Online and mail order card crime in Scotland has jumped by more than double the rest of the UK, it has emerged.
The public is being urged to heed basic security advice
The rise of chip and pin technology has seen "card-not-present" fraud rise 64% in the first six months of 2005. The UK increase was only 29%.
The Association for Payment Clearing Services (Apacs) said that while 53% of people in Scotland shopped online, few were aware of the basic pitfalls.
Other areas of card fraud saw a major reduction over the same period.
Detective Chief Inspector Derek Robertson, of Strathclyde Police's fraud squad, said: "Chip and pin cards have helped to reduce fraud dramatically, however the fraudster has now migrated to the card-not-present fraud."
25% have inputted their personal financial details but not checked the website's security standards
21% have left their computer unsupervised for a time and then come back to continue shopping
15% have not logged out at the end of a transaction
42% admit to letting their credit/debit card out of their sight when paying for a meal or running a tab at a bar
37% are not aware of online fraud scams such as 'phishing'
Phil Worms, of Glasgow-based internet service provider Iomart, said "phishing" for information was a major problem.
He said: "The real issue is where people have gone in via links or via e-mails to sites which they believe are genuine, but are actually not."
Apacs has urged people to be more vigilant about keeping account details safe, as the majority of internet fraud involved criminals who obtained card details through other means and then used them to shop online.
They also said online shoppers should make sure a website was secure before entering their card details by looking for a locked padlock or unbroken key symbols at the bottom of their screen.
Chip and pin cards have cut other areas of fraud
Apacs spokesman Mark Bowerman said: "The figures are showing that fraud on the internet, fraud on telephone and mail order transactions has gone up form £2.2m to £3.6m in the first six months of the year in Scotland, so there's obviously quite a few people that need to make sure they are taking these precautions."
Overall, UK plastic card fraud totalled £219.4m during the six months to the end of June, down from £252.6m during the same period in the previous year.
Counterfeit card fraud fell by 31%, fraud on lost or stolen cards dropped by 27%, losses on cards that went missing in the mail was 37% lower, identity theft on payment cards was down by 16%, with card-no-present the only area showing an increase.
Here are some of your experiences of fraud.
With regard to online purchases, wouldn't it be possible to have another line of defence against the fraudsters if every time a person makes a purchase online, even if their personal information is already known to the seller, a link will be made to the credit card issuer and the purchaser will need to type out his pin number before the purchase is authorised by the card issuer?
K C Tay, UK
I had a debit card stolen from my wallet. I very rarely used it but someone managed to make five cash withdrawals in a short space of time. I imagined the bank would spot this untypical behaviour and stop the card but they told me subsequently they had no real-time visibility of what was going on. I also found they increased the daily cash limit about what my bank manager even thought had been applied. The police detained the thief very quickly with the cash and my wallet but my bank refused to co-operate and the police had to let him go. The bank also told me I would be refunded the cash but later refused. Over a year later and several court appearances I got my money back. Don't count on your bank helping you when you are a victim of fraud!!!
I think that 'Chip and pin' is all very well when people are trained to use it. To date the only place I have seen it used correctly is Asda. All the other shops etc I go in (and my husband will tell you, that is many!), still take the card from you and run it through a machine, then you input your pin on a handheld device. As far as I am aware, the point of this system is that you never give your card to anyone else, even for a short period of time thereby preventing cloning?
I lost my driving licence in a stolen wallet and about 8 months later I got bills for several hundred pounds for mobile phones I didn't have from one2one and BTCellnet. It took months to get these sorted out, an unbelievable amount of hassle and I it affected my credit record until I demanded that one of the companies remove a 'note' they had put on the record. I am convinced it was the old paper driving licence that enabled the thief to obtain the phones. Interesting that the phone sellers don't double check the applicant, for instance by sending a letter to the address on the licence. Another company (it may have been Orange) did exactly this and I think limited the use of the phone to about £20 until I got back to say it was a fraud. We need regulations to ensure that all mobile phone sellers do this. nobody needs a mobile phone in that much of a hurry, and if they do then a pre pay bill system would ensure that fraud was kept down to say £10 or £15. I was put through mon! this of hassle was turned down for a mortgage (and missed the house I was going to bid on), just because a reseller was too lazy to properly check ID. Also surely given that the driving licence had been cancelled surely DVLA could have confirmed its stolen status. Most importantly the police weren't interested because the fraud wasn't against me, but against the phone company and they didn't involve the police!! I hope things have changed.
