This holiday season many Internet shoppers, and Internet thieves, have discovered that just having a credit card number is no longer enough.
As a means of preventing identity theft, most major retailers now demand that you provide your CVC2 number as well. This is the small three-digit number on the back of your card.
"The purpose of the CVC2 is to ensure that the customer has a physical copy of the card in their possession," said Justin Levick, chief security officer for Trust One Bank. "You should definitely not give this number out if someone just calls and asks for it."
That however, is exactly the problem.
This newest form of credit and debit card fraud, called phishing, occurs when the perpetrator contacts you posing as a bank employee and asks for personal information.
"If anyone says they are calling from the bank and need info from you they are lying," Levick said. "That's not how we do things and it shouldn't ever happen."
Since the caller already has your name and account number many think that they are speaking with a valid financial institution. This is exactly what the scammers are counting on.
"I think I would be a little more concerned with giving out the account number than anything else," said Erin Deming, senior art major. "If anyone called me asking for any numbers off my credit card I would be very suspicious."
Most people would be suspicious of unsolicited callers asking for personal information.
"I'm definitely not stupid enough to say anything about my finances to someone just because they called me up and asked," said Brooke Burglin, junior management information systems major.
Phishing scams usually rely on contacting as many people as possible, either via phone or email according to the National Consumer League Web site. They use such a large base of victims so that if even a very small percentage of those contacted respond, the stolen numbers can add up very quickly.
"Just don't be a part of that small percentage," Levick said. "If someone tried to get my info, I would just go talk to my bank.
This type of scammer has proven hard to catch due to the nature of the technology involved.
"It can be complicated trying to find the source of large bulk spam e-mails like many phishers use," said Peter Meyers, computer systems analyst. "Many of these things originate overseas, so it would take a great deal of cooperation with foreign governments and individuals in the private sector."
The good news is that it's relatively easy to protect yourself from this type of scam, simply keep your private information private.
"Just keep your PIN number and your CVC2 number to yourself and you shouldn't have any problems," Levick said.
