The warning looked real. The post in one of Edinburgh’s online forums was well-written. It used the first person, which implied that the writer had first-hand experience of what they were talking about. It described a new scam apparently affecting Visa and Mastercards, with a very detailed account of the process.
It involves cardholders being called by supposed members of Visa security. They claim to have all the relevant details on you already, including your credit card number. They’ll ask if you made a purchase from a named company. When you say “no”, they’ll tell you that you’ve been a victim of a fraud. Only then will they ask you to verify your card by telling the security code on the back.
The post mentioned that the writer had been the victim of such a scam. It told of being called more than once. On the second occasion, the matter had been reported to the police. The post told of how officers were receiving several reports a day about the scam and warned the public to be careful.
So far, so plausible. However, the story began to fall apart when simple checks were made. Lothian and Borders finest (this was an Edinburgh forum) had no knowledge of the scam and certainly were not receiving “several reports a day”. The Association of Chief Police Officers in Scotland had not discussed it and had no plans to order a nationwide dragnet for the culprits.
A search on one of the hoax sites revealed the truth. The post was word for word identical to an email which had first appeared in 2007. It’d been investigated since then by several newspapers, one of which reported Visa and MasterCard officials in the US as claiming to “know of no specific person who’s been scammed according to the story outlined in the e-mail”.
Visa Europe declined to confirm or deny anything about the scam. But in a statement, it said that “fraudsters are willing to go to increasing lengths to convince cardholders to hand over personal financial details. Anyone who receives a call or email from someone claiming to be from their bank or a card company should be wary and should never share information such as card details, PINs, or passwords.”
However, the point of looking at this hoax is two-fold. Firstly, this particular one is both plausible and sophisticated. The claim is that criminals may already have most of your credit card details. That part may well be true. They can get that kind of information by using card-skimming devices, online and email fraud or buying stolen transaction records.
What this hoax claims they are trying to do is obtain further information which makes that number more useful to them, in particular the security code on the back. This also has an element of truth to it. Scammers could certainly carry out such a scheme and have quite probably attempted to do so. But from the reaction of the police, it’s by no means a common occurrence.
The second point is to remind readers to be on their guard. There is no value in sending out emails to all and sundry and causing widespread alarm. But it IS important to think about how you use and secure your credit and debit card details. Card fraud, especially over the phone, has been around for a long time and is unlikely to end any time soon.
Everyone should be wary of giving out any information at all about their account in response to an unsolicited phone call. It’s like email-based phishing. The scammers will try to claim that the security of an account has been compromised. They then ask for card and bank details, to “verify” the account.
The banks say they’ll never ask for this kind of detail. So anyone being asked for it should be very suspicious. The advice from their security departments is ask for the caller’s name and department and immediately end the call. Get hold of a legitimate contact number for the company from a bill and, most important, don’t use the contact number provided by the caller.
However, it’s worth remembering that, if you do receive a call in which the scammer already has your credit card number and contact details, your financial security has already been compromised. Get in touch with your credit card issuer and tell them. This will help them take any other steps needed to protect you from credit card fraud and identity theft.