Letztes Update: 28. September 2023
A reader of Finanzdepot contacted me one morning in desperation: She had been scammed by a Swiss fintech. She attached the WhatsApp chat history to her email. It then turned out that she was not defrauded by the Swiss fintech, which was used as a middleman, but gave criminals her credit card details.
Credit card fraud – the scam
But one after the other. Let’s call the reader Sarah. Sarah advertised a piece of furniture on a classifieds platform. An interested buyer gets in touch via WhatsApp and asks a few questions about the piece of furniture. Sarah answers broadly and in turn asks if she should reserve the closet.
This is affirmed by the perpetrator, but at the same time the tear gland is pressed, because the buyer is unfortunately prevented.
However, the buyer could order a courier from the post office. The latter picked up the piece of furniture. Sarah inquires if the buyer doesn’t want to wait until her husband returns to save on courier costs and to be able to check the condition of the furniture in person. Of course, the perpetrator rejects this.
Instead, she could book a courier for tomorrow. The cost of delivery and the cabinet, of course, the buyer. Sarah would only have to click on a link to confirm the order.
The perpetrator sends her the link to a fake postal website. Sarah finds the whole thing a bit strange here for the first time. She makes the buyer aware that the piece of furniture is large and the link sent to her is only for packages. The perpetrator then calms her down. The courier would come with a large van, she had already shipped a sofa that way.
Credit card fraud – the fake post office website
Sarah calls up the link to confirm delivery and has to enter her credit card details on this (fake) website. The perpetrator then reports back that technical support has written to her that she needs to enter another credit card because the original card is blocked for payments on the Internet. Sarah does this and also immediately receives further instructions from the perpetrator.
In order for the cost of the delivery and the amount for the piece of furniture to be credited to her card, Sarah would have to confirm the push message in the banking app. In addition, Sarah would have to provide the technical support with the code received via SMS.
The whole thing didn’t work at first, so the perpetrator asks Sarah to try again, not to leave the website and wait for the SMS code.
Five minutes later, Sarah notices that her credit card has been charged CHF 390. And this is where the Swiss fintech comes in: the perpetrators used Sarah’s credit card data to buy cryptocurrencies via the fintech.
Credit card fraud – anyone and everyone can get it
Sarah describes herself as a very cautious person, she watches consumer shows regularly and would never have believed that something like this could happen to her as well.
Sarah blocked the card with the credit card issuer and had a new one sent to her. The fintech refunded her the CHF 390. Fortunately, thanks to Sarah’s quick action, she was able to prevent further damage.
I asked Sarah if I could publish her case on the blog so that as many people as possible know about the nasty scam and can react accordingly.
Tokenized Fraud: This is how the perpetrators operate
The perpetrators grab credit card data via a deceptively real-looking website.
They then virtualize the credit card by setting up mobile payments on a perpetual smartphone using Apple Pay, Samsung Pay or Google Pay, etc. To do this, they ask victims to confirm push notifications in their banking apps and provide the perpetrators with the SMS codes they receive from the bank. Once they have set up the credit card to the perpetrators’ smartphone, they can make transactions at the victim’s expense without two-factor authentication.
What you can do against card misuse
- Inform your financial institution or card issuer immediately if you suspect misuse and have the card blocked. In some app you can do the blocking independently.
- Whenever possible, enable push notifications so that you are notified of credit card transactions immediately.
- Save the phone number to block the card(s) in your smartphone.
- If there are already unauthorized transactions, file a report with the police.
- Monitor your account and credit card statements regularly and report any unauthorized transactions immediately. For most providers, the monthly bill is considered approved after 30 days from the date of issue.
- Use secure connections when shopping online and check for the lock icon in the address bar before each transaction
- Use only well-known and trusted websites when shopping online
- Never share your card information or passwords with third parties
- Never transfer money to a person or organization before making sure it is a trusted source.
As a cardholder, you are responsible for your card and its use. If you have breached your duty of care, you will be liable yourself in most cases.
For more information on credit card fraud in Switzerland, visit www.cybercrimepolice.ch, a commitment of the Zurich Cantonal Police. Or at www.card-security.ch, a campaign by the Zurich City Police, Prevention Department.
Transparency and disclaimer
I was not paid by anyone for this blog post, it reflects my subjective opinion.
If you open accounts or business relationships, order products or services through my links and codes, I may receive a commission for doing so. However, you will not suffer any disadvantages such as higher prices or the like. The terms and conditions of the respective providers apply. Affiliate links are marked with a *.
Investments are associated with risks which, in the worst case, can lead to the loss of the capital invested.
All publications, i.e. reports, presentations, notices as well as contributions to blogs on this website (“Publications”) are for information purposes only and do not constitute a trading recommendation with regard to the purchase or sale of securities. The publications merely reflect my opinion. Despite careful research, I do not guarantee the accuracy, completeness and timeliness of the information contained in the publications.