Fraud artists, security experts fight sophisticated battle

A decade ago, protecting yourself against credit card fraud consisted of simple measures, such as refusing to give your card number out over the phone or making sure you did not leave your computer password on a sticky on your desk.

These days,as internet usage proliferates, sohave the number ofwayscon artistscan get their hands on credit card numbers, debit PINs (personal information numbers)and other private information.

That makes the struggle between thieves trying to steal information and ultimately money and companies trying to stop them increasingly complex.

"Every day is a different day. You try to stay two days ahead of the criminals in your thinking and one day ahead of them in your action," said Dion Yungblut, senior director of risk operations at Capital One Canada, the credit card company.

Rising crime tide

At present,it appears the country's ne'er-do-wells might have a marginallead in this never-ending race.

The Interac Association, an organizationwhose members specialize in debit card transactions, estimates that, in 2004, there was approximately $60 million in "like-cash" card fraud, and that 49,000customers were reimbursed for fraudulent transactions.

By 2008, the fraud dollar amounthad jumped to $104.5 million, with 148,000 card holders getting cash back that had been taken by con artists.

Maybe thecardequivalent of the "smash-and-grab" rooting through garbage bins for carbon copies of credittransactions is no longerworkable.

But crooks have moved on. They now use fake transaction terminals such as the one discovered in January in Nanaimo mathematical analysis to figure out the best times to blitz ATM terminals with stolen card numbers, and clever false internet pages on the World Wide Webthat ask for all kinds of personal information.

The wrong hand in your wallet

That means consumers have to be even more vigilantin protecting their information to ensure they are not the victims of fraud, Yungblut and other financial experts said as "fraudprevention" monthbegins across Canada.

"You have to be careful," said Jay Stark, vice-president of fraud management at RBC and a 13-year veteran ofCanada's fraud wars.

Stark heads up a 600-person divisionthat deals with credit fraud at Canada's largest chartered bank. That staff is about 200 people stronger than a couple of years ago, he said.

But Stark's online detectives are not flipping through old receipts. Instead, they are monitoring sophisticated computer programs that red-flag cards, and getting stolen money back in customers' accounts in many cases before cardholders know the cash has been pilfered.

"The code of conduct says we should refund the money within 10 days. But in about 55 to 60 per cent of the cases, the cash is back in the account before they even know they have been defrauded," Stark said.

To some extent, getting people their money back might be the best outcome companies can hope for as criminals keep cooking upnewways to thwart detection, experts said.

For example, in past years, thieves might use a stolen debit card at a single ATM a number of times behaviour that became easy for banks to detect.

Now, criminals might have different people at different ATMs in a series of towns, all ready to bang in copies of the purloined card.

Simple scams still effective

Yetwhile many crooks have turned to complex scams, simple still works, Stark said.

Ads promising unemployed people jobsworkingfrom home as currency traders often wind up out the cash they wired to China or some other "hard-to-get-at" country.

Other ads promising amazing prices for used cars or the ever-popular "cash-for-overseas-bride" also wind up costing consumers hard cash.

"These are the scams that really end up stinging customers," RBC's Stark said.

In fact, your social insurance number might not even be the target of these crooks, according to Capital One's Yungblut.

Banks often use a person's date of birth as the bit of information to prove someone's identity, he said.

That makes seemingly innocent profiles, on social websites for example, a gold mine for criminals trolling for information.

Capital One did a study a few years ago that suggested as many as 41 million dormant websites contain potentially useful information for people seeking to engage in identity theft, Yungblut said.

Fraud's wide net

Even organizations not normally associated with financial gamesmanshipcan get caught in fraudulent schemes.

The World Health Organization,the directing and co-ordinating authority for health within the United Nations, has issued an alert warning people that emails purporting to be from the agency asking for fees for job recruitment or to run lotteries are anything but legitimate.

"Many of these scams request detailed information and/or money from individuals, businesses or non-profit organizations with the promise that they will receive funds or other benefits in return," the WHO saidin itsonline warning.