QUESTION 1 : Mario, an employee of a person-to-person payment company, has been writing down the account numbers and passwords of customer accounts with the intent of fraudulently using them to pay for items he purchases online.
- Check fraud
- Credit card fraud
- EFT fraud
- None of the above
Mario is committing an electronic funds transfer (EFT) scheme by misappropriating customers’ account and password information. There are several ways in which fraud can be perpetrated through the electronic transfer of funds. Potential sources of fraud include the following: A biller might send a bill for services not rendered or for goods never sent. A person who has obtained information about another person’s bank account might instruct a biller to obtain payment from the other person’s account. A hacker might obtain passwords and usernames from an aggregator and use that information to direct transfers from a consumer’s bank account. An employee at the site providing electronic bill payment services who knows consumers’ usernames and passwords for screen-scraping purposes might use that information to direct transfers from consumers’ bank accounts. A bank employee might use customer information to direct transfers from a customer’s account.
QUESTION 2 : If a customer reports the loss or theft of an access device, the financial institution should attempt to prevent fraud related to electronic funds transfers by canceling the existing card, PIN, or other form of access and issuing a new
- True
- False
The following are safeguards that banks can perform to reduce the risk that they or their customers become victimized by unauthorized electronic funds transfers: Confirm phone and mailing addresses on the application to ensure that they are consistent with information about the applicant that is available from other sources and, with respect to existing customers, consistent with current records about these customers. This might involve obtaining credit reports about the applicant or obtaining copies of utility Make sure that the area or city code in the applicant’s telephone number matches the geographical area for the applicant’s address. Send a “welcome” letter to the address on the application with the bank’s return address so that the letter is returned if the applicant does not live there. Verify by telephone or additional mailings any change of address requests in the same way that new account applications are verified. If a customer reports the loss or theft of an access device, cancel the existing card, PIN, or other form of access and issue a new one. If a customer reports that a person previously authorized to use an access device no longer has that authority, cancel all cards, PINs, or other access devices and issue new ones to the customer. Always mail PINs separately from other information, such as usernames, with which they are associated. Separate the responsibility of bank employees who have custody of information relating to access devices from those who have responsibility for issuance, verification, or reissuance of PINs. Ensure that any communication concerning usernames or passwords is sent in a secure encrypted format. Require customers who register for EBPP or P2P systems to provide information indicating that they are authorized to use the bank account or credit card from which payments will be made. Employ multifactor authentication to verify transfers via EBPP or P2P systems.
QUESTION 3 : Which of the following does NOT constitute an electronic funds transfer?
- A customer’s use of a debit card to purchase dinner at a restaurant
- An airline ticket purchased through the Internet with the use of a credit card
- The computer-initiated deposit of an employee’s paycheck directly into the employee’s bank account
- A transfer of funds from a checking account to a savings account performed on a personal computer
An electronic funds transfer (EFT) is any transfer of funds, other than one originated by a check or similar paper instrument, that is initiated through an electronic terminal, telephonic instrument, or computer or magnetic tape that orders or purports to authorize a financial institution to debit or credit an account. Because it does not result in a transfer of funds, the use of a credit card to make a payment does not constitute an EFT. Each of the following could A customer’s withdrawal of funds from the customer’s own account by use of an ATM A customer’s transfer of funds from the customer’s checking account to the customer’s savings account at the same financial institution initiated by the customer through a personal computer A customer’s transfer of funds from the customer’s checking account to the customer’s savings account at the same financial institution initiated by the customer through the bank’s automated telephone service A customer’s use of a debit card to purchase goods from a merchant who swipes the card through a point-of-sale (POS) device to authorize the deduction of the amount of the sale from the customer’s checking account A customer’s transfer of funds from the customer’s bank account to a third party initiated by the customer through a personal computer An employer’s instruction, initiated by computer or through a magnetic tape, to a financial institution to deposit funds representing an employee’s pay into the employee’s account A noncustomer’s instruction, initiated by computer or through a magnetic tape, to a financial institution to withdraw funds from a customer’s checking account and transfer the funds to a noncustomer’s bank account
QUESTION 4 : Due to the paper trail involved and the emphasis placed on the problem by law enforcement, the vast majority of check fraud offenders are pursued and prosecuted.
- True
- False
Many merchants overburden police and prosecutors with reports of check fraud rather than implementing effective training and controls to help prevent such schemes from the outset; therefore, law enforcement and prosecutors do not have the time or manpower to pursue all such cases and are often not eager to do so. Furthermore, check fraud perpetrators frequently migrate from one location to another, making their apprehension and prosecution difficult.
