Credit card hijacking is a form of credit card fraud and the term is used when a person’s credit card is used by an unauthorized person (e.g. a thief or overaggressive vendor) to buy goods or services. The credit card owner usually has trouble reasserting control over the card, because usually he or she doesn’t find out immediately, and the owner must distinguish legitimate purchases from illegitimate in a credible manner.
The first form of credit card hijacking is basically identity theft, which is the deliberate use of another person’s identity. Identity theft is usually the result of serious breaches of privacy and often involves the victim compromising a great deal of financial and personal information allowing the thief to charge an existing credit card account or open up new credit card accounts in the name of the victim. Methods of identity theft for credit card hijacking have involved mail interception or skimming of credit card data. The growth of online subscriptions and transactions have also brought along a variety of different phishing and the use of spyware and botnets.
Radio-frequency identification RFID uses electromagnetic fields to automatically identify and track tags attached to objects. There have been several demonstrations on how credit card fraud can be committed through RFID scanners. Although the possibility of credit fraud using an RFID scanner is rare, it is possible for it to happen. There are more occurrences with credit card fraud that happen through PoS or point of sale that has been compromised with malware. The malware is typically installed by someone who hacks into the system from another location if not always, installed through hacking by. Another well known tactic for credit card fraud is the placement of skimmers on an ATM by the person or persons committing the credit fraud.
Another form of credit card hijacking is the continued charging of a person’s credit card for a subscription to goods or services no longer desired by the credit card owner. This type of credit card hijacking was pioneered by major ISPs, credit monitoring services and online dating services, are perfectly legal, and are still common today in a wide range of subscription based goods and services. Credit card hijacking of this type came about as online subscription based marketers realized that traditional subscription systems, such as the annual subscriptions that paper magazines use, were an impediment to enrolling customers. For instance, a subscription that is US$24.95 per month, is US$299.40 annually. By breaking the subscription period into small units like months or quarters, and allowing direct monthly charging of the subscriber’s credit card, the psychological and economic conflicts subscribers see are greatly reduced.
The issue which makes one subscription system a hijacking of the credit card is not how often it’s billed, but the organization creating barriers that make it more difficult for subscriptions to be cancelled. Organizations which use credit card hijacking as part of their marketing strategy make online registration for the subscription easy, enforce default automatic renewal policies. In comparison to traditional subscription based system such as paper magazines where the subscriber has to periodically proactively reauthorize the subscription. Instead of an automatic renewal. The most common subscription exit barrier is to not provide any online subscription cancellation mechanism at all, but to instead require the user to cancel by telephone or by “on-line chats”. Such organizations often add the additional barrier of making any subscription cancellation information difficult for the user to even find, thus creating an additional delay in the subscription cancellation. This is very common with internet service providers, who know the psychological barrier to making the call, which the subscriber anticipates will be unpleasant, is very high. It also allows the marketing organization to talk the subscriber into changing their minds and not cancelling the subscription. Another common subscription cancellation barrier is to have a relatively long subscription period, a no refund policy, and to require the user upon cancellation to forfeit all money covering the present subscription period. This is very common with online dating services.
This second form of credit card hijacking was created by marketers who recognized that subscription based services generally have relatively low periodic billing amounts which will generally go unnoticed on any given credit card statement. So what happens is that long after the user loses interest in the subscription, they forget to cancel the subscription and because the periodic billing is so low, they don’t tend to notice it on their credit card statement.
A simple solution to this problem is to call the credit card company, request a new card with a different account number, and cancel the previous account. They will transfer the debt amount from the old account to the new account. This makes companies that have the credit card information unable to continue charging the credit card of the person.
Negative option billing is the practice of sending goods automatically and billing the recipient unless the recipient is proactive in declining the goods before they are sent. Negative option billing reverses the usual direction of sales transactions. It assumes that unless you say ‘no’, you’ve agreed to have bought the goods. This is the common practice used in book clubs, record clubs, and magazine subscriptions with automatic renewal. Some practitioners of negative option billing prefer to call it “advance consent marketing”.
If a customer cancels services provided by a vendor, the vender would be committing fraud if they bill for services not provided (for example internet access). Some venders avoid this problem by billing monthly for a “membership”, even though no services are used by the former customer. By retaining the membership number in an active status, the vendor makes it difficult for the customer to prove that the membership was cancelled. This is a form of credit card fraud that is not often regarded as such.