Security

Counterfeit Card Fraud

• 03 Sep 2025

Counterfeit card fraud occurs when a criminal skims or copies the data held on the magnetic stripe of a legitimate credit or debit card and uses this data to create a fake plastic card, which contains the real cards details – this is known as a counterfeit card.

The card data is mostly compromised through skimming. Criminals use skimming devices to read and store data of the magnetic strip of a genuinely issued bank card. For a card to be skimmed, it needs to be pulled through, or inserted into a skimming device. Handheld skimming devices are small and can easily be concealed, these are normally used at the Tollgates as it is hard to normally see what the Tollgate attendant do with your card. ATM skimming devices are mounted onto the ATM itself and are quite difficult to spot as they are made to part of the ATM, they mostly slim and are inserted into the ATM Card slot, which makes it difficult to spot, as your card will not have any difficulties while inserted into the ATM slot. Compromised POS devices are also used to skim cards. A software program is manipulated to be used to transfer the compromised card data onto the counterfeit card. These are normally used at the Fuel Stations, Restaurants and Delivery services.

If a counterfeit card is to be used at an ATM, the correct PIN number will also be needed. PIN numbers are mostly stolen by shoulder surfing (a technique used to get information from over the victim’s shoulder).

Lost Card Fraud

Lost card fraud is a fraudulent transaction that occurs on a valid issued card after a cardholder has lost his/her card and is therefore no longer in possession of it. If the card is lost and the PIN is not compromised, criminals will often make use of TAP n Go facility under the floor limit in order to bypass the PIN requirement, however if the PIN is also compromised in the same process, the criminals can utilise the card however they want, as fast as they can before the legitimate bank client can report it to the bank.

Stolen Card Fraud

Criminals steal genuine bank cards together with correct PIN numbers. These cards are then used immediately at the nearest ATM to withdraw cash followed by purchases at stores until the account is empty or the card is stopped because the victim reported the theft. Stolen card fraud therefore refers to fraud that results from a fraudulent transaction that is performed on a validly issued card that was stolen from a legitimate owner or taken from the owner under duress, such as Hijacking.

CNP (Card Not Present) Fraud

The data necessary to perpetrate CNP fraud is compromised in various ways ranging from the physical theft of data off a genuine card (low tech) to large scale data breaches (high tech).

With regards to low tech CNP Fraud, criminals will memorise or write down the card number, expiry date and CVV2/CVC2 (three digits at the back of the bank card) without the knowledge of the bank client when card is handed over for payment, this normally occurs in the restaurant environment and garage stations. With this information, the criminal can transact fraudulently on the internet site that does not normally ask for OTP to be verified. Criminals also steal records at merchants where copies of the front and back of bank cards are kept or where such details are recorded on documents.

Criminals are also known to ask for card numbers, expiry dates and CVV/CVS numbers in phishing emails and vishing calls. Malware is further utilised to search for card related information and to send it to a destination under control of the criminal in cases of phishing.

Card Fraud Dos and Don’ts

Dos

Review your account statements on a regularly and query disputed transactions with your Bank immediately.
When doing online shopping, only use your card to make payments on secure websites.
Ensure that you get your own card back after every purchase at a merchant.
While transacting, always keep an eye on the ATM card slot to ensure that your card is not removed, skimmed, and replaced without your knowledge.
Report lost and stolen cards immediately.
Destroy your credit card receipts before discarding them.
Sign your card on the signature panel as soon as you receive it to prevent anyone else from taking ownership or trying to use it.
Your credit card is not transferable. Only the person whose name appears on the front of the card is authorised to use it. The same applies to debit cards, even though they don’t contain your name on the front of the card.
Always check transaction slips for the correct purchase amount before you sign them.
Keep your transaction slips and check them against your statement to spot any suspicious transactions so that you can query them immediately.
Subscribe to your bank’s SMS notification services as this will inform you of any transactional activity on your account.
Should your card be retained by an ATM, contact your bank and ensure that you block your card before leaving the ATM, as it may have been stacked in the card slot or you may have been interfered with.

Don’ts

Never write down your PIN or disclose it to anyone.
Never let the card out of your sight when making payments.
Do not send emails that quote your card number and expiry date.
Never write down your PIN or disclose it to anyone.
Protect your cards as if they were cash. Never let them out of your sight and ensure that you get them back after every purchase.
If you have a debit, cheque, and credit card, don’t use the same PIN for all of them as should you lose one, the others won’t be at risk of being compromised.

Important tips to avoid fraud if you are a Merchant:

Hold the card until the transaction is completed. Ensure that the card security features are present.
Compare the cardholder’s signature on the card to that on the sales voucher.
Phone for authorisation if requested to do so by the point-of-sale device.
Make an imprint of the card in the case of a manual transaction.

How to Report Fraud

If you are victim of fraud and would like to report the fraud incident, call our fraud contact centre on 0860 999 119.