forget to click the Logout button. Especially if it's someone else's computer. Often there are cases of theft of funds when the cardholder logged in to his personal account, but did not log out. And the one who sat down after him just sent himself his money.

Just closing the tab is also not enough. If you return to the page, for example, through the History tab, then the session will be restored back.

Some banks, for example, Tinkoff and Sberbank, automatically "log out" the client after 10 minutes of inactivity, even if he did not close the tab - this allows you to protect your account from unauthorized access. However, you should not rely on this. It is better to log out of the online account on your own.

Use virtual cards to pay

If possible, do not use your main bank card when paying for goods and services over the Internet. 3D-Secure technology reliably protects against data leakage, but you should definitely make sure.

To protect yourself, use fallback options for online payments - for example, an unembossed or spare card, and keep a minimum of money on it. Or even use a virtual understudy. In this case, it will be easier to save money.

Check and call back

Be careful! At the slightest suspicion that you are being deceived, call the bank. Remember that real bank employees will not find out any confidential data from you, but on the contrary, they will even stop you if you start dictating card details or giving the value of the PIN code.

The maximum that they can ask you for is passport data and a code word, as well as information that only you can know (for additional identification), for example, available credit limit on the map.

Do not hesitate to interrupt the caller and ask him for his first name, last name and position. It may turn out that among the employees of the bank there will be an unscrupulous employee.

Take an example from Sberbank - share information

The largest bank on the official page constantly updates information about new methods of fraud and promptly notifies its customers on how to secure their account. Follow his example - be sure to let your friends, parents and grandmother read this article. No one is immune from fraud, and in the age of high technology, the tools of attackers are becoming more and more sophisticated. Keep track of your financial security and do not let fraudsters access your money, simple steps will allow you to protect your bank card from fraudsters.

Over the past two or three years, Russian banks have been actively issuing cards that support contactless payments PayPass and Paywave - this is how these systems are called by Mastercard and Visa, respectively. More than 30,000 retail outlets in Russia support their reception - by attaching a card, you can pay for metro travel and a diamond ring.

The main application, of course, is micropayments, since for amounts up to 1000 rubles, neither entering a pin code nor the signature of the owner is required - put it and go, although for larger purchases, a contactless card provides additional security, because you do not let go of it : if it ends up with the seller, cashier or waiter, then he can at least quickly and discreetly get her details, and then sell them to carders.

A special validator that supports PayPass technology has already been installed on buses in Moscow and St. Petersburg. With it, you can pay for the journey yourself using a bank card. Photo: petersburglike.ru

Where is the vulnerability here?

However, it is possible to read your contactless card data, and for this you don’t even need a terminal, but an NFC-enabled smartphone is enough. In particular, the card number and its validity period, as well as the list and amounts of recent transactions, are not protected from reading in any way.

This information is not enough to create a full-fledged clone, but in some cases it is enough for a CNP transaction (Card Not Present) - that is, transactions without the presence of a card, or, simply put, making a payment via the Internet or by phone (for example, in Russia it is possible buy Aeroflot tickets through the call center) - without entering the first name / last name and CVC / CVV code.

In the United States, over 4 years, a group of fraudsters "cleaned" more than a million bank cards, deducting only $ 9 from each. Due to the insignificance of the amount, only 10% of the victims noticed and challenged the loss.

Is it necessary to be afraid of a person with a terminal?

At the beginning of this year, RuNet was stirred up by the story of an IT specialist who photographed a man with a wireless phone in the subway. bank terminal and suggested that with his help the passenger was stealing money from the contactless cards of the passengers. After all, what's the difference, attach the card to the terminal or the terminal to the card? Of course, no evidence was presented, but the story was actively discussed in the media, which collected good traffic on the headlines about "A new way of fraud" and "How scary to live."

As a result, another urban legend appeared, which was cleverly used by wallet manufacturers who offered products with shielded compartments for bank cards. Throw out your old wallet and buy a new one! Expensive! Guarantee! Otherwise, you will lose everything! Or, like a fool, wrap the cards in foil. No, seriously, these are the tips that the authors of articles about this “vulnerability” write.

I bought an LV wallet with card reading protection: I heard a lot about how a thief can just get on the bus and take all your money. Well, the wallet itself is fashionable and beautiful, I have long wanted one.

