Introduction:

Case Studies with a Focus on Practical Solutions

Bank transaction fraud, particularly credit card fraud, is a growing problem in the United States. This study delves into five hypothetical fraud cases, using fictitious data that represent real-life situations. The information is based on various reliable sources, such as:

• Complaints filed with the Consumer Financial Protection Bureau (CFPB) and the Federal Trade Commission (FTC).

• The Fair Credit Billing Act (FCBA).

• Interviews with consumer rights and cybersecurity experts available online.

• Research and statistical studies from official bodies and research institutions.

The goal is to provide a comprehensive and practical analysis, focusing on helping prevent and combat fraud, including:

Fraud in banking transactions, especially credit cards, represents a growing problem in Brazil and around the world. This study delves into five hypothetical fraud cases, using fictitious data that represent real situations, based on information from several reliable sources, such as: Complaints with the Central Bank and the Credit Card Administrator Ombudsman's Office. Consumer Protection Code (CDC).

Interviews available on the internet with experts in consumer law and cybersecurity. Surveys and statistical studies by official bodies and research institutions. The objective is to provide a comprehensive and practical analysis, with a focus on helping to prevent and combat fraud, including:

Detailed summary of the facts:

Presentation of the events of each case, with dates, values, establishments,

types of transactions, customer arguments and responses from the Credit Card

Administrator, inserting relevant excerpts from the disputes and official responses.

In-depth analysis of inconsistencies: Identification of points that indicate the possibility of fraud, based on information such as atypical values, purchasing patterns, time between transactions, location of establishments and analysis of geolocation data, presenting concrete examples and comparative tables.

Complete guidelines and suggestions for customers and Credit Card Administrators: Comprehensive recommendations to prevent and combat fraud, based on best security practices, excerpts from the CDC and other relevant laws, court jurisprudence, investigative measures and practical examples of actions that can be taken.

Practical examples with spreadsheets and tables in Excel, HTML, CSS and JavaScript:

Demonstration of how to use digital tools to assist in the analysis of banking transactions, with spreadsheet models, formulas, graphs and interactive dashboards, including links to download files and tutorials in video.

Additional information about the Consumer Protection Code: Relevant excerpts from the CDC, with emphasis on article 42 and other articles that deal with liability in cases of theft, fraud and the like, including mention of deadlines for contesting and procedures for reimbursement.

Detailed step-by-step instructions for action in the event of fraud:

1. Numbered list of measures to be taken in case of suspected fraud, including blocking the card,
   

2. registering a police report, disputing transactions and contacting the Credit Card
   

3. Administrator entity, with document models and links to the websites of the competent authorities.

Interview with Expert:

Specialist Dr. João Oliveira - president of Procon/RJ, lawyer specialized in consumer rights, in an interview given to the newspaper Boa Vontade, on the broadcaster Boa Vontade TV. He highlighted the importance of consumers being aware of their rights when dealing with fraud in banking transactions.

also on consumer rights:

Study cases:

Case of Mrs. Filomena:

Unrecognized Purchases by Mrs. Filomena:

This detailed case study of Mrs. Filomena uses Excel spreadsheets and formulas to:

1. Analyze the client's normal purchase pattern: Create a list of fictional purchases that Mrs. Filomena typically makes (within normal values) with an average of 7 purchases as an illustrative example.
   

2. Identify atypical purchases: Compare the contested purchases with Mrs. Filomena's normal purchase pattern and highlight those that deviate from the average and pattern.
   

3. Highlight the discrepancy: Present Excel formulas that calculate the average, standard deviation, and other relevant statistics to identify purchases outside the client's consumption pattern.
   

Spreadsheet 1: Mrs. Filomena's Fictional Purchases (Normal Purchase Pattern)

Analysis of Inconsistencies:

• The purchase amounts are far above the card limits and incompatible with Mrs. Filomena's income.
  

