Credit card fraud: What you need to know
三条黄金准则杜绝信用卡诈骗

If you are the owner of a credit or a debit card, there is a non-negligible chance that you may be subject to fraud, like millions of other people around the world.

如果你有信用卡或借记卡，就完全有可能遭遇诈骗，这和世界各地的其他数百万人一样。

Starting in the 1980s, there has been an impressive increase in the use of credit, debit and pre-paid cards internationally. According to an October 2016 Nilson Report, in 2015 more than $31 trillion were generated worldwide by these payment systems, up 7.3% from 2014.

从20世纪80年代开始，信用卡、借记卡和预付费卡的使用在世界各地大幅增加。根据尼尔森2016年10月发布的一份报告，2015年，这些支付系统在全世界的交易额超过31万亿美元，较2014年增加7.3%。

信用卡方便了人们的生活，也给犯罪分子带来机会。

In 2015, seven in eight purchases in Europe were made electronically.

2015年，欧洲每8笔交易就有7笔通过电子方式完成。

Thanks to new online money-transfer systems, such as Paypal, and the spread of e-commerce around the world – including, increasingly, in the developing world (which was slow to adopt online payments) – these trends are expected to continue.

得益于PayPal等新兴在线汇款系统和电子商务在世界各地的快速普及——也包括发展中市场，那里正在缓慢普及在线支付——这些趋势有望持续。

Thanks to leading companies such as Flipkart, Snapdeal and Amazon India (which together had 80% of the Indian e-commerce market share in 2015) as well as Alibaba and JingDong (which had upwards of 70% of the Chinese market in 2016), electronic payments are reaching massive new consumer populations.

多亏了Flipkart、Snapdeal和亚马逊印度等顶尖企业（它们合计占到印度2015年电子商务市场80%的份额）以及阿里巴巴和京东（它们合计占到中国2016年电子商务市场超过70%的份额），电子支付正在接触海量的新消费群体。

This is a goldmine for cybercriminals. According to the Nilson Report, worldwide losses from card fraud rose to $21 billion in 2015, up from about $8 billion in 2010. By 2020, that number is expected to reach $31 billion.

这也成了网络犯罪分子眼中的金矿。根据尼尔森的报告，全球因为信用卡诈骗造成的损失在2015年增加到210亿美元，高于2010年的80亿美元左右。到2020年，这一数字有望达到310亿美元。

Such costs include, among other expenses, the refunds that banks and credit card companies make to defrauded clients (many banks in the West cap consumers’ liability at $50 as long as the crime is reported within 30 days for credit cards and within two days for debit cards. This incentivises banks to make significant investments in anti-fraud technologies.

除了其他费用外，这些成本包括银行和信用卡公司支付给受害客户的返款（西方很多银行承诺，只要信用卡用户在30天内报告犯罪行为，便可将其最高损失限制为50美元，借记卡的期限为2天），这便刺激银行投入大笔资金开发反欺诈技术。

Cybercrime costs vendors in other ways too. They are charged with providing customers with a high standard of security. If they are negligent in this duty, credit card companies may charge them the cost of reimbursing a fraud.

网络犯罪还会在其他方面给企业造成损失。企业需要为客户提供极高的安全标准。如果在这方面有所疏忽，信用卡公司可能就会要求他们偿还欺诈损失。

The types of frauds

欺诈类型

There are many kinds of credit card fraud, and they change so frequently as new technologies enable novel cybercrimes that it’s nearly impossible to list them all.

信用卡欺诈有很多类型，而且随着新技术催生了新颖的网络犯罪，使得它们的变化频率很快，几乎不可能逐一列出。

But there are two main categories:

但还是可以分成两种主要类型：

card-not-present (CNP) frauds: This, the most common kind of fraud, occurs when the cardholder’s information is stolen and used illegally without the physical presence of the card. This kind of fraud usually occurs online, and may be the result of so-called “phishing” emails sent by fraudsters impersonating credible institutions to steal personal or financial information via a contaminated link.

无卡欺诈：这是最常见的一种欺诈，指的是在没有使用卡片的情况下窃取持卡人信息或非法使用其卡片的行为。这种欺诈往往发生在网上，源头可能是所谓的"钓鱼"邮件：欺诈者假冒信用机构向人们发送邮件，通过虚假冒充的链接窃取个人或财务信息。

card-present-frauds: This is less common today, but it’s still worth watching out for. It often takes the form of “skimming” – when a dishonest seller swipes a consumer’s credit card into a device that stores the information. Once that data is used to make a purchase, the consumer’s account is charged.

有卡欺诈：这种情况目前较为少见，但仍然值得关注。这往往以"盗读"（skimming）的形式进行——不诚实的商家在刷消费者的信用卡时会存储相关信息。一旦这些数据被用于购物，消费者的账号就会被扣款。

The mechanism of a credit card transaction

信用卡交易机制

Credit card fraud is facilitated, in part, because credit card transactions are a simple, two-step process: authorisation and settlement.

信用卡诈骗之所以快速发展，一定程度上源于这种交易采用了简单的两步流程：授权和结算。

At the beginning, those involved in the transaction (customer, card issuer, merchant and merchant’s bank) send and receive information to authorise or reject a given purchase. If the purchase is authorised, it is settled by an exchange of money, which usually takes place several days after the authorisation.