QUESTION 5 : Which of the following is an example of a way in which an electronic funds transfer (EFT) fraud scheme can be committed?
- An employee of a person-to-person (P2P) provider misappropriates a customer’s account and password information
- A person who has stolen information about another person’s bank account instructs a biller to obtain payment from that account
- A hacker obtains consumer account and password information to direct funds from consumers’ accounts
- All of the above
There are several ways in which fraud can be perpetrated through the electronic transfer of funds. Potential sources of fraud include the following: A biller might send a bill for services not rendered or for goods never sent. A person who has obtained information about another person’s bank account might instruct a biller to obtain payment from the other person’s account. A hacker might obtain passwords and usernames from an aggregator and use that information to direct transfers from a consumer’s bank account. An employee at the site providing electronic bill payment services who knows consumers’ usernames and passwords for screen-scraping purposes might use that information to direct transfers from consumers’ bank accounts. A bank employee might use customer information to direct transfers from a customer’s account.
QUESTION 6 : Which of the following factors enables or enhances fraudsters’ abilities to conduct account takeover schemes?
- Customers regularly checking their online accounts for changes
- The increased use of multifactor authentication
- Payment accounts offering the ability to be notified when they are accessed or changed
- Consumers using the same login and password information on multiple accounts
Account takeover fraud occurs when a fraudster surreptitiously takes control of a payment account. Targeted accounts can include credit cards, banking, brokerage, or any type of online retail account (e.g., Amazon). Because consumers often use the same username and password for multiple accounts, hackers commonly create code that can run credentials obtained from a data breach at one company to see if they are valid for another. Account takeover fraud has increased significantly in recent years. Consumers should opt for multifactor authentication when available, request notification of account access or changes when offered, and regularly check any online accounts that hold payment information
QUESTION 7 : Smart cards include a wide variety of hardware and software features capable of detecting and reacting to tampering attempts and countering possible attacks.
- True
- False
A smart card is a plastic card, the size of a credit card, embedded with a microchip. A key advantage of smart cards is that, unlike regular magnetic stripe credit cards, they cannot be easily replicated. Similarly, smart cards cannot be easily counterfeited, which greatly reduces the potential for fraud. Smart cards include a wide variety of hardware and software features capable of detecting and reacting to tampering attempts and countering possible attacks.
QUESTION 8 : In which of the following scenarios might a credit card skimming scheme be conducted?
- A server walks away from a customer’s table to process a credit card payment
- A retail employee processes a payment outside of the customer’s view
- A customer is pumping gasoline and notices a strange device attached to the self-payment apparatus
- All of the above
A credit card skimming scheme requires a device, often referred to as a skimmer or a wedge , that scans and stores a large amount of credit card numbers. Credit card skimming is more frequent in businesses where an employee is able to remove the card from the customer’s view to process the transaction before returning it to the customer. Skimming can also be performed via the attachment of covert devices to ATMs, automated fuel dispensers, vending machines, or self-service checkout kiosks. These devices are occasionally paired with a tiny hidden camera meant to record the input of a user’s PIN code
QUESTION 9 : The chances of being arrested and prosecuted for check fraud are high, and the penalties are relatively severe.
- True
- False
Check fraud is considered a relatively low-risk crime; the chances of being arrested and prosecuted are low, and the penalties are relatively mild.
QUESTION 10 : Loyalty programs are susceptible to fraud for all of the following reasons EXCEPT:
- Loyalty points can only be used for products or services offered by the original company.
- Some airlines allow the conversion of travel points for tickets in another person’s name.
- Many loyalty programs allow the transfer of points from one account to another.
- Loyalty points can often be used to purchase sellable items such as gift cards.
Loyalty fraud typically results from fraudsters gaining access to a rewards account by obtaining login credentials through phishing or hacking. Fraudulent transactions can be difficult to recognize because many consumers use their points to purchase gifts for others, with many airlines even allowing the conversion of travel points for tickets in Increasingly, points programs from one company are joined with programs from other companies to enhance the options and utility available for consumers. Whereas airline points at one time might have only been valid toward the purchase of an airline ticket with the issuing airline, rewards programs are increasingly offered as part of an alliance of expanded loyalty networks that allow consumers to exchange their points for numerous unrelated products and services, such as hotel stays, retail purchases, or gift cards. The ability to convert loyalty points to sellable items such as gift cards allows fraudsters to leverage compromised loyalty accounts for cash. Furthermore, many loyalty programs allow the transfer of points from one account to another within the expanded program network, thus allowing fraudsters to transfer points from numerous compromised accounts into whichever program is most conducive to their scheme.
QUESTION 11 : Which of the following types of transactions is LEAST likely to use a person-to-person (P2P) payment system?
