RIO DE JANEIRO, BRAZIL – According to data from the 2020 Annual Report on Online Criminal Activity in Brazil, prepared by Axur cybersecurity company, last year the country was the champion in card data leaks, single-handedly accounting for 45.4% of all cases worldwide, separated by over ten percentage points from the second-place country, the United States (34.3%).
According to the survey, among the ten institutions with the highest number of leaks, seven are Brazilian; two are American; and one is Spanish.
According to Axur’s CEO Fábio Ramos, there are three main reasons for Brazil to be in the lead. The first of these is its vast population, which consequently represents a larger number of potential victims. The second concerns digital inclusion, and the third, our culture.
“With prepaid plans, owning a cell phone with internet becomes something quite affordable, which is no longer the case in other countries. So, we have a large target audience for these attacks,” says Ramos. “Then, Brazilians love new things, are open to technologies and more trusting. So people click on links with no concerns.”
He also believes that the absence of laws that effectively punish digital crimes fosters a feeling of impunity and encourages criminals to act freely.
Designer Gabriel Studart, 31, was one of the victims, but had no losses:
“Right at the start of the pandemic, several attempts were made to purchase with my card, on a gaming website, one afternoon. As I don’t usually buy anything at that time, the bank itself denied the transaction and called me afterwards. I said I didn’t recognize the operation, and they promptly sent me a new card.”
Ramos says that, for the most part, cloning occurs through phishing, which is when consumers insert data into a fake website without realizing it. However, the trap can also occur through cash payment terminals: “They will pass the card through the fake terminal, say it didn’t work and then pass it through the real one. But the card has already been cloned. It’s hard to spot it!”
Bank must take responsibility
By having one’s card cloned, clients can demand reimbursement from the financial institution for purchases they do not recognize. According to Igor Marchetti, attorney at the Brazilian Consumer Defense Institute (IDEC), banks have a duty to guarantee security with respect to their services.
“Ideally, when perceiving the leak, consumers should immediately contact the bank and cancel the payment, so that it will not come up in the next invoices. But, should the amount be already registered in the invoice, the consumer’s refund can be processed on the next card’s due date,” he advises.
Banks have a maximum of five working days to assess fraud and reply to the client, according to Article 17 of Decree 6523/2008, known as the SAC Decree. Marchetti also explains that it is not necessary to contract any type of insurance related to the card in order to guarantee the refund in case of fraud.
“Banks may only waive liability in cases where it is proven that consumers were solely to blame for the use of the card. Therefore, insurance is not required. Clients should check if there is anything else in the coverage that justifies the contract, such as the option of redeeming additional amounts upon opening a request or, also, if it provides a direct service channel for card cancellation,” explains the attorney.
After becoming a victim…
After the card is cloned, acting promptly is crucial. Therefore, customers are advised to enable the SMS option on their cell phones with every purchase made. Hence, if there is fraud, one can be immediately notified.
Should you become a victim, attorney Vitor Boaventura, partner of Ernesto Tzirulnik Law Firm, advises registering a crime report with the police, as well as informing the bank.
“If you experience difficulties in contesting the purchase, look for your state’s PROCON or legal advice. In case of undue registration in defaulters’ registers, there is also entitlement to compensation for moral damages,” he adds.
How to protect oneself
Do not provide data: Do not give your credit card details to third parties. They may store the information to make a future purchase on your behalf.
Scratch off the code: The three digits that are typically located on the back of the card are used for online purchases only. For your safety, scratch that code off the card and store it somewhere else. This way, if you are going to make a physical purchase, you prevent someone from acquiring the data to use the card in the future.
Use virtual cards
For online purchases, virtual cards are available from your bank’s own app. In most institutions, this online card is only valid for one transaction. By choosing to use it, you prevent any store, where you consciously made a purchase, from misusing the card later.
Beware of websites
Most leaks occur through fake websites that mimic real ones (phishing). The layout is often very similar to prevent suspicion. The difference lies only in the URL. However, not everyone pays attention to this because it is difficult to check the webpage’s full address from cell phones. To prevent the scam, choose to access the purchase website through a computer and make sure it is the original.
Suspicious links
Another scamming method is malware. By clicking on a suspicious link received by email or through social media, a kind of robot is installed on your device. It then “records” your every move on the internet and thus gains access to your bank credentials and credit card data, should this be used in any online purchase. In this scam, the amount of data captured is much larger.