Based in Ghana

That's why there is nothing you can do - anyone can get valid credit card #s, address details, and verification info is seconds from IRC and various forums - you just have to be vigilant and suspicious of all transactions.

welcome to ww.

Anyone got any advice? Numbers I can call in the UK USA? How do you actually nail these people?

Nothing you can do. Period.

UK cops won't help you even if he was based in the UK! They won't get involved even if you've accumulated all the necessary evidence. They will send you a Victim Support leaflet though. It says "Sorry you've been a victim of crime. These are the numbers you can call.... Counselling services 0845 000000.....blah, blah, blah"

On your way back home from the counselling services make sure you don't do 35 mph in a 30 mph zone.

Yeah very funny 30mph! I once went to a station to report a card fraud only to receive a tax disc summons for £75, I made the error of parking outside the station. I was two days out...

Here are my notes on one such attempted fraud we had in June 2003:

I did speak to our local police station. There were more urgent crimes. But they suggested I come down to the station and fill out a detailed statement. In the interest of helping the police I would be always happy to do this. However, it did not appear that they'd actually do anything with that statement. Predictably, they were short of resources and there were murders and violent crime that would get priority. I understood. Also, this was a fraud type crime and not something they were the best people to handle. So why bother trekking down to the station?

I then did some searches on the net for police related "crime" and "fraud" departments. I found the National Crime Squad: http:// ... nationalcrimesquad.police.uk/

After several calls to them I was advised I needed to speak to the National "Hi-Tech" Crime Unit, see [nationalcrimesquad.police.uk...] Incidentally, this page suggested the NHTCU is one of those things that is announced with a great deal of fanfare and then slowly dies. While the media interest was high the page was updated. It had four update in April 2001 and ....nothing since then.

The NCS didn't seem too concerned that the site hadn't been updated in the last three years and that it gave the impression that the National Hi-Tech Crime Unit wasn't active anymore. Hey, that's not our department!

So we've got to get information on the National Hi-Tech Crime Unit, and a contact phone number. The National Crime Squad site has several pages discussing the National Hi-Tech Crime Unit, but trying getting a URL for the National Hi-Tech Crime Unit off the NCS site! I finally found [nhtcu.org...] and called them. After several phone calls, being put through from one person to another person to another person, and several hours of wasted time later, I discover that neither the NCS nor the NHTCU were responsible for this type of crime in our county (devolution gone mad?). The National Hi-Tech Crime Unit deals only with "computer crime" and as our cases didn't involve any hacking they didn't qualify as computer crime!

I needed to find another acronym for an organisation that handled frauds/scams in our county.

So I make a few more phone calls, speak to one or two people who did try their best to help with the limited information they had, and a lot of people who didn't. I finally spoke to a very helpful Detective Inspector, who suggested that my best bet was to report this to my local police station!

Trying to get the police to do anything was more difficult than getting a 419 fraudster to part with money.

Honestly, you would be wasting your time to follow up on this. The police will not do anything. The puchases were probably made from Internet cafes so your ips aren't any use.

We made a report to the London Metropolitan Police once concerning a credit card fraud ring which made 15 purchases over a 3 day period for the same item. They were to different shipping addresses in the UK as well. We only became suspicious because all their e-mail accounts were from mail.com usa.com or europe.com. We thought this was highly organized and that is why we reported, but we got no response from the police.

Another time, a fraudster from Malaysia used his true e-mail address to make a purchase. We were able to identify his old high school in Malaysia and made a complaint to the headmaster. He got very scared and offer to repay some of the money. He also threatened to sue us for causing him pschological harm. But since we have claimed insurance already, we didn't make a response and so let him sweat.

As long as these people aren't prosecuted, fraud is going to continue to get worse.

Bundle up as much as you can with a short covering letter stating that you are prepared to give a statement if necessary. Give it to your local station and just leave it. Often they will check the addresses, names etc and if they are already on record your evidence will simply go into the file. If enough companies complain about the same address, often these people are involved in other crimes. The police will be able to see how their crimes are being funded. Only with a lot of evidence will they prosecute - credit card fraud is either major (in millions) or an add-on to another crime. It is easier for the police to 'nail' someone who has committed a different crime (such as over 30mph).

P.S. Don't waste your time trying to 'nail' the guy. Spend the time stopping the fraud happening in the first place.

I used to report fraud to the issuing credit card companies, but after a while I stopped. Their attitude was like I was bothering them instead of doing them a favor. They don't care because the banks never get screwed on fraud. 99.9% of the time the merchant gets screwed and the bank makes extra fees, and 0.1% of the time the consumer gets screwed.

The bank wins either way.

MQ

I think I disagree. I have seen MasterCard, Visa, Amex, JCB, and Discover taking steps towards protecting the merchant.

