You must beware! Your ATM’s CVV number can be used to defraud you

By Mohammed Dahiru Lawal

There is no doubt that ATM debit and credit cards are very convenient methods of financial transactions. These cards have eliminated the need to go to the bank branch every time to withdraw money. However, with this ease of transaction comes an increase in cases of card fraud and unauthorized transactions on bank customer accounts.

Each of these cards has a Card Verification Value (CVV) printed on the back or front of the card and with access to the cards CVV, full card number, customer name and date of issue. ‘expiration, fraudsters can easily wipe money from customers’ bank accounts using the details to conduct online transactions with other retailers.

Reported cases of this pattern have been on the rise in recent times, especially as we approach the season of bank fraud frenzy – Christmas and New Years.

Recently, a Kano-based housewife lost over two hundred thousand naira to fraudsters giving out her CVV and other card details. After disclosing her contact details, she was about to divulge her husband’s card details to fraudulent callers posing as bank officials when her husband returned home, saving the day.

“They told me they are coming from our bank and they need to upgrade my husband and I account but I need to provide them with our ATM card details so as soon as I gave the details of my card they asked for my husband, just when I was about to tell them my husband came back and was taken aback by the fact that I was holding his ATM card and talking to someone on the phone “, Hauwa Sulaiman, a 34-year-old housewife in the Gandu area of ​​Kano said “A kunnuwa Karkada ” a popular Hausa program on Rahama Radio 97.3fm Kano, Monday night.

“As soon as I grabbed the phone from her and tried to talk to the callers on the other end of the phone, they hung up and at that point we started seeing debit alerts on her phone one after the other. other up to NGN 240,000 ”, Mallam Sulaiman, Hauwa’s husband and a Kano-based businessman explained in more detail.

Such cases are rampant and have recently dominated the airwaves, particularly in Kano.

Understanding ATMs, Debit and Credit Cards

An automatic teller machine (ATM) card is a payment card or dedicated payment card issued by a financial institution that allows a customer to access their financial accounts through their ATMs and others and to perform approved retail transactions at point of sale . ATM cards are not credit or debit cards, tbut some ATMs the cards also function as debit cards, which can be used to make purchases online and at retail establishments. These cards have visible Visa, Mastercard, Discover or American Express logos, while debit cards, also known as check cards, do everything an ATM card does, but can also be used for purchases anywhere credit cards are accepted, including retail stores and online sites. The funds for these transactions are taken directly from your checking account. On the other hand, Credit card allows you to borrow from your credit card issuer. The funds do not come directly from your checking account. You will have a loan balance for any advance you take that you need to repay at a later date. Since this is a loan, there is an interest charge on your credit card.

What is CVV?

It’s a three-digit (most commonly) or a unique four-digit number (on American Express cards) printed on the card. This code is required to complete a transaction. Its purpose is to prove to the merchant that the customer has the card in his possession.

What is CVV number used for?

All financial institutions that issue credit or debit cards have developed a system in which each card has a unique CVV code. This code is required to carry out all monetary transactions made with the card. The CVV number is different from the PIN code which is like a password for performing card transactions. The CVV number is on the back of your card on the magnetic strip. It verifies that the card is physically available to the individual who uses it during the transaction.

CVV Protects you against Fraud, but …

Debit and credit cards are mainly used for online transactions or for other virtual payment gateways. These portals are not allowed to record information about the cardholder’s CVV number as this goes against the Payment Card Industry Data Security Standards. Therefore, even if the seller has all the other details of your card, they cannot access the CVV. This makes it impossible for anyone to misuse your card information. Thus, if there is a breach in the data security of the credit card company, the CVV is not stored in the databases. This makes it impossible to use your credit card for transactions without the CVV. However, this is the same system that scammers can use to clear your account balance, but how? They steal your information through the following techniques:

How your CVV, other card details can be stolen

There are about four major malware PC attacks designed to steal credit card details, including CVV. These are phishing, information thieves, keyloggers, and browser insertion malware.

Phishing is based on the use of social engineering to persuade users to visit a malicious website. This can be done through a disguised link in the email, a link to a similar but bogus website, or links embedded in an attachment. Once the user visits the spurious website, additional social engineering is used to persuade the victim to enter their card details, which are captured and sent to the criminal.

Keyloggers include malware of varying sophistication that can monitor triggers (such as accessing a banking site or large retailer) and then capturing keystrokes. All card details are recognized, recorded and sent to the criminal.

Infovolts are usually smash and grab raids. If a PC is infected, the malware scans the system and steals confidential data, including any payment details it can find. This can often be done in seconds. More persistent infostealers can also drop a keylogger for longer term activities.

Insertion malware into browser will infiltrate the victim’s browser. It usually focuses on one or two of the large national banks or large retailers. When it detects that the user is visiting one of these sites, it will overlay their own copy of the bank login form or retailer payment details form. The data entered in these identical but false forms is entered and sent to the criminal.

However, a very common technique used by fraudsters in Kano and most of Nigeria; is therefore Vishing who is the fraudulent practice make phone calls or leave voicemail messages believed to be from reputable companies (mainly bank agent allegations) in order to trick people into revealing personal information, such as bank details and credit card numbers .

But how do you stay safe?

Here is some tips for keeping this three / four digit key and other safe credit card details:

Do not share your number with people who call you. Never give your CVV number to someone who calls you, even if that person claims to work with your card provider. Credit card companies and banks will not call you to ask for this information. If anyone does, they are a con artist. To hang up.

Don’t fall for email phishing attempts. Never provide your ATM credit or debit card information, including your CVV code, to people who request it by email. Scammers often send phishing emails to victims asking them to verify their credit card information to avoid closing their accounts. Again, this is a scam. Banks will never contact you online to ask for this information.

Often times, these scam emails will ask you to click on a link. The page you land on will ask you to enter your personal or financial information. Once you do, a scammer will have your information and can start shopping on your behalf.

Do not send your credit or debit card information in an email. Sophisticated cybercriminals can scan your emails for credit card numbers. Never email your credit or debit card numbers or CVV codes to anyone.

For pc we need to use a good, up-to-date antivirus product. This will detect and block most malware. We need to be security aware, recognize and ignore phishing attempts. And we should keep our browser fully patched and / or consider using a more secure browser.

The researcher produced this article on information literacy as part of the Dubawa 2021 Kwame Kari Kari scholarship partnership with PR Nigeria facilitate the ethics of “truth” in journalism and improve media literacy in the country.