We hear all the time about people falling for scams. Most of us who have been in banking for a while figure we have heard everything. We heard of a new scam recently, and some pretty sophisticated folks fell for it, so it presents a cautionary tale. Given the popularity of online shopping, many people have gifts delivered directly to them. Banks should warn customers to proceed carefully in the case of deliveries that seem a little odd.
In this instance, the customer was scammed following a phone call from "Express Couriers" asking if they would be home to receive a delivery. The caller said that the delivery would arrive in roughly an hour. Sure enough, a uniformed delivery man arrived with a beautiful basket of flowers and wine. In this instance, it was not holiday season and there was no particular occasion for a gift. The customer was intrigued and asked who it was from. The delivery man said he didn't know and that a card would arrive separately. He then went on to explain that because the gift contained alcohol, there was a $3.50 "delivery charge" as proof the package had been delivered to an adult, and not just left on the doorstep.
This sounded reasonable so the customer offered cash. The delivery man then said that the company couldn't accept cash and required payment by credit or debit card so that everything could be properly accounted for. The customer produced a card, swiped it through a mobile card machine that looked much like the machines UPS and FedEx carry. The delivery man then asked that the PIN be punched in and for the security code off the back of the card. A receipt was even printed out.
Following the delivery over the next four days, some $4,000 was withdrawn from various ATM machines against the customer's account. The "mobile payment machine" the delivery man carried seems to have downloaded all the information necessary to create a dummy card from the swipe, the PIN and the security number. In the end the bank account was closed, the police were notified, and it turned out the same scam had been reported elsewhere in the city.
As we review the mistakes this customer made, we perhaps are thinking to ourselves, how silly of them to give that information. Nothing is that easy though. Consider first the sophistication of the setup. The delivery guy had a machine, a uniform and a well thought out story. Beyond that, anyone who travels abroad knows it is standard practice with a chip and PIN card to punch in the PIN as an identifier to use the card. No one should ever give out the security code of course.
In the end, the biggest lesson during the holiday season is that while unexpected presents may well show up on the doorstep, don't ever give out card information unless you made the purchase yourself or know who it is from. We can think of very few instances where there would be a delivery charge in order to receive a gift - what sort of friend is that?
The difficulty is that the transition to electronic payment and tracking devices has been so rapid that it is difficult even for professionals like bankers to keep up, much less customers.
Community banks often send out holiday cards or email, so it's a great time to remind customers to be careful and to share examples of well executed scams - such as this one - as a warning. Remind your customers to be sure to take a good look inside the mouth of any unexpected gift horse.