What’s new in Credit Card Security in 2007

According to Visa Incorporated in December of 2006, consumers with credit cards faced new security threats. In an attempt to educate consumers, scenarios were offered to forewarn consumers in the event that they find themselves confronted with new identity theft schemes. These fraudulent targeting attacks have proliferated through more sophisticated use of technology.

Most cardholders are familiar with phishing attacks through the use of e-mail. These attacks occur in the form of a letter, which resembles a transmission from a legitimate business, usually a financial institution, urgently encouraging the receiver to respond in order to update personal information. Response by the recipient redirects the recipient to a replicated page resembling that of the business/financial institution. If personal information is transmitted, including credit card information, identity information is handed directly to criminals, rather than to the business/financial institution, because the letter originated from a source other than the business/financial institution.

The new variation on the standard phishing attack involves denial of service attacks (DDoS). Phishing e-mails are sent to consumers, apologizing for an unexpected network outage. The e-mails include a “link” to the business/financial institution involved. Simultaneously, as the phishing e-mails are sent, the phisher subjects the actual business/financial institution to a denial of service attack in an attempt to make the e-mail appear legitimate. Advice to cardholders is to not respond to any kind of phishing e-mails received, including DDoS, since the basic phishing scenario remains the same.

The other kind of identity theft scheme reported involves the use of phones and/or voice over Internet protocol (VoIP). This scheme is referred to as “vishing” (voice phishing). By using VoIP, it is possible to replicate Caller ID, making an incoming vishing call appear like a genuine call. After the phone call is answered by a live person, by using information already known, the criminal attempts to persuasively and fraudulently obtain personal identity information, including pin numbers and Cardholder Verification numbers. Cardholders are advised not to divulge any personal information to any incoming calls, and to report such activity to the business purported to be represented, the phone service used and to local authorities.

By following the guidelines offered, and applying common sense in all financial and credit card matters, consumers can protect identity information from theft. Visa offers warnings to consumers as soon as information is available.