Look at it like this: The banks rely on the payment networks (Visa/MC/Amex/Disc/JCB), and answer to only them.

The payment networks rely on one thing to make money: the cardholder.

The cardholder can't spend money unless he has place to do this. The online merchant is the key to the payment networks money flow. Better merchants that are processing more transactions securely results in more money for the payment networks.

Morocco, your argument does not make sense.

The point other posters are making is that the banks don't care. Do you know of a bank that does? Have you ever reported a fraud and seen them taking action on it? For crying out loud Bar**ays Bank even had a scheme where they paid you £50 if you prevented a fraud by being vigilant. On three occasions I fulfilled all the requirements of the scheme but I never got any money from them. My experience has been that they don't give a toss.

>> I have seen MasterCard, Visa, Amex, JCB, and Discover taking steps towards protecting the merchant.

Yes, but you can't report a potential fraud to them, can you? You report it to the bank. If you spotted the attempted fraud and did not ship the goods the banks don't see where the problem is.

We thought this was highly organized and that is why we reported, but we got no response from the police.

This is beyond a joke. Can't anyone hold them responsible? They are the crimefighters whose salaries we pay. Surely they have a duty to fight ALL crime. Where evidence is sufficient for CPS to prosecute surely the police have an obligation to investigate this. Does anyone know of a bye-law somewhere that'll allow me - in cases like this - to make a citizen's arrest of a Chief Constable for dereliction of duty?

>> I have seen MasterCard, Visa, Amex, JCB, and Discover taking steps towards protecting the merchant.

I haven't. They are taking steps to protect the consumer. Why? To build trust. If more than 50% of Mastercard orders were fraudulent because they didn't take MC, would you continue to process MC? I think you would not. And many others would follow. And this would lead to what? Customers applying for Visa/AMEX etc... MC would lose many customers.

Reporting fraud does not do anything. The police are often too busy to deal with what they would class as a minor issue in most situations, unfortunately.

I have seen MasterCard, Visa, Amex, JCB, and Discover taking steps towards protecting the consumer.

I wonder why the police are not taking online frauds seriously. It is also a form of identity theft, which I think is a very seriou crime. Those fraudsters are basically pretending to be the cardholder and using his or her personal information to cheat different people over and over again. That for me is identity theft!

I wonder how they treat cases of identity theft.

I had my identity stolen. It took me 9 months to resolve and the three different law enforcement agencies helped me not one bit. It's so widespread a crime that nobody can deal with it.

Wow! so many replies...

Why dont we start an online policing organisation or something and channel all credit card fraud and crime through one entity. As soon as we have a few thousand people on our books we approach master card / visa and threaten to take legal action unless they do something or start to take this sort of crime seriously.

As someone said, MC/Visa make money either way... its the merchant who pays at the end of the day! Now thats not right... They are lining their pockets... Thats not win-win for us is it!

brendan

> As soon as we have a few thousand people on our books

Unfortunately, this is probably against the Data Protection Act in the UK. And possibly against Human Rights laws in the EU.

I had my identity stolen. It took me 9 months to resolve and the three different law enforcement agencies helped me not one bit. It's so widespread a crime that nobody can deal with it.

The Fair and Accurate Credit Transactions Act of 2003 made identity theft MUCH less painful for the individuals affected. My understanding is that lenders MUST now accept a police report attesting to identity theft as "definitive proof" and cease all CRA reporting, collection efforts, etc.

As both a merchant and an ex-cop I feel everyone's pain.

At least in the US, local police simply don't have the tools and staying-power for this kind of crime. A customer writing you a bad check is much easier to wrap up: you, the check, the bank, and (almost always) the check-writer are local and locatable. Online credit card fraud investigations (even a "simple" one) would take quite a bit of manpower.

With credit card fraud, nearly everyone is somewhere else, well out of the officer's jurisdiction (even determining jurisdiction can be fun: a fraudster using a PC in Michigan uses a New York man's credit card to place an order on your server in Indiana for shipment to Arizona from your business in Kentucky).

I don't think the (US) Federal government is very efficient at much of anything, so it pains me to say this: the only viable partial-solution is for Federal investigative agency (or a Federally-hosted state-manned task force). There are just too many jurisdictional issues (in the US) otherwise.

The start could be something fairly minor, but useful (methinks). For example, a database where we, the merchants, use a secure Web site to enter the credit card number and sparse order details for fraudulent transactions. Automation then analyzes these each day to find individual credit cards and/or destination ship-to addresses that are appearing multiple times. The aggregates are then used as a priority list for actual human investigation and possibly for some sort of advanced warning to merchant networks.

Investigative time can't realistically be given to a single incidence of low-value (in relative terms) fraud, but pooling near-real-time experiences all across the country could identify what seem to be isolated cases as more organized or widespread.