- A person making an online donation to a charity
- A person buying groceries at a supermarket
- A person transferring money to a friend abroad
- A person paying for an item on an online auction site
Person-to-person payment systems , often called P2P or peer-to-peer payment systems , are an increasingly popular method for making payments between individuals or between an individual and a business. P2P payments are commonly used to make online payments but are not as common for in-person payments, such as paying for clothes at a department store or buying groceries at a supermarket. These services are also used to move money internationally and between various currencies at exchange rates that rival traditional methods of currency exchange.
QUESTION 12 : Credit card counterfeiting operations might include the use of which of the following?
- High-speed printing facilities
- Embossed blank plastic cards
- Desktop computers, embossers, tipping foil, and laminators
- All of the above
One common method of producing counterfeit credit cards includes the use of blank plastic cards. This scheme uses credit-card-sized plastic with embossed account numbers and names. This scheme often works in conjunction with a corrupt and collusive merchant or a merchant’s employee. Other counterfeit cards are wholly manufactured using high-speed printing facilities. Additional common tools in the reproduction process include desktop computers,
QUESTION 13 : Unauthorized credit card activity resulting from a stolen card typically takes place within hours of the card’s theft and before the victim reports the loss.
- True
- False
Fraudulent activity normally occurs within hours of the loss or theft, before most victims have called to report the loss
QUESTION 14 : Wealth in a virtual economy can only be generated by spending significant time and effort participating in massively multiplayer online (MMO) gaming platforms to slowly earn in-game currency.
- True
- False
Wealth in a virtual economy is typically generated by spending significant time and effort participating in massively multiplayer online (MMO) gaming platforms to slowly earn in-game currency, or it can be generated by simply paying for in-game currency using outside payment methods, such as credit cards, PayPal, or bitcoin
QUESTION 15 : Credit card fraud is difficult to execute because the chances of getting caught are quite high.
- True
- False
Credit card fraud is successful because the chances of being caught are low and prosecution is not ensured.
QUESTION 16 : To conduct an electronic payment using a person-to-person (P2P) system, the two individuals must meet in person at a financial institution to sign an order requesting the transfer of money from one person’s account to the other.
- True
- False
Individuals can pay each other for goods or services electronically, which is known as the person-to-person (P2P) system. Many credit cards and banks offer this service to their customers. P2P payments can now be made through a variety of services using a computer, smartphone application, or email address.
QUESTION 17 : Frequent check deposits in round numbers or for the same amount and checks written to individuals for large, even amounts might be indicators of check fraud.
- True
- False
Frequent deposits in round numbers or for the same amount and checks issued to individuals for large, even amounts are both indicators of check fraud.
QUESTION 18 : Which of the following is NOT a common type of credit card fraud?
- Card counterfeiting
- Skimming
- Advance payments
- Profiling
Advance payments, card counterfeiting, and skimming are all forms of credit card fraud; profiling is not a type of credit card fraud.
QUESTION 19 : Which of the following steps are often taken during an account takeover scheme?
- Steal account login information using phishing emails
- Place orders using funds from the overtaken account
- Change customer contact information on the overtaken account
- All of the above
Account takeover fraud occurs when a fraudster surreptitiously takes control of a payment account. Targeted accounts can include credit cards, banking, brokerage, or any type of online retail account (e.g., Amazon). To take over an account, thieves obtain email addresses or other login information and use various means to obtain passwords, such as phishing emails or password-cracking botnet attacks. Once the thief overtakes an account, communication methods and contact information are altered to keep the account holder unaware of the fraudulent activity. The thief is then free—depending on the type of account—to place orders using stored payment information, transfer funds, or request duplicate credit cards.
QUESTION 20 : The equipment needed to run a check fraud ring is very expensive and difficult to obtain.
- True
- False
Check fraud rings thrive because the items needed to commit check fraud are easily obtainable and the cost is minimal. Often, the only necessary equipment for a check fraud ring is a scanner, printer, and personal computer.
QUESTION 21 : When fabricating a counterfeit credit card, which of the following is the most difficult facet to reproduce?
- The magnetic strip
- The embossed numbers
- The hologram
- The card thickness
The hologram is the most difficult aspect of a credit card to reproduce. True holograms use a lenticular refraction process; counterfeits are generally only reflected materials, usually foil with an image stamped on it. These decals are attached to the card’s surface rather than fixed into the plastic, as is the case with legitimate cards. Some fraudulent holograms do not change colors—as legitimate ones do—when viewed from various angles
QUESTION 22 : Jason, a server at a popular restaurant, takes a customer’s credit card to process a payment. While he is on the other side of the dining area with his back turned, Jason swipes the card through a small device that he regularly uses to steal his customers’ credit card information. Jason is engaging in a scheme known as credit card ________.