起初，参与交易的各方（客户、信用卡发卡机构、商户和商户的银行）通过收发信息来授权或拒绝授权某项购买行为。如果购买行为得到授权，便会通过货币交换来结算，这通常会在授权发生几天后进行。

Once a purchase had been authorised, there is no going back. That means that all fraud detection measures must be done during in the first step of a transaction.

一旦购买行为获得授权，就无法追溯。这意味着所有的欺诈探测措施都必须在第一步交易过程中完成。

Here’s how it works (in a dramatically simplified fashion).

以下就是具体实施过程的极简版本。

Once companies such as Visa or Mastercard have licensed their brands to a card issuer – a lender like, say, Barclays Bank – and to the merchant’s bank, they fix the terms of the transaction agreement.

一旦Visa或Mastercard等公司将品牌授权给发卡机构——像巴克莱银行这样的贷方——以及商家的银行，他们就会敲定交易条款。

Then, the card issuer physically delivers the credit card to the consumer. To make a purchase with it, the cardholder gives his card to the vendor (or, online, manually enters the card information), who forwards data on the consumer and the desired purchase to the merchant’s bank.

之后，发卡机构会将实体信用卡交付给消费者。要用信用卡购物，持卡人就要将自己的卡片交给商家（或者在网上手动输入卡片信息），由后者将消费者及其准备进行的交易数据发送给商家的银行。

The bank, in turn, routes the required information to the card issuer for analysis and approval – or rejection. The card issuer’s final decision is sent back to both the merchant’s bank and the vendor.

该银行随后将所需的信息发送给发卡机构，以供分析和验证——或者拒绝。发卡机构的最终决定会返回给商家的银行和商家。

Rejection may be issued only in two situations: if the balance on the cardholder’s account is insufficient or if, based on the data provided by the merchant’s bank, there is suspicion of fraud.

只有两种情况才有可能拒绝交易：当持卡人账号余额不足时，或者根据商家的银行提供的数据，怀疑这笔交易涉嫌欺诈时。

Incorrect suspicions of fraud is inconvenient for the consumer, whose purchase has been denied and whose card may summarily be blocked by the card issuer, and poses a reputational damage to the vendor.

错误地怀疑欺诈会给消费者带来不便，他们的购买行为会被拒绝，其卡片也有可能被发卡机构冻结，还会对商家的声誉构成破坏。

How to counter frauds?

如何对抗欺诈？

Based on my research, which examines how advanced statistical and probabilistic techniques could better detect fraud, sequential analysis – coupled with new technology – holds the key.

我研究了如何用先进的统计和概率技术更好地发现欺诈行为，结果发现，配合其他技术使用的序列分析是关键所在。

Thanks to the continuous monitoring of cardholder expenditure and information – including the time, amount and geographical coordinates of each purchase – it should be possible to develop a computer model that would calculate the probability that a purchase is fraudulent. If the probability passes a certain threshold, the card issuer would be issued an alarm.

得益于对持卡人开支和信息的持续监控——包括每笔交易的时间、金额和地理坐标——就有可能开发一个电脑模型，从而计算某项交易的欺诈概率。如果概率超过特定阈值，发卡机构就会发出警报。

The company could then decide to either block the card directly or undertake further investigation, such as calling the consumer.

然后公司会决定直接冻结卡片还是展开进一步的调查，包括致电消费者。

The strength of this model, which applies a well-known mathematical theory called optimal stopping theory to fraud detection, is that it aims at either maximising an expected payoff or minimising an expected cost. In other words, all the computations would be aimed at limiting the frequency of false alarms.

这种模式将名为"最优停时理论"（optimal stopping theory）的著名数学原理应用到欺诈识别中，其优势在于，它的目标既可以是预期收益最大化，也可以是预期成本最小化。换句话说，所有的计算目标都是为了限制误报频率。

My research is still underway. But, in the meantime, to reduce significantly the risk of falling victim to credit card fraud, here are some golden rules.

我的研究仍在进行。但与此同时，为了大幅降低遭受信用卡诈骗的风险，可以遵循一些黄金准则。

First, never click on links in emails that ask you to provide personal information, even if the sender appears to be your bank.

首先，永远不要在那些向你索要个人信息的邮件中点击链接，即便邮件似乎是你的银行发来的。

Second, before you buy something online from an unknown seller, google the vendor’s name to see whether consumer feedback has been mainly positive.

第二，从不知名的在线卖家那里买东西时，首先搜索商家的名字，看看消费者的反馈是否以正面为主。

And, finally, when you make online payments, check that the webpage address starts with https://, a communication protocol for secure data transfer, and confirm that the web page does not contain grammatical errors or strange words. That suggests it may be a fake designed solely to steal your financial data.

最后，当你在网上支付时，应该检查网址是否以https://开头，这是一种安全的数据传输通讯协议。此外还要确认网址中不包含语法错误或怪异文字——倘若出现这种情况，或许就表明这纯粹是为了窃取你的财务数据而设计的虚假网站。

来源：好英语网