Irina Krasilshchikova

Voronezh

In fact, this urban legend is something like stories about mutant rats that live in sewers, suddenly emerge from the toilet and bite off the legs of unsuspecting townsfolk. That is, it is theoretically possible to read a contactless card in the owner's wallet. But practically...

First, you don't know which passengers have a PayPass card and which don't. Most don't. Secondly, you don't know where this card is located, and you can consider an NFC card as a terminal only in the immediate vicinity, no more than a couple of centimeters. That is, you need, it turns out, to approach everyone in a row and carefully drive the terminal along the bags and pockets of the victim.

Information from a PayPass card can only be read at a distance of a few centimeters. Photo: Daily Mail

American IT security experts, of course, made an experimental reader that allows you to “remove” data from almost a few meters, but you had to carry it in a cart from a supermarket. And there is a “trojan” for Android smartphones, which, if you carry your phone with cards, can quietly read them and send data to an attacker, but here the probability of several success conditions matching is also small. But, let's say we managed to read the data.

Where will this money go? Each terminal is registered with a bank, and each of its owners has a special seller's account to which this money is credited. That is, there is no anonymity here, and it is very difficult to withdraw funds obtained by criminal means; rather, it is even impossible to do it while remaining anonymous. It will be like in that joke about the robber who burst into the bank with a gun and shouted: “This is a robbery! Nobody move! Now transfer all the money to the account 40817810452360569251!” Only with the difference that maximum amount transfer without confirmation by the cardholder is limited to a thousand rubles.

IT specialist Sergey Vilyanov believes that contactless transactions are protected no worse than payments with chipped cards (especially since cards that support contactless payments are always equipped with a chip).

The EMV standard, according to which wireless payments are protected, excludes the very possibility of card cloning based on the information transmitted during the transaction. It's even harder than cloning a human from a drop of saliva. Well, if someone had such an opportunity, he would hardly have traded it at the price of an iPhone, because Visa and MasterCard would have bought a description of the vulnerability much more expensive.

Sergey Vilyanov

IT and innovations editor of the Bankir.ru portal

In general, not vulnerability, but one continuous anecdote. So you don’t need any special wallets and foil hats: pay twice as much for it simply because there is a metallized mesh inside? Doubtful decision. There is, however, one exception: these are wallets in which all cards are shielded, except for one. This will allow you to use contactless payment without removing the card from your wallet: in a regular purse, PayPass cards will conflict not only with each other, but also with travel cards. public transport, key cards from offices, etc. And be sure to check if you have 3-D Secure connected.

However, 3D-Secure is not a panacea. Some banks allow card transactions where the technology is not supported. In this case, it is necessary to clarify whether it is possible to set limits on such unprotected transactions, and then the risk of a sudden depletion of the account will be minimal.

How to protect a card with contactless payment? This question is asked by every person who has become its owner. Fortunately, there are a lot of ways - from physical protection to insurance funds. In this article, we will tell you in detail how to protect your card from scammers and secure your money.

• SMS notifications. If SMS-informing about transactions is connected, you will be able to quickly respond to an unknown transaction - call the bank after receiving a notification, dispute the transaction and block the card. We recommend that you turn on the vibration mode along with the sound signal so as not to miss SMS in a noisy place.
• The PIN-free swipe limit will help limit the amount of purchase that can be made without entering a password that only the owner knows. Make sure on plastic card such a restriction is set - the amount for contactless payment does not exceed 1000 rubles.
• Protect your smartphone. Don't download apps from unknown sources and regularly check your device for viruses and suspicious activity - attackers can use your smartphone as a crime weapon (something like an NFC signal repeater) when it is near the card. For the same reason, try to keep NFC and Bluetooth disabled. Still, try to keep your contactless card separate from your phone whenever possible.
• Use RFID card to pay for online purchases. This method is quite radical, but often banks issue cards equipped with an NFC chip without asking the client's permission. Disabling the contactless payment function is often problematic and even impossible. - in this case, you can use the card at home, for example, paying for purchases on the Internet.

Read Protection

How to protect a contactless bank card from being read?

