Credit card hijacking
Encyclopedia
Credit card hijacking is a form of credit card fraud
and the term is used when a person’s credit card
is used by some unauthorized person (e.g. a thief or overaggressive vendor) to buy goods or services. The credit card owner usually has trouble reasserting control over the card, because usually they don't find out immediately, and the owner must distinguish legitimate purchases from illegitimate in a credible manner.
, which is the deliberate assumption of another person's identity
. Identity theft is usually the result of serious breaches of privacy
and often involves the victim compromising a great deal of financial
and personal information allowing the thief to charge an existing credit card account or open up new credit card accounts in the name of the victim. Traditionally, methods of identity theft for credit card hijacking have involved mail interception or skimming of credit card data. As online transaction volumes increase, new methods for hijacking identities for credit card fraud include phishing
and the use of spyware
and botnet
s.
, credit monitoring services and online dating services, is perfectly legal, and is still common today in a wide range of subscription based goods and services. Credit card hijacking of this type came about as online subscription based marketers realized that traditional subscription systems, such as the annual subscriptions that paper magazines use, were an impediment to enrolling customers. A typical dial-up ISP, at US$24.95 per month, is US$299.40 annually. By breaking the subscription period into small units like months or quarters, and allowing direct monthly charging of the subscriber’s credit card, the psychological and economic barriers potential subscribers see are greatly reduced.
The issue which makes one subscription system a hijacking of the credit card is not the mode of entry into the subscription nor the billing interval, but the marketing organization creating barriers for the user to easily cancel the subscription. Organizations which use credit card hijacking as part of their marketing strategy make online registration for the subscription easy, enforce default automatic renewal policies, and create barriers to halting the subscription. (This is in contrast to traditional subscription based system such as paper magazines where the subscriber has to periodically proactively reauthorize the subscription, hence the default is to not renew.) The most common subscription exit barrier is to not provide any online subscription cancellation mechanism at all, but to instead require the user to cancel by telephone or by "on-line chats". Such organizations often add the additional barrier of making any subscription cancellation information difficult for the user to even find, thus creating an additional delay in the subscription cancellation. This is very common amongst ISP’s, who know the psychological barrier to making the call, which the subscriber anticipates will be unpleasant, is very high. It also allows the marketing organization to talk the subscriber into changing their minds and not cancelling the subscription. Another common subscription cancellation barrier is to have a relatively long subscription period, a no refund policy, and to require the user upon cancellation to forfeit all money covering the present subscription period. This is very common amongst online dating services.
This second form of credit card hijacking was created by marketers who recognized that subscription based services generally have relatively low periodic billing amounts which will generally go unnoticed on any given credit card statement. So what happens is that long after the user loses interest in the subscription, they forget to cancel the subscription and because the periodic billing is so low, they don’t tend to notice it on their credit card statement.
A simple solution to this problem is to phone the credit card company, request a new card with a different account number, and cancel the previous account. They will transfer the debt amount from the old account to the new account.
is the practice of sending goods automatically and billing the recipient unless the recipient is proactive in declining the goods before they are sent. Negative option billing reverses the usual direction of sales transactions. It assumes that unless you say 'no', you've agreed to have bought the goods. This is the common practice used in book clubs, record clubs, and magazine subscriptions with automatic renewal. Some practitioners of negative option billing prefer to call it "advance consent marketing".
Credit card fraud
Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also...
and the term is used when a person’s credit card
Credit card
A credit card is a small plastic card issued to users as a system of payment. It allows its holder to buy goods and services based on the holder's promise to pay for these goods and services...
is used by some unauthorized person (e.g. a thief or overaggressive vendor) to buy goods or services. The credit card owner usually has trouble reasserting control over the card, because usually they don't find out immediately, and the owner must distinguish legitimate purchases from illegitimate in a credible manner.
Identity theft
The first form of credit card hijacking is basically identity theftIdentity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
, which is the deliberate assumption of another person's identity
Personally identifiable information
Personally Identifiable Information , as used in information security, is information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual...