Spreadsheet 2: Mrs. Filomena's Contested Purchases

Purchases made in a short period, in different cities and states, making it impossible for Mrs. Filomena to have made them personally.

As evident, the purchases were made on 18/03/2023 and 19/03/2023, in different regions of Brazil (North and Southeast).

Purchases in establishments unknown to the client.

It is possible to identify that the client's usual purchases were made in João Pessoa, Paraíba, so we can assume that her bank registration also has her residential address linked to João Pessoa, Paraíba. Meanwhile, the purchases with exorbitant amounts compared to the client's purchase pattern were made in Manaus and São Paulo (North and Southeast of the country).

Additionally, we can use Excel's statistical formulas to determine the confidence level of the purchases made by the client.

1. Average: excel =AVERAGE(Sheet1!D:D)
   

2. Standard Deviation: excel =STDEV.S(Sheet1!D:D)
   

3. Z-Score: excel =(Sheet2!D2 - Sheet1!D1) / Sheet1!D2
   

4. Confidence Interval (95%): excel =Sheet1!D1 +/- 1.96*Sheet1!D2 (Note: +/- means "plus or minus.")
   

The formula to calculate the confidence interval in Excel is:

=AVERAGE(DATA) +/- Z * STDEV.S(DATA) / SQRT(COUNT(DATA))

(+/- means "plus or minus.")

Where:

• AVERAGE(DATA): The mean of the population or sample.

• Z: The Z-Score value for the desired confidence level.

• STDEV.S(DATA): The standard deviation of the population or sample.

• SQRT(COUNT(DATA)): The square root of the number of data points.
  

Example:

Suppose you have a sample of 100 data points with an average of 50 and a standard deviation of 10.

To calculate the 95% confidence interval, you can use the following formula:

= 50 +/- 1.96  10 / SQRT(100) =50 +/- 1.96  10 / 10 =50 +/- 1.96 =48.04 to 51.96

(+/- means "plus or minus.")

The 95% confidence interval indicates that, with 95% confidence, the population mean is between 48.04 and 51.96.

Observations:

• The Z-Score value for the desired confidence level can be found in Z tables or calculated using Excel's NORM.INV function.

• The confidence interval is an estimate of the population mean and is not an exact value.

• The sample size and standard deviation influence the width of the confidence interval.
  

Other Formulas to Calculate the Confidence Interval:

For 90% confidence intervals:

=AVERAGE(DATA) +/- 1.645 * STDEV.S(DATA) / SQRT(COUNT(DATA))

(+/- means "plus or minus.")

For 99% confidence intervals:

=AVERAGE(DATA) +/- 2.576 * STDEV.S(DATA) / SQRT(COUNT(DATA))

(+/- means "plus or minus.")

Application Example:

The confidence interval can be used in various fields, such as scientific research, engineering, finance, and quality control. For example, an engineer might use the confidence interval to estimate the average strength of a material based on a sample of tests.

Additional Resources:

• Microsoft article on confidence intervals

• Online confidence interval calculator

• Step-by-step guide on how to calculate the z-score

Interpretation of Results:

Mean: The average of Mrs. Filomena's fictitious purchases is R$ 107.14 per purchase.

Standard Deviation: The standard deviation of Mrs. Filomena's fictitious purchases is R$ 69.28.

Z-Score: The Z-Score for the disputed purchases is 117.44 and 393.44, indicating that they are significantly above the mean and outside the 95% confidence interval.

Conclusion:

The purchases disputed by Mrs. Filomena significantly deviate from her normal purchasing pattern, with values much higher than the average and standard deviation.

Excel formulas statistically confirm that these purchases are atypical and strongly suggest fraud.

Recommendations:

Mrs. Filomena should continue disputing the purchases and assert her consumer rights.

The card issuer should rigorously investigate the case, considering the spreadsheet data and formulas as strong indicators of fraud.

Observations:

This analysis serves as an example and can be complemented with other tools and analyses.