• Provide a physical barrier. Despite the fact that data transfer using PayPass takes place over a few centimeters, there are special readers that increase the range of “defeat”. Researchers from the University of Surrey using such a device increased the possible distance to 80 centimeters - with it, for example, you can easily “interrogate” all the nearest bank cards in a subway car. A physical barrier that blocks the signal, such as a wallet with a layer of metallized film, can help. Put the card in the inner pockets, so that the distance to it is at least 10 cm, and there are metal objects nearby.
• Keep RFID card along with other cards. This method is simple and quite effective. If you carry a contactless payment card with other non-payment contactless cards (for example, with a Troika pass), then when you try to read the data, the device will simultaneously receive several different signals and simply get confused.

Will foil protect a bank card from being read?

Aluminum foil is one of the most available ways protect the card from being read. It perfectly shields the signal of intruder readers, and is a simple answer to the question of how to protect a bank card - even ordinary chocolate foil is suitable for this. You can make protection with your own hands - just line the compartment of the wallet in which the card is stored with foil, or carry the card in a foil bag. A more reliable and convenient option is to purchase a special case with a protective coating that repels electromagnetic waves. If you wish, you can buy a wallet made using certified technology from metallized fabric. Many Western companies require their employees to use such wallets for information security.

How to protect a Sberbank bank card from scammers.

If you used the above protection methods, then even in combination they will not give a 100% guarantee of the safety of money on the card. The best way protect a Sberbank card from fraudsters - insure it using the "Card Protection" policy.

Why should you insure your card?

1. It's comfortable. You can get a policy by contacting a bank branch or using the Sberbank Online Internet service.
2. It's profitable. Using “Thank you” bonuses, you can save up to 15% of the cost of the policy.
3. It's safe. With the help of one policy, you insure all Sberbank cards.

What to do if the card details got to the scammers

If your bank card fell into the hands of scammers, you need to act quickly. If you have enabled an SMS notification, then information about a suspicious transaction will be received immediately. Now you need to do the following:

1. Call the bank to block the card. Inform that the purchase through the terminal was not made by you.
2. Report the theft to the bank.
3. Report theft to the police

In general, the likelihood of being scammed using a contactless card is no greater than the chance of being scammed by other means, and you can still follow the minimum security rules.

Some of the tips may seem elementary to you, but this is where security begins.

Card fraud methods

The imagination of criminals is boundless. Literally every year there are new, more sophisticated methods. Let's consider the main ones.

Fraud with bank cards is called carding.

Let's start with the "classics". You have come to withdraw money from an ATM. Hurry up, literally on the run, enter the PIN-code, while chatting on the phone. You didn't even look at the inconspicuous kid in a baseball cap and dark glasses peering over your shoulder. But he watched you very carefully. He spied and remembered the numbers that you entered. Further elementary GOP stop- and farewell, money.

Also, in the confusion, you can not see that in front of you is not a real ATM, but a fake. After all, the device is exactly like a real one. Stickers, instructions - everything is as it should be. You insert the card, enter the PIN code, and the screen displays: “The device is faulty”, “A system error has occurred”, “Insufficient funds” or something like that. Well, it happens. You go looking for another ATM. But before you find it, the scammers will empty your account. After all, with the help phantom ATM they have already read all the necessary data about your card.

Often imitate ATM malfunction. For example, late in the evening you return home and decide to cash out your salary on the way. We inserted the card, entered the PIN code, the amount - everything is going fine. The card capture reader gave out the card, but the tray where the money should appear does not open. Broken? Maybe! It's dark around, you need to call the bank and find out what happened. You walked literally ten meters away, and smart thieves had already peeled off the adhesive tape and took your money. Yes, yes, simple adhesive tape did not issue bills.

Another approach is called "Lebanese loop". This is when a lasso from photographic film is inserted into the card reader. If you hit him, the card can no longer be pulled out. As a rule, there is an “assistant” right there: “Yesterday, the ATM ate my card in exactly the same way, I entered this combination and PIN code, and it all worked.” You try, fail, and go to the bank for help. At this time, the Good Samaritan takes the card and goes to empty it. He knows the PIN. You yourself have just entered it openly. Remember?

However, an ATM can be real and even serviceable. This is not a problem if attackers have skimmer. This is a device for reading information encoded on the magnetic stripe of the card. Physically, the skimmer is an overhead block attached to the card reader, while it looks like part of the ATM structure.

On the left - an ATM without a skimmer, on the right - with a skimmer

With the help of a transmitter, fraudsters receive information from the skimmer and make fake cards. They will use the skimmed card, but the money will be debited from the original account. Hence the name of the method - skimming, from the English "skim cream".