A cheque book went astray in the post and I only discovered it was missing when I asked the bank for one. I asked at the time that the bank stopped the cheques in the missing book. They stated none had been used, but when I got my next statement, I found the first cheque in the book had been cashed for £900. How could such a large amount have been cashed with the wrong signature and no card to back up the sale? The bank seemed unsure how to cancel books and no two members of staff seemed to know what I had to do to file a fraud claim. It took ages to sort out, and yes the money was refunded, but i felt the bank did nothing to prevent such fraud and were responsible for it happening. I wish cheque books and cards were posted by recorded delivery and had to be signed for when posted. I really would like to know how anyone could cash a cheque for such a large amount without a cheque card. Surely it should have triggered alarm bells ringing somewhere.
We are a pair of wrinklies. We find it's absolutely essential to check all our accounts online on a daily basis, including our credit card accounts. And as has already been said, we always look for the "locked padlock" if buying something online. Online purchasing using a credit card is extremely helpful for those of us with less mobility. However, vigilance is crucial. We also purchased a small shredder and we shred everything with our name and address on it, especially bank statements and the like. We are also very aware of the dangers of 'phishing'!
Margaret Stoll, Rochford, Essex
Our problems started when my husband sent his driver's licence to the police so as to obtain a reference for the country to which we were emigrating. The driver's licence was "lost in the post" on its return. In the chaos of selling house etc we also failed to notice that one month we did not receive a telephone bill or an electricity bill, esp. since they were paid by direct debit. The first thing we noticed was a postal redirect for our mail. We stopped that, and then we received a number of credit card applications - one supported by our missing documents. To our knowledge we stopped all attempts to gain credit - and that was our second problem. The police were not interested since no-one had got away with anything and even if they had it was up to the card company to complain not us. To us, it seemed that a golden opportunity to catch whoever was intercepting our post (which was delivered to a sealed, personal letterbox). Were we targeted because we were moving on the assumption that we had already left and would not therefore check our mail? Very frustrating. Identity theft itself, whether you get away with stealing goods or not, should be a criminal act.
Christine Hawkes, Switzerland
My replacement debit card was intercepted in the post. Despite the fact that my debit card was only ever used for cash withdrawals via the PIN, no alarm bells rang at all when it was used to sign for an £800 purchase in Argos. Luckily I bank online and I spotted this before any more could be taken, but I still found the bank's attitude somewhat lackadaisical when I reported it. This sort of fraud could be so easily prevented just by "activating" the card when it is received, but obviously the costs involved aren't economically justified, although morally the banks should take a more active stance on this, particularly as such fraud is usually linked to organised crime.
A few months back a credit card, which I had not used for some time, suddenly had a massive debit of nearly £5000. Luckily the card company had no problems refunding the amount onto the new card and it was sorted out in a matter of days. I doubt this was online fraud, as I only deal with companies that use a secure payment system and my PC's are secured by anti-virus and firewall software, so I can only assume it was an old receipt that I had thrown away which had the full number and expiry date on it. These days I always ensure that receipts that have the full card number are kept safely or destroyed completely.
Derek Little, Livingston
It's simple, if the financial services (banks etc) will allow you, get a card limited to £500 pounds only. Specifically for use on the internet. An internet only card. If it is cloned its limited to £500 and if attempts are made to use it anywhere else - then it would not be accepted. Anything over £500 would automatically trigger the security questions. There you go - a copyrighted idea of course!
Anton S, Chichester, UK
ISP's and web hosting companies are to blame for lots of the phishing scams because they do not prevent people signing up for accounts which include the names of banks and credit card companies. They normally do this to make their fake site look legitimate. Web hosting companies need to do more to stop this type of obvious illegal activity. I am managing director of a web hosting company and we block any orders for services for fake bank web addresses.
Gordon Hudson, Livingston
A few years ago, when on holiday in the Isle of Man, I used my credit card in a restaurant. It was the only time I used it. A few weeks later I received my bill and found that someone from Ireland had used my card numbers to buy a motorbike from a dealer in Scotland for £4,000! My numbers had obviously been copied but I am still amazed how anyone could do such a large transaction over the telephone without having to go through any security checks, mother's maiden name, etc. I got a full refund but never received an explanation from the card issuer how it could happen. I also recently bought a car with my debit card and no security checks were asked either, the card simply went through. I find it worrying that considerable sums can go through electronic machines with no questions asked. Needless to say I never let my debit or credit card out of sight when using them nowadays.
Frank Duns, Penicuik, Scotland