How to detect and deal with bank card fraud
Despite the strides constantly being made to secure payment methods, bank details are still being stolen and card fraud is still taking place. Fraudsters are highly resourceful and draw on a number of techniques to steal their victims’ information. But how can you recognise bank card fraud, what precautions should you take and how should you react if it happens to you?
Bank fraud refers to purchases or withdrawals that are made without your consent. This can happen when you make a payment online, at a payment terminal or self-service payment machine (in carparks, service stations, supermarkets, etc.) or even when you withdraw cash from an ATM. What types of bank card scams exist?
Phishing
You will receive an email from a sender claiming to be your bank, your insurance company, the tax authorities or the police asking you to visit a website, or from a delivery firm notifying you of a shipment that you never ordered, etc. The personal details (card numbers, passwords, etc.) that you enter on this fake site – which often looks similar to the official website – are then retrieved and used by the fraudsters. See How to avoid phishing scams.
Your bank will never ask you to update or confirm personal details by email, text (smishing) or phone (vishing)!
What precautions should you take?
-
- Be wary of any spelling mistakes or clumsy expressions in messages.
- Never share your personal login details or passwords.
- Do not click on links in emails requesting personal information (and do not reply to them).
Your bank will never ask you to update or confirm personal details by email, text (smishing) or phone (vishing)!
Card skimming
The bank details contained in your card’s magnetic stripe are copied using a fake reader that may be installed in an ATM or payment terminal (at a petrol pump, for example). This device is often combined with a camera or a fake keyboard that records your PIN as you enter it.
What precautions should you take?
-
- Try to use ATMs located inside bank branches.
- Avoid using damaged payment terminals.
- Look closely at the card insertion slot, and if you are unsure, do not use that terminal.
- Withdraw money during the week: criminals often install devices on weekends or on the day before bank holidays.
- Don’t take your eyes off your bank card when you give it to a shopkeeper or waiter, etc. Go to the payment terminal in person.
- Try to use contactless payments so you are always in control of your card.
Don’t let anyone distract you or offer to help when you’re withdrawing cash from an ATM.
Shoulder surfing
In this case, thieves peer over your shoulder when you enter your PIN and then steal your bank card. They may try to distract you to take your card surreptitiously or even install a device that keeps your card inside the ATM, making you think that it’s been swallowed by the machine.
What precautions should you take?
-
- Cover the keyboard or payment terminal when entering your PIN.
- Don’t let anyone distract you or offer to help when you’re withdrawing cash from an ATM.
- If your card is swallowed by the machine, notify your branch immediately.
- If you’re unsure, block your card straight away in your bank’s mobile app or on its online banking website. You can always unblock it later if you find it.
Bank card theft or loss
It is possible for someone to use your card after it has been lost or stolen. Fraudsters can make purchases using the card’s contactless feature or if they know your PIN.
What precautions should you take?
-
- Learn your PIN off by heart and never write it on your card or anywhere near to it.
- Do not lend your bank card to anyone and keep it in a safe place.
- Check your bank statements regularly for any anomalies.
Hacking of bank details
Your bank details are also vulnerable to hacking when you make online payments. Several techniques may be used: fake websites, malware, hacking of a retailer’s website, etc.
What precautions should you take?
-
- Avoid using public Wi-Fi when shopping online.
- Use an antivirus and update it regularly to make sure malicious websites are detected.
- Always check that a padlock symbol and “https” appear at the beginning of the URL to make sure the webpage is secure.
- Do not save your payment details on websites.
- Remember to log out of retail websites.
- Do not enter your personal details in public computers or tablets.
You will never be asked for your 4-digit PIN for online payments.
Tackling internet fraud
The European payment services directive (PSD2) seeks to enhance the security of online transactions by establishing, in particular, strong authentication for online payments above EUR 30. In most cases, users will have to provide two or more of the following elements when making payments:
As a rule, retailers currently use 3D Secure technology to secure online transactions and, in Luxembourg, this only functions via the LuxTrust certificate (your Token or your LuxTrust Mobile app). |
How to respond to bank card fraud
Despite taking the necessary precautions, you fall victim to a scam. How should you respond and what action should you take first?
When you notice that your bank card has been lost, stolen, hacked or used without permission, you must notify your bank as quickly as possible.
-
- If you can, block your card immediately through your bank’s mobile app (if such a service exists) or online banking website. The card will be blocked in real time.
- If this is not possible, cancel your card by notifying your bank’s card services provider. In Luxembourg, this should be Worldline (previously SIX Payment Services), which can be contacted on the following number: +352 49 10 10 (available 24/7).
- Report the incident to the police within 24 hours, especially in the case of loss or theft. If your card has been used to make fraudulent transactions, ask that they be included in your statement. Proof of this report must be sent to the card issuer or Worldline as soon as possible.
Whatever the circumstances, also take the time to notify your bank and confirm in writing that the card has been blocked. You should also contact your bank if you don’t receive a new card in the post within a reasonable amount of time.
If you are a victim of phishing, change your password, uninstall any software (malware) that you have been asked to install and make sure the website (the identity of which has been copied) is notified. If possible, try to keep evidence of the fraud, such as emails and screenshots, etc. For advice and support, you can contact BEE SECURE Helpline. |
What are you liable for and what can you claim back in the event of bank card fraud?
You are liable for and must bear the cost of any unauthorised payments made before your bank card was blocked, up to EUR 50 per transaction. Any amounts above this threshold will be reimbursed by the bank.
The bank will however reimburse damages:
-
- if the loss, theft or fraudulent use of the card could not be detected before the payment was made;
- if the card was lost due to bank error.
Please note that you will be liable for all losses incurred if the unauthorised use of the bank card is due to fraud or gross negligence on your part: for example if you shared your PIN with or lent your card to someone, if you were slow to request the blocking of your card, or if you wrote down your security details on a piece of paper that was kept with your card.
Ultimately, no one is completely protected from being scammed, but you are now familiar with some good habits you can adopt to minimise the risk of bank card fraud. Stay alert and regularly monitor your online spending in your banking app. Ideally, card payment notifications should be activated on your smartphone. In the event of fraud, you can take swift action and block your card!