Excel formulas are one method to identify atypical purchases and should be interpreted alongside other information. Claim of card theft.

Analysis of transaction geolocation data (if available) shows purchases were made far from Mrs. Filomena's residence at the time.

Guidance and Suggestions:

For Mrs. Filomena:

File a police report, attaching evidence of disputed purchases and geolocation data (if available).

Example Police Report:

[POLICE LOGO] POLICE REPORT DATE: 2023-03-10 TIME: 10:00 AM LOCATION: Police Station - City Z NATURE OF INCIDENT: Fraudulent bank transactions

INCIDENT REPORT:

On March 10, 2023, Mrs. Filomena visited the City Z Police Station to report disputed transactions on her credit cards. Mrs. Filomena claims not to recognize two transactions made in the amounts of R$ 8,000.00 and R$ 27,000.00, respectively.

These purchases were made at various establishments across different cities and states within a short period. Such transactions are considered atypical for the client's consumption pattern.

Mrs. Filomena reports that her cards were stolen and that she has no knowledge of the passwords used to make these transactions. However, the Credit Card Administrator disputed the fraud claim, stating that the purchases were made with the cards' chip and PIN.

UNRECOGNIZED PURCHASES BY MRS. FILOMENA:

Mrs. Filomena requests a thorough investigation into the matter and appropriate legal action.

ADDITIONAL INFORMATION:

Witnesses: None.

STATEMENT

I declare that the information provided in this police report is true and to the best of my knowledge.

Mrs. Filomena's Signature [POLICE STAMP]

This police report has been filed under the number: 2023-000123 [POLICE OFFICER'S SIGNATURE]

Mr. Detective - City Z Police Station

[INSTRUCTIONS FOR USING THE POLICE REPORT]

This document is valid for registering a police report. It is recommended that Mrs. Filomena keep a copy of this report for her personal records.

For additional information or developments in the case, please contact a Police Station. Mr. Enganado's Case:

Summary of Facts:

Mr. Enganado disputed R$2,078.29 in credit card charges, claiming he did not recognize them.

The purchases were made online through a delivery app, increasing the risk of fraud. Mr. Enganado claims his card was stolen and he is unaware of the passwords used. The card issuer disputed the fraud claim, stating that the purchases were made with the card's chip and PIN.

Analysis of Inconsistencies:

• The purchase amount exceeds the card limit.

• Purchases were made in a short period and at virtual locations, increasing the risk of fraud.

• Claim of card theft.
  

Duties of the Credit Card Issuer:

The credit card issuer must investigate the case and verify if there was a security breach in their systems. Collaboration between customers, card issuers, and authorities is essential to combat this type of crime, while using tools like Excel can facilitate the analysis and resolution of cases.

Guidance and Suggestions:

• Mr. Enganado should contact the credit card issuer to request card cancellation and dispute the charges.

• File a police report.

• Contact the issuer to cancel the card and dispute the charges.

• Consider hiring an independent auditor to identify security flaws in the investigation.
  

Further Recommendations for Mr. Enganado (online shopping fraud):

Two-Factor Purchase Authentication: Enhanced Security for Your Transactions.

What is 2FA?

Two-factor authentication (2FA) via SMS and email is an additional security mechanism that protects your transactions against fraud and unauthorized access. This extra layer of security complements traditional measures like chip and PIN, purchase limits, and tokens, offering greater protection for your data and resources.

How it Works:

1. Make a purchase: When making a purchase online or in an app, the user enters their data as usual (amount, card, etc.).
   

2. Codes are sent: The system sends two unique codes, one by SMS and another by email, to the user's registered devices.
   

3. Purchase validation: The user needs to enter the two codes received in a specific field on the payment page.
   

4. Purchase confirmed: Only after the correct insertion of the codes, the purchase will be confirmed and processed.
   

Benefits:

• Increased security: 2FA makes it more difficult for fraudsters to make unauthorized purchases because they need to have access not only to your card but also to your devices.
  

