Stores have been warned about a gang of fraudsters travelling across the UK exploiting vulnerabilities in card payment services to steal thousands of pounds using cloned cards.

Shops from Cornwall to Scotland have been targeted by three criminals since November. NFRN member Ferhan Ashiq, of Day-Today Ashiqs in Prestonpans, was targeted on 8 February, resulting in a loss of £400.

Explaining what happened, Ashiq said: “My staff member hit card payment on the EPoS. The two accomplices then distracted the staff member with inquiries about other goods. Meanwhile, the person with the keypad pressed cancel, then menu, then ‘mail order sale’. 

“This essentially allows the criminal to type in the transaction value and the card details. On the terminal it should come up with ‘card not presented’, but the pad can override this. 

Fraudsters tried to scam wholesaler’s customers

“It may ask for a signature, but as the criminal has already written the signature on the back, it will always match.”

The store’s card payment provider, First Data, later reversed the transaction when the account holder related to the cloned card complained, leaving the store out of pocket.

NFRN Scottish district executive Antonio Rea interrupted a similar attempt in his store on 3 February. 

When he denied the alleged fraudsters the ability to sign for the payment and warned that he was aware of the scam, the suspects walked out without the goods.

The same gang are suspected of targeting other stores including Constantine Bay Stores in Cornwall (£3,500 stolen); Greetham Village Shop in Rutland, East Midlands; an unnamed shop in Truro, Cornwall (£2,400 stolen); an unnamed shop in Melton Mowbray in Leicestershire; and B&N Mini Market in Gorebridge Midlothian. 

CCTV images seen by betterRetailing from several of the instances confirms the presence of the same suspects, though other gangs are also known to be operating the same scam.

Payment firm responsibility

Ashiq said that First Data and his card terminal provider, Paymentsense, were failing to take action to stop criminals from exploiting their processes. “These companies have a duty of care to protect their customers when they know these incidents are happening. They should be placing an optional block that would prevent criminals from exploiting their system.”

Challenged on the problems, Paymentsense complaints executive Nicolle Wilkes confirmed there had been “instances of complaints” from retailers in relation to card fraud and admitted that not all of its systems have the ability to remove or block the functions that criminals are exploiting. Wilkes advised those with concerns to contact the firm directly.

Advice

Anti-fraud group UK Finance has issued advice for store owners. This includes:

  • Look out for and be wary of distraction attempts during the card payment process
  • Be suspicious of bulk purchases of cigarettes, alcohol or other goods that can be sold on for cash easily
  • Check if the name on the card matches the gender of the buyer
  • Check whether the numbers on the card match those on the receipt
  • Look at whether the card has a UV element 
  • When conducting non-chip-and-pin card transactions, hold the card in your hand while the customer signs, then check the signatures
  • If the customer fails any of these checks, call your bank’s authorisation centre and ask for a ‘code 10 authorisation’ – the authorisation centre staff are trained to know this means there is suspicious activity and you may not be able to speak freely
  • If stores can safely retain the suspicious card, it should only be handled on the edges to retain any fingerprints

More on this topic: retail crime