| Is it still safe to pay for petrol with your credit or debit card? |
 |
 |
 |
|
With service stations accounting for 40 per cent of point-of-sale fraud, we explain how to guard against dishonest staff . Consumers should be on their guard when paying for goods and services in petrol stations, hotels and restaurants, as fraud “inside jobs” are increasing in the recession. From skimming devices on chip-and-PIN terminals to cameras filming people entering their PINs, there are many ways that corrupt staff can defraud customers paying for goods. Sandra Quinn, of the UK Payments Administration, says: “Fraud at UK retailers increased by 35 per cent last year, with transactions worth £98.5 million. There are ways to protect yourself, but many victims will not notice anything different about a compromised chip-and-PIN terminal, so it can be very difficult to avoid.” Last year 218 retailers were compromised by fraudulent staff — 89 were petrol stations; the rest were at supermarkets, DIY outlets, other shops and restaurants. Because hundreds of people may have been affected in each case, the number of individual victims is likely to be much higher. Ray Kelly, 53, spotted a fraudulent transaction on his Barclaycard statement last year. The statement showed that someone had spent £125 at a Tesco store in East London a few days before Christmas. Mr Kelly, who lives in West Molesey, Surrey, suspects that his card was cloned while paying in a shop because he has never used his credit card at a cash machine. Like many fraud victims, Mr Kelly had to battle with Barclaycard to get his money. Despite his statement showing London E13, Barclaycard insisted that the transaction actually took place at his local store, 25 miles away in West Molesley. Mr Kelly says: “Barclaycard said that the card must have been used by me or someone who knew my PIN, so the change of location was very convenient.” Barclaycard says that Mr Kelly’s bill showed E13 because of an “isolated data error” made by the company that processes Tesco’s card transactions. However, six months after the transaction took place, Barclaycard refunded his money — but only because it had discovered that the transaction was authorised with a signature, not a PIN. “I thought the whole point of chip-and-PIN was to avoid someone forging my signature,” Mr Kelly says. Retail staff skimming customers’ credit or debit cards is a growing problem. Skimming allows fraudsters to steal the details on the magnetic strip to make fake cards for use in countries that have yet to upgrade to chip-and-PIN. If a secret camera is also used, fraudsters can obtain the PIN and use the cards to withdraw cash abroad. Such cards can also be used at UK retailers when only a signature is required to authorise a transaction. Carl Clump, of Retail Decisions, a fraud prevention service, says: “Staff skim cards by attaching a device to the chip-and-PIN terminal. People who use petrol stations at night, when customers hand over their card through a window, are particularly vulnerable.” Consumers should also be wary if a shop claims that its chip-and-PIN terminal is not working and tries to swipe your card and ask you to verify the transaction by signature instead. The machine that staff use to swipe your card could be a skimming device. Mr Clump adds: “People should never let cards out of their sight. This includes when you are asked to leave your card behind a bar or when restaurant staff take the card away when you pay. Staff at petrol stations and restaurants are generally not well paid and often move on after a few months. If they are approached by a fraudster offering a cut of the fraudulent transactions, it may be too tempting to resist.” Free-standing cash machines inside petrol stations and newsagents are also vulnerable because it is easy for staff to corrupt the machine by attaching devices when the store is closed. The UK Payments Administration says that the vast majority of retail fraud is perpetrated by highly organised criminal gangs, whether they infiltrate individual stores or collude with shopkeepers. Jackie Barwell, of First Data, a payment processor, says: “Fraudsters are very clever and are constantly finding new ways to target victims. Most cases involving shops are an inside job, but shops can also be broken into by fraudsters. They make it look like a normal burglary but they attach skimming devices to the point-of-sale terminals without the shop staff realising. There have also been cases where retail staff have been conned or even threatened by fraudsters.” Another sign to look out for is when a transaction is debited from your account several weeks after payment was made. Henry Leadbetter was a victim of fraud at a Shell petrol station in Hayle, Cornwall, last year. After paying with his NatWest debit card, the money was not debited from his account until a month later. Shell then debited the same amount again a few weeks later. Mr Leadbetter, who lives in Oldham, Lancashire, says: “After much messing around, Shell eventually repaid the money. But more worryingly, it was unable to offer me any explanation of how they drew money from my bank account the second time without my permission and how they obtained my PIN to do so.” Fraud victims often become very frustrated with banks and retailers because no explanation is given for how fraudsters obtained the victims’ details. For example, Barclaycard refused to tell Mr Kelly how the £125 came to be spent in Tesco. Barclaycard told Times Money: “We accept that Mr Kelly was not involved in this transaction, although we do know that the original chip was read, but there is nothing to suggest that the chip was cloned.” However, neither Barclaycard nor Tesco could explain why the retailer asked for a signature, rather than a PIN to authorise the transaction. Ross Anderson, of the University of Cambridge computer laboratory, says: “The banks continue to claim that their systems are infallible and that the chip element of a card cannot be cloned. That is simply not true. The average bank no longer understands how its systems work at any real level of detail. All they say is, ‘We are right — trust us’.” Cathy Neal, of Which?, the consumer organisation, points out that there are several options for people who are concerned about paying with their credit or debit card.“Obviously you could simply pay with cash,” she says. “If you are concerned about carrying large amounts of cash, consider a pre-paid card (one with no or few fees) or a basic bank account without credit facilities such as authorised or unauthorised overdrafts. That way, if your card is compromised, the amount that fraudsters can spend is limited.” He says: “The fraudulent transactions took me into an unauthorised overdraft, but the bank took four months to send me a fraud declaration form and a further three months to refund the money. The whole experience was a nightmare.”
|