• Protection against phishing: 2FA helps protect against phishing attacks because the codes sent by SMS and email are unique and specific to each transaction.
  

• Peace of mind for the user: 2FA offers greater peace of mind for the user, as they know their transactions are protected by an extra layer of security.
  

Example of Use:

Imagine you are buying a new smartphone online. At checkout, you enter your card details and then receive one code by SMS and another by email. You enter the two codes on the payment page and, after confirmation, your purchase is processed securely.

Other Security Mechanisms:

• Purchase limit: Set a daily or monthly purchase limit for your card to avoid high-value fraudulent transactions.
  

• Password for tokens: Use strong and unique passwords for tokens of much higher than average value, such as black credit cards or virtual cards.
  

Future Post on NFC Token:

In a future post, we will discuss in detail the NFC token and the specific security mechanisms for this contactless technology, such as encryption, biometric authentication, and transaction limits.

Two-factor authentication via SMS and email is a simple and effective security measure that can protect your transactions against fraud and unauthorized access. Use this tool in conjunction with other security mechanisms to ensure the protection of your data and resources.

Observations:

• The availability of two-factor purchase authentication may vary depending on the bank or financial institution.
  

• It is important to keep your contact information updated to ensure receipt of validation codes.
  

• 2FA does not completely eliminate the risk of fraud, but it makes it more difficult for fraudsters to act.
  

Adopt two-factor purchase authentication and have more security and peace of mind for your online transactions!

Case 3: Mrs. Furtadina

Summary of Facts:

Mrs. Furtadina disputed purchases on her credit card in the amounts of R$499.99 and R$999.99, claiming the card was stolen. The purchases were made shortly after the theft. Mrs. Furtadina contacted the issuer to request card cancellation and dispute the charges. The issuer contested the fraud claim, stating that the purchases were made with the card's chip and PIN.

Issuer's Acknowledgement:

Acknowledges the existence of establishments colluding with fraud, where customer data in digital wallets is appropriated to carry out transactions without the customers' consent.

Issuer's Position:

Opposes this type of practice and makes it clear in its contract that it cannot be held responsible for abnormal events or circumstances beyond its control.

Customer's Responsibility:

Handling the card and entering data in online commercial establishments, e-commerces, e-shops, and the like is the customer's responsibility.

Actions Taken by the Issuer:

• Applied block 48 (fraud carried out in the digital wallet modality) to Mrs. Furtadina's card.

• Released the credits in the loss due to fraud modality, which will be available on the customer's next invoice.
  

Observations:

• The issuer is not responsible for fraud in transactions made with the card's chip and PIN.
  

• The credit card holder is responsible for the debits made up to the time the theft/robbery block is applied, according to the contractual clause.
  

• According to the contractual clause, the password is non-transferable, and the card must be kept in safe custody, under penalty of maintaining the customer's debts in situations of carelessness. Therefore, the customer must be careful when writing down their password on a piece of paper, on the back of the card, or keeping it in the same envelope as the credit card.
  

• The disputed transactions may lead to uncertainty about the veracity of the information presented by the customer, since in case of theft or robbery, the commonly used purchase method would be an online typed transaction, in addition to requiring more information, such as CPF/RG and other data of the holder.
  

• According to the contractual clause, the issuer cannot be held responsible for fortuitous events related to establishments, thefts, robberies, purchases in establishments, and fraud, since these are not under the issuer's control.
  

• According to Special Appeal No. 1.633.785 - SP (2016/0278977-3), the jurisprudence of the Superior Court of Justice (STJ) has removed the responsibility of financial institutions on the grounds that the personal card and its password are for the exclusive use of the account holder.
  

• Mrs. Furtadina should be cautious when using her card and entering her data in online establishments.
  

Recommendations:

• Use virtual cards for online purchases.
  

• Register your cell phone in the SMS Token mechanism with the Credit Card Administrator to receive transaction notifications.
  