How do they know the PIN? In addition to the skimmer, they have other devices. For example, overlay keyboard. It completely imitates the real one, but at the same time remembers the key combinations you type.

Keyboard overlay

As an option - a miniature camera aimed at the keyboard and disguised as a box with advertising booklets.

Hidden camera

Type of skimming shimming. Instead of bulky overlays, a thin elegant board is used, which is inserted through the card reader directly into the ATM. Further, the scheme is the same as with skimming. But the degree of danger is higher: it is almost impossible to see that there is a “bug” in the ATM. It is consoling, however, that it is rather difficult to make a shim - its thickness should not exceed 0.1 mm. Almost nanotechnology. :)

Phishing- a common method of Internet fraud. Most of you don't need to explain what it is. Perhaps someone even received a “letter from the bank” with a request to follow the link and clarify the details. Moreover, the phishing page looked like a real one, the same colors, fonts, logos, except for an annoying “typo” in the address bar.

Recently, a subspecies of phishing has been spreading more and more - vishing. Simply put, divorce over the phone. Fraudsters simulate an autoinformer call. A frightening robotic voice informs you that your card has been blocked or hacked, or you urgently need to pay off your loan debt. Call this number for details. You call, and the polite "operator" asks you to "verify" the card number, its expiration date, verification code ... Once you have dictated the last digit, you can say goodbye to your money. By the time you come to your senses, they will already be spent in some online store.

By the way, due to the fact that it is not necessary to have a physical card to use it, fraudsters are increasingly using methods social engineering. So I almost got scammed.

I sold furniture. Placed an ad with photos on a well-known site. I specified a number through which no authentication passes for me. Soon a man called. He introduced himself as Vasily, an employee of a company that rents apartments for rent. He said that they liked my sofa - they take it without looking! The money will be transferred to my card right now. No problem. I often buy on the Internet, for this purpose I have a special card. There was nothing to write off from her then, but replenish - please. But one number was not enough for the caller - the interlocutor asked for another expiration date and CVV2. I did not name, but Vasily was offended. He told me who I was and where I needed to go, and hung up.

Most cards are now tied to a phone number in order to confirm transactions using SMS messages or, for example, logging into the Internet bank. What attackers don’t do to get hold of the right SIM card: they steal phones, intercept SMS, make duplicate SIMs, and so on.

Safety rules when using cards

Having issued a debit or credit card we get a deal banking service and an envelope with a PIN code. It is a pity that, in addition to this set, they do not include a memo with elementary security rules for cardholders. It should include the following recommendations.

• If possible, make yourself a hybrid card - with a chip and a magnetic stripe (unfortunately, cards with a chip only are almost never used in Russia). Such a card is better protected from hacking and forgery by skimming.
• Learn the PIN code by heart. If there is no hope for memory, write it down on a piece of paper, but keep it separately from the card.
• Never, under any circumstances, disclose to third parties the PIN code and CVV2 code of the card, as well as its validity period and to whom it is registered. No bank will ask you for these details. And to credit funds to your account, only the 16-digit number indicated on the front of the card is enough.
• Don't use the so-called salary cards for settlements in stores and payment for online purchases. It is better to transfer money from a card account to a personal account or set daily limits for all types of transactions performed.
• Choose ATMs located inside bank offices or at secure points equipped with video surveillance systems.
• Do not use suspicious ATM models. And before inserting the card into the terminal, carefully inspect it. Is there anything suspicious on the keyboard or in the card reader? Is there a strange advertising tray hanging nearby?
• Feel free to cover the keyboard with your hand and ask especially curious comrades in line to step aside. If problems arise, do not use the advice of "random assistants" - without leaving anywhere, immediately call the bank and block the card.
• If you have lost your card, and also if you have reason to believe that third parties have learned its details, immediately contact the bank and block it.

It's easiest to call. If you have the card in your hands, you can see the support number on the back of the card. As a rule, contact centers work around the clock. If the card is left in the ATM and you do not know the phone number of your bank, call the ATM maintenance company. The number must be indicated on the terminal.

In addition, find out about the possibilities and conditions of card insurance at your bank. Some credit institutions have special programs to protect customers from fraudsters and reimburse them for damages.