. Identity theft is usually the result of serious breaches of privacy
Privacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
and often involves the victim compromising a great deal of financial
FINANCIAL
FINANCIAL is the weekly English-language newspaper with offices in Tbilisi, Georgia and Kiev, Ukraine. Published by Intelligence Group LLC, FINANCIAL is focused on opinion leaders and top business decision-makers; It's about world’s largest companies, investing, careers, and small business. It is...
and personal information allowing the thief to charge an existing credit card account or open up new credit card accounts in the name of the victim. Traditionally, methods of identity theft for credit card hijacking have involved mail interception or skimming of credit card data. As online transaction volumes increase, new methods for hijacking identities for credit card fraud include phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
and the use of spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
and botnet
Botnet
A botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
s.
Cancellation barrier
The second form of credit card hijacking is the continued charging of a person’s credit card for a subscription to goods or services no longer desired by the credit card owner. This type of credit card hijacking was pioneered by major ISPsInternet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
, credit monitoring services and online dating services, is perfectly legal, and is still common today in a wide range of subscription based goods and services. Credit card hijacking of this type came about as online subscription based marketers realized that traditional subscription systems, such as the annual subscriptions that paper magazines use, were an impediment to enrolling customers. A typical dial-up ISP, at US$24.95 per month, is US$299.40 annually. By breaking the subscription period into small units like months or quarters, and allowing direct monthly charging of the subscriber’s credit card, the psychological and economic barriers potential subscribers see are greatly reduced.
The issue which makes one subscription system a hijacking of the credit card is not the mode of entry into the subscription nor the billing interval, but the marketing organization creating barriers for the user to easily cancel the subscription. Organizations which use credit card hijacking as part of their marketing strategy make online registration for the subscription easy, enforce default automatic renewal policies, and create barriers to halting the subscription. (This is in contrast to traditional subscription based system such as paper magazines where the subscriber has to periodically proactively reauthorize the subscription, hence the default is to not renew.) The most common subscription exit barrier is to not provide any online subscription cancellation mechanism at all, but to instead require the user to cancel by telephone or by "on-line chats". Such organizations often add the additional barrier of making any subscription cancellation information difficult for the user to even find, thus creating an additional delay in the subscription cancellation. This is very common amongst ISP’s, who know the psychological barrier to making the call, which the subscriber anticipates will be unpleasant, is very high. It also allows the marketing organization to talk the subscriber into changing their minds and not cancelling the subscription. Another common subscription cancellation barrier is to have a relatively long subscription period, a no refund policy, and to require the user upon cancellation to forfeit all money covering the present subscription period. This is very common amongst online dating services.
This second form of credit card hijacking was created by marketers who recognized that subscription based services generally have relatively low periodic billing amounts which will generally go unnoticed on any given credit card statement. So what happens is that long after the user loses interest in the subscription, they forget to cancel the subscription and because the periodic billing is so low, they don’t tend to notice it on their credit card statement.
A simple solution to this problem is to phone the credit card company, request a new card with a different account number, and cancel the previous account. They will transfer the debt amount from the old account to the new account.
Negative option billing
Negative option billingNegative option billing
Negative option billing is a business practice in which goods or services are provided automatically, and the customer must either pay for the service or specifically decline it in advance of billing....
is the practice of sending goods automatically and billing the recipient unless the recipient is proactive in declining the goods before they are sent. Negative option billing reverses the usual direction of sales transactions. It assumes that unless you say 'no', you've agreed to have bought the goods. This is the common practice used in book clubs, record clubs, and magazine subscriptions with automatic renewal. Some practitioners of negative option billing prefer to call it "advance consent marketing".
Billing for membership rather than services
If a customer cancels services provided by a vendor, the vender would be committing fraud if they bill for services not provided (for example internet access). Some venders avoid this problem by billing monthly for a "membership", even though no services are used by the former customer. By retaining the membership number in an active status, the vendor makes it difficult for the customer to prove that the membership was cancelled.External links
- "How hard can it be to cancel an AOL account?" — One man's frustrating call, caught on tape, resounds in the blogosphere
- "Negative Option: When No Means Yes"