• Keep registration data updated.
  

• Monitor bank statements regularly.
  

• In case of suspected fraud, contact the issuer to block the credit card.
  

In-Person Purchase Authentication via SMS: Enhanced Security for Your Transactions

In-person purchase authentication via SMS is a new security mechanism that offers additional protection against fraud and unauthorized access in transactions made in physical stores. This extra layer of security complements traditional measures like chip and PIN, purchase limits, and tokens, ensuring greater peace of mind for your data and resources.

How it Works:

1. Make a purchase: When making a purchase at a physical store, the user inserts their card into the payment terminal.
   

2. SMS sent: The system sends an SMS to the user's registered cell phone number with information about the transaction, such as date, time, amount, description of the establishment and product (when possible).
   

3. Purchase validation: The user needs to reply to the SMS with "YES" to confirm the transaction.
   

4. Payment released: Only after confirmation via SMS, the payment will be released and the card limit updated.
   

Benefits:

• Increased security: SMS authentication makes it more difficult for fraudsters to use your card in physical stores, as they need to have access to your cell phone to confirm the transaction.
  

• Protection against card theft and loss: Even if your card is stolen or lost, fraudsters will not be able to make purchases without the confirmation code sent by SMS.
  

• Peace of mind for the user: SMS authentication offers greater peace of mind for the user, as they know their transactions are protected by an extra layer of security.

Example of Use:

Imagine you are buying clothes in a physical store. At checkout, you insert your card into the payment terminal and then receive an SMS with information about the transaction. You check if the data is correct and reply to the SMS with "YES". After confirmation, the payment is processed securely.

Enhanced Security:

• Time limit for response: The SMS has a time limit for response, preventing fraudsters from using the code to confirm transactions later.
  

• Blocking after invalid attempts: After a certain number of invalid attempts to reply to the SMS, the card may be blocked for security.
  

• Transaction cancellation: The user can cancel the transaction at any time by replying to the SMS with "NO".

Conclusion:

In-person purchase authentication via SMS is an innovative security measure that offers additional protection against fraud and unauthorized access. This tool, together with other security mechanisms, guarantees greater peace of mind for your purchases in physical stores.

Observations:

• The availability of in-person purchase authentication via SMS may vary depending on the bank or financial institution.
  

• It is important to keep your contact information updated to ensure receipt of the confirmation SMS.
  

• SMS authentication does not completely eliminate the risk of fraud, but it makes it more difficult for fraudsters to act.

Adopt in-person purchase authentication via SMS and have more security and peace of mind for your transactions in physical stores!

Case 4: Mr. Tokenizado

Mr. Tokenizado disputed three purchases on his credit card, totaling R$2,694.59, claiming he did not recognize them. The transactions were made in a short period and using the NFC token modality. After the disputes, the card was blocked by the Credit Card Issuer. The institution acknowledged a flaw in the security system.

Analysis of Inconsistencies:

The purchases in a short period raise suspicions of fraud, especially considering that the customer does not recognize the transactions. The use of the NFC token increases the uncertainty about the veracity of the information. The flaw in the issuer's security system is also a relevant factor.

Flaws in the NFC Security System of the Credit Card Issuer:

Flaws in the NFC security system can occur in situations such as data interception during wireless transmission, vulnerabilities in the communication protocol, or even breaches in the device authentication process.

To avoid similar cases in the future, it is crucial that the credit card issuer invests in regular security updates, robust encryption, continuous monitoring of transactions, and user education on safe NFC practices.

Daily Limit Editing by the User:

Users generally have the option to edit the daily limit of their transactions through the apps or online platforms provided by the credit card issuer. This functionality allows customers to adjust the limit according to their needs and financial preferences. Usually, it is enough to access the security settings of the app or website and select the option to edit the daily limit.

