Common types of fraud

Card fraud occurs when your card or card details are stolen and used by someone else. Any unauthorized activity with lost, stolen, or misplaced cards is fraud.

Fraudulent individuals might steal the actual physical card or virtual card information. Then, they make purchases without your authorization.

Other names for card fraud include remote purchase fraud and card not present (CNP) fraud.

1. Issue single-use virtual cards (SUVs) instead of standard virtual cards. SUVs are more difficult to use fraudulently.
2. Block (cancel) lost or stolen cards immediately.
3. Only enter card details into text fields designed for card numbers and security codes.
4. Make sure your internet connection is secure before entering card details onto a website. If you're using public Wi-Fi, consider using a VPN. To be even safer, use the hotspot from your mobile device instead.

Fraudulent individuals pretend to be legitimate organizations, such as companies, non-profit associations, or governmental agencies. They contact you by email, phone, or text message to convince you to transfer funds or share sensitive personal information so they can steal your identity.

• Phishing: email
• Vishing: phone call
• Smishing: text message (SMS)

These emails, phone calls, and text messages can be quite convincing, even linking to fake websites that look identical to the real organization's website. All three are types of authorized push payment (APP) fraud.

1. Contact the organization through another established channel. If you received a phone call, for example, try emailing them instead.
2. Don't do anything urgently.
3. Evaluate the email, call, or text message closely. Check for typos or errors in the organization's name or email address.
4. Open a new browser tab and find the organization's website on your own instead of opening a provided link.

If you receive an email from your company's CEO, president, director, or another top-level executive that seems to require immediate and urgent attention, you might be experiencing CEO fraud.

Fraudulent individuals try to trick you into urgent action outside of the company's normal processes. The emails can be quite convincing.

CEO fraud is also known as business email compromise (BEC), and is a type of authorized push payment (APP) fraud.

Subject: Urgent financial matter (confidential)

Hi Alex,

There's been an urgent development and we need to pay an invoice immediately. I'm in a critical meeting and can't send this transaction myself. Could you please handle it right away?

(includes transfer details)

Let me know when it's done.

Thanks,
Jules
CEO, MyBrand

1. Contact the "sender" (the CEO or other executive) through another established channel. If you received an email, for example, try calling them or sending them a direct message on the company's messaging platform.
2. Even when a request comes from an executive, never skip established security measures.
3. Evaluate the email closely. Check for typos or errors in the executive's name or email address. Look at another email from the executive to see if the messages sound the same.

Fraudulent individuals send fake invoices to companies. They include their own banking details on the invoice, hoping the company pays without thinking twice.

These invoices often look authentic, complete with logos and other details that make them look real.

1. Always follow established processes to pay invoices.
2. If you're in charge of creating processes, make them rigorous.
3. Double-check supplier information on invoices, especially if the invoice feels out of place.
4. Build strong relationships with your suppliers. Contact them directly if an invoice wasn't expected or looks different.

When someone else tries to get access to your account, it's called account takeover fraud, often referred to as ATO.

Someone trying to trick you might pressure you into providing account or personal details. After they get into your account, they use it to send themselves money, steal additional personal details, and more.

1. Keep your account login information safe.
2. Use strong, unique passwords and passcodes every time.
3. Don't share account details over the phone. Remember, Swan might ask you to confirm your name and phone number, but nothing else.
4. Set up multi-factor authentication (MFA) or two-factor authentication (2FA) for your accounts. Turning on MFA and 2FA is like adding a second lock to your door. The key is often a one-time password texted to you or a code from a secure app. While MFA and 2FA add an extra step to logging in, they increase online safety significantly.
5. Only log into your payment account from secure networks. For example, use your phone's personal hotspot instead of free Wi-Fi at the train station or coffee shop.