Unnoticed Victims… “Subscribed” Card Fraud is Quietly Spreading

Smaller amounts each month, until you realize…

Credit card fraud is becoming more sophisticated with each passing year. While “phishing scams” that extract credit card information are at their height, there is a method that is growing in popularity without people’s knowledge. The scammers continue to withdraw small amounts of money every month, so to speak. This is a so-called “subscription-type” fraudulent charge, in which a small amount of money is deducted from the card every month. Even if you check your credit card history, you may inadvertently ignore the charges, as they are only a few thousand yen in amount. We will explain the latest trends in phishing scams as well as countermeasures that individuals can take.

Credit card fraud losses reached 30 surpassed ¥30 billion, reaching a record high.

Although it has not been much talked about, the Japan Credit Card Association announced in June this year that the total amount of damage from credit card fraud in 2021 amounted to 33 billion yen (rounded to the nearest 10 million yen; same below). The total amount of damage exceeded 30.9 billion yen in 2000, the worst ever recorded. The annual amount of damage began to increase in 2017, and remained in the 20 billion yen range until 2020, when it sharply increased to approximately 8 billion yen. Furthermore, in the January-Marchperiod of2022, the amount hasalreadyexceeded10billion yen, much higher than the same period of the previous year, and there is a possibility that it will surpass40billion yen in 2022.

The current mainstream of credit card damage is “number theft. This is the most common form of credit card fraud, accounting for a staggering 94% of the total. Theft of card numbers means that important card information, such as number, expiration date, and security code, is stolen, and the person whose information is stolen impersonates the cardholder and uses the card, which then charges the original cardholder for the stolen information.

Phishing fraud” to “bait and swindle” card users

Phishing” is the most common type of number theft. The most common type of phishing scam involves sending a fake e-mailclaiming to be from a credit card company,leading the recipient to afake websiteURLclaiming that there is a problem with the payment, and forcing the recipient to enter their credit card information at the fake website. In other words, the user is voluntarily leaking his or her credit card information, even if the number is stolen. Phishing means “to catch,” and phishing scams use fake e-mails and fake websites to “catch” cardholders.

If you are highly Internet literate, you can recognize the address and text of a fake e-mail and know that it is suspicious, but if you are not familiar with the Internet, you may be led to the fake site. Fake sites copy the screens of real sites, so even highly literate people can be fooled quite easily. In light of this situation, an increasing number of credit card companies are sending e-mail notifications of the amount of money spent on the card, saving the user the trouble of having to log in to the site.

Emails Alerting Customers to Scams Are Actually Phony

However, phishing scams are becoming more and more sophisticated, with an increasing number of phishing scammers sending fake e-mails from mail-order sites and smartphone payment providers, as well as short e-mails pretending to be from courier companies. Short e-mails disguised as “missed delivery notices” from couriers are likely to make anyone who knows what he or she is ordering touch the screen involuntarily.

Recently, I was also surprised by an e-mail pretending to be from “Ekinet,” a ticket service provided by JR East. The title of the e-mail was ” [Important] Notice of Ekinet account restriction” (other patterns of text are available), and since I usually use Suica, I was almost fooled into thinking that my information might have been leaked. I was almost fooled. I have the impression that they have hit a very good point.

In this kind of case XXX Please be aware of suspicious e-mails purporting to be from XXXX Card” or “To customers whose credit card information may have been leaked to a third party,” etc., which are intended to alert you to fraudulent activities, but are themselves fake e-mails. In some cases, e-mails that are disguised as the actual “Council of Anti-Phishing Japan” to warn against phishing scams are fake, which is extremely embarrassing.

The best defense is to check your bank statement.

The first thing that individuals can do to protect themselves from being scammed is to avoid opening suspicious e-mails. If you do open it,ignorethe URL of the fake site. If you are really concerned, we recommend that you log in again from the official website or application of the company that is supposed to be the sender of the email. Probably, at the stage when fake e-mails are circulating, there will be a notice on the top screen of the official site or app alerting you to the fact that you have received a fake e-mail.

The most important defense is to check your statement. If possible, please check your statement once a week, or even once every two weeks. These days, you can easily check your statements with an app on your smartphone, so it shouldn’t be too much of a hassle.

What is “subscriber-type” credit card fraud?

When checking, if there is anything that you are not sure about the use of the money, please check it thoroughly. In fact, a method in which fraudulent use of small amounts of money (a few thousand yen) is continually carried out is spreading. I callthis“subscription-type” card fraud.

A decade ago, credit card fraud was often associated with the purchase of expensive items such as brand-name goods and luxury wristwatches. In recent years, however, the amount of damage has been getting smaller and smaller, and cases of fraudulent use of credit cards, such as “subscription” charges for video and music distribution services, have become conspicuous, with the amount of damage per incident being less than 10,000 yen.

Hard to Detect “Subscription” Card Fraud

Although the small amounts may seem inefficient for fraudsters, there is a big advantage: they are harder to detect. Major credit card companies have AI ( Artificial Intelligence ) The major credit card companies have fraud prevention systems that use AI (artificial intelligence) to determine the user’s attributes and usage history, and immediately issue an alert if a suspicious payment is made. However, if the settlement amount is only a few thousand yen, it can slip through the monitoring net.

In addition, when users check their payment statements, they may be under the illusion that the payment is normal if it is only a few thousand yen. Many people subscribe to subscriber services, and even if this goes on for months, it is difficult to notice.

In some cases, the card company’s compensation is not covered.

Moreover, in the case of continuous unauthorized use, the card company may not be able to provide compensation. Normally, if a user contacts his/her credit card company when he/she becomes aware of unauthorized use, the full amount of the damage will be compensated up to 60 days before the date of contact with the card company, as long as there was no intentional or gross negligence on the part of the user. However, if the damage occurred six months prior to the date of contact, it is not covered in principle. For users, even small amounts are not something to be taken lightly.

Although we do not have clear statistical data on the small amount of damage caused by fraud, for example, Sumitomo Mitsui Card’s 2020 survey reported a case in which the total amount of damage was 980yen. In another case, the victim paid 500yen as a monthly fee for the site over a period offivemonths. These cases have been seen since the beginning of this year. If you find even the slightest irregularity on your statement, you should check what you have spent each time. For this reason, we would like to check our statements at least once a week.

Credit Master” scam that can be used even on cards that are not in use

Even if you can assure yourself that you have never fallen for a phishing scam, you should be careful. The “Credit Master” method of leaking card information has become more prominent. The technique involves randomly combining card numbers, expiration dates, and security codes to generate real credit card information. The technique itself has been known since the 1990s, but it is assumed that faster computer data processing has made it easier.

The scheme is to create fictitious numbers, expiration dates, and security codes based on the regularity of card numbers, and then to input the myriad combinations into shopping sites at random, as if it were a cyber-attack, in order to find out which cards are actually in existence. In this case, even a card that has never been used can be used fraudulently. In fact, there have been cases of fraudulent use of cards that the user has no recollection of ever having used.

The sites that are being “attacked” are also taking measures such as locking the originator if a certain number of times the card information that does not exist is entered, but there are also methods to avoid the lock by distributing the attack to multiple sites simultaneously, so this has not been a decisive factor.

Checking the credit card statement is also effective against credit masters. In other words, this is the only way for individuals to prevent this problem. Some credit card companies provide push notifications when you use your credit card, but we can expect to see fake push notifications sooner or later. Sooner or later, there will be fake push notifications.