Banking safety rules

You can take advantage of a large package of services without leaving your home. For example, pay for something or transfer money to your own or someone else's account.

Banking - remote banking service.

Allocate Internet and SMS banking. The first allows you to perform operations through Personal Area client on the bank's website or through the application, and the second involves informing about transactions via SMS messages.

In order to use banking without the risk of losing money, the following basic precautions must be observed.

• Do not log into the Internet Bank from other people's computers or from public unsecured networks. If this still happened, at the end of the session, click "Exit" and clear the cache.
• Install an antivirus on your personal computer and update it in a timely manner. Use modern versions of your browser and email programs.
• Do not download files received from unverified sources, do not follow untrusted links. Do not open suspicious emails and block the sender immediately.
• Unless necessary, do not enter any of your personal data, in addition to your login and password.
• Check your address bar. A secure HTTPS connection must be used. And the slightest mismatch with the bank's domain almost certainly means that you are on a phishing site.
• Come up with a complex password to enter your personal account, and also use one-time passwords requested by banks to confirm actions in your personal account.

Remember! Banks do not send messages about blocking cards, and in a telephone conversation they do not ask for confidential information and codes associated with customer cards.

To protect the SIM card to which the card is linked, promptly notify the bank when you receive suspicious messages and in no case call the numbers indicated in them. Inform the bank if you have changed your number or lost your SIM card. Set a password on your phone and do not remove the block from the screen if someone else is watching your actions. And if the SIM card is issued to you personally, then prohibit its replacement by proxy.

What to do if scammers deducted money from the card

Disputes between customers and banks are not uncommon. The former, having learned about the unauthorized debiting of funds from their accounts, ask to return their hard-earned money, and the latter often shrug: “You yourself told the scammers everything.”

Entered into force in 2011 the federal law 161 “On the National Payment System”, designed to streamline and change for the better the practice of providing payment services. In particular, he established the legal foundations for all payment system in general and adjusted the rules for non-cash payments, as well as the issue and use of electronic money.

In 2014, article 9 of this law came into force. The norm protects bank card users from fraud. The law establishes the presumption of innocence of clients. The Bank is obliged to reimburse the amounts transferred from the client's account as a result of an operation not authorized by him, unless it is proved that the client himself violated the procedure for using the electronic payment instrument.

From September 26, 2018, banks will legally be able to block customer cards if they suspect that fraudsters are transferring money from them. After blocking, the bank must inform the account holder about this, and he will either have to confirm the operation or report an attempted theft.

In other words, the law delimits the responsibility of the bank and the client.

1. Did the bank inform the customer about the unauthorized transaction? If not, the responsibility lies entirely with the bank. If informed, go to point number 2.
2. Did the client inform the bank no later than the next working day after the notification from the bank that this operation was performed without his (client's) consent? If not, the responsibility lies with the customer. If informed, go to point number 3.
3. Was the bank able to prove that the client violated the procedure for using electronic money? If so, the responsibility lies with the client. If not, the bank is fully responsible and is obliged to reimburse the client for the entire amount of the disputed transaction.

A prerequisite for the reimbursement of unauthorized debited funds is to notify the bank about the use of the card without the consent of its holder.

Tell the bank that the card is being used by someone else no later than one day following the day the customer discovered the fraud.

Meeting this deadline is very important. Overdue - you can not count on a refund.

In addition, the client must have proof of the notification in his hands. We are talking about the second copy of the appeal to the bank with a note of acceptance made by an authorized employee, or a written notification of sending a valuable registered letter with a list of attachments to the bank's address.

Contacting the bank does not cancel or replace the appeal to law enforcement agencies.

conclusions

So, a brief algorithm of actions in case of illegal debiting of funds from a bank card is as follows:

1. Do not panic, call the bank and block the card. Plus, we ask the operator to name the account balance and the last transactions made.
2. During the day we run to the bank and write a statement. Be sure to endorse our copy of the application with an authorized employee of the bank.
3. If the employees of the credit institution in any way prevent this and refuse to accept the application (the forms have run out, the technical break, and so on), we turn to the prosecutor's office.
4. We write a statement to the police. Especially if you are faced with robbery or robbery.
5. We are waiting for a refund.

If the bank refuses to refund funds debited from the card, referring, for example, to a violation of the procedure for using electronic money, you can defend your rights in court.