- Skimming
- Scanning
- Pinching
- Probing
A credit card skimming scheme requires a device, often referred to as a skimmer or a wedge , that scans and stores a large amount of credit card numbers. Credit card skimming is more frequent in businesses where an employee is able to remove the card from the customer’s view to process the transaction before returning it to the customer. This scam might occur in a retail situation in which a credit card is processed behind a concealable counter or in a restaurant scenario wherein a server walks away with a customer’s card to process the transaction.
QUESTION 23 : 358 of 424 Loyalty fraud typically results from fraudsters gaining access to a rewards account by obtaining login credentials through phishing or hacking.
- True
- False
Loyalty fraud typically results from fraudsters gaining access to a rewards account by obtaining login credentials through phishing or hacking.
QUESTION 24 : Cryptocurrencies are subject to significant monitoring and government regulation.
- True
- False
Cryptocurrencies have been relatively anonymous and have not been subject to significant monitoring or regulation by governments or financial institutions thus far, although many countries are developing controls and regulations that could affect their classification as assets, how they are traded and purchased, or how they can be spent. For these reasons, they are attractive vehicles for various fraud schemes
QUESTION 25 : Loyalty accounts are attractive targets for fraudsters for which of the following reasons?
- Loyalty accounts often lack fraud prevention mechanisms
- Thieves often think of loyalty points in terms of cash
- Consumers tend to monitor loyalty accounts infrequently
- All of the above
Thieves often think of loyalty points in terms of cash and, as such, these programs are increasingly subject to fraud. Loyalty accounts are also attractive fraud targets because they are often less secure than accounts with financial institutions, commonly lacking fraud prevention mechanisms such as multifactor identification or account activity monitoring.
QUESTION 26: Liam is the manager of a small bank that has recently experienced an increase in the amount of fraud related to electronic funds transfers (EFT). Which of the following methods can Liam implement to reduce his bank’s exposure
- Ensure that PINs are mailed separately from other associated account information
- Send a “welcome” letter to new customers to determine if the address submitted on the account application is valid
- Separate the duties of bank employees so that responsibilities for the issuance of access devices are separate from the issuance of PINs
- All of the above
The following are safeguards that banks can perform to reduce the risk that they or their customers become victimized by unauthorized electronic funds transfers: Confirm phone and mailing addresses on the application to ensure that they are consistent with information about the applicant that is available from other sources and, with respect to existing customers, consistent with current records about these customers. This might involve obtaining credit reports about the applicant or obtaining copies of utility Make sure that the area or city code in the applicant’s telephone number matches the geographical area for the applicant’s address. Send a “welcome” letter to the address on the application with the bank’s return address so that the letter is returned if the applicant does not live there. Verify by telephone or additional mailings any change of address requests in the same way that new account applications are verified. If a customer reports the loss or theft of an access device, cancel the existing card, PIN, or other form of access and issue a new one. If a customer reports that a person previously authorized to use an access device no longer has that authority, cancel all cards, PINs, or other access devices and issue new ones to the customer. Always mail PINs separately from other information, such as usernames, with which they are associated. Separate the responsibility of bank employees who have custody of information relating to access devices from those who have responsibility for issuance, verification, or reissuance of PINs. Ensure that any communication concerning usernames or passwords is sent in a secure encrypted format. Require customers who register for EBPP or P2P systems to provide information indicating that they are authorized to use the bank account or credit card from which payments will be made. Employ multifactor authentication to verify transfers via EBPP or P2P systems
QUESTION 27 : Which of the following is NOT a red flag of a fraudulent credit card transaction?
- A customer buys a small number of expensive items at one time.
- A customer charges many expensive items to a newly valid card.
- A customer insists on taking a large item home even when delivery is included.
- A customer cannot provide a photo identification when requested.
While any of the following can occur in a perfectly legitimate transaction, these characteristics frequently are present during fraudulent transactions. Tellers and merchants should be advised to be alert for customers who: Purchase an unusually large number of expensive items. Make random purchases, selecting items with little regard to size, quality, or value. Do not ask questions on major purchases. Sign the sales draft slowly or awkwardly. Charge expensive items on a newly valid credit card. Cannot provide a photo identification when asked. Rush the merchant or teller. Purchase a large item, such as a television, and insist on taking it at the time, even when delivery is included in the price. Make purchases and leave the store, but then return to make more purchases. Become argumentative with the teller or merchant while waiting for the transaction to be completed. Make large purchases just as the store is closing.