Conventional Average Limit for NFC Purchases and Password Requirement:

The conventional average limit for NFC purchases, which do not require chip and PIN validation, varies according to the security policies of each financial institution. Normally, this limit is set at lower values, usually between R$50.00 and R$100.00, for transactions considered low risk.

However, above this limit, many banks require the insertion of the credit card password as an additional layer of security, aiming to prevent fraud in higher value purchases. It is important that users are aware of these limits and practice responsible use of their credit cards, especially in contactless transactions.

Guidance and Suggestions:

The Credit Card Issuer should refund the amounts of the disputed purchases and investigate the flaw in the security system. Mr. Tokenizado should keep his card in a safe place and monitor his transactions regularly.

Practical Examples with Excel:

• Use spreadsheets to organize information about disputed purchases, such as date, amount, and establishment.
  

• Monitor all your purchases and statements through spreadsheets.
  

• Excel formulas can help identify patterns and anomalies in transactions.

Response from the Credit Card Issuer:

The Credit Card Issuer acknowledged the fraudulent purchases and refunded the disputed amounts. In addition, it is investigating the security system flaw to prevent similar cases in the future.

Common Frauds in Banking Transactions:

• NFC Cloning via Cell Phone: In this scam, fraudsters use malicious devices or apps to capture information transmitted via NFC, usually in crowded public places. With this data, they can carry out unauthorized transactions or clone the victim's card.
  

• Chupa-cabra Credit Card Machine: These tampered machines are able to copy the data of inserted cards, allowing criminals to obtain sensitive customer information for fraudulent use.
  

• False Display on the Machine Screen: In this scam, fraudsters install a false display over the machine's display, showing false information or asking the customer to enter their password. With this, they are able to capture the card data and the customer's password.
  

• Appropriation of the Customer's Password: Obtaining the customer's password can occur through various techniques, such as direct observation during typing, phishing via email or SMS, or even through skimming devices installed on ATMs.
  

• Phishing: Scammers send fake messages via email, SMS, or social media, inducing users to provide personal information, such as credit card numbers, passwords, and identification data, under the pretext of security updates or fake promotions.
  

• Online Shopping Fraud: Using cloned credit cards or stolen data, fraudsters make purchases in virtual stores without the authorization of the legitimate cardholders.
  

• Card Switching at ATMs: Criminals manipulate ATMs to retain the customer's card after insertion, inducing them to use another card while retrieving the original for fraudulent use.
  

• Card Forgery: Fraudsters create fake cards with stolen or cloned data, which are used to make illegal purchases or withdrawals.

These are just a few examples of scams commonly used by fraudsters and counterfeiters, both in Brazil and in other parts of the world. It is essential that consumers are aware and adopt security measures to protect their financial information and avoid falling into traps.

General Observations and Recommendations:

• The issuer is not responsible for fraud in transactions with the card's chip and PIN.

• Customers should be cautious when using their cards, especially in online purchases.

• It is recommended to use virtual cards for online transactions, register your cell phone to receive notifications, and keep your registration data updated.

• In case of suspected fraud, it is essential to immediately contact the issuer.

Case 5: Mrs. Ressarcida: An Example of Efficient Resolution for Online Shopping Fraud

Data Source (access from 11 a.m. to 5 p.m. on March 23, 2024)

This case study used several reliable sources to support the analysis and suggestions:

Official Bodies:

• Central Bank of Brazil (Bacen): https://www.bcb.gov.br/

• Procon

• Superior Court of Justice (STJ): https://www.stj.jus.br/

Private Entities:

• Microsoft: https://www.microsoft.com/pt-br/

• Boa Vontade TV

Language Models:

• Gemini:

• Chat GPT:

• Copilot and Bing Creator

Other Sources:

• Caixa Econômica Federal: https://www.caixa.gov.br/

• Article 42 of the Consumer Protection Code (CDC)

• STJ Jurisprudence

Additional Information:

• Fictitious data: The data used in the case studies are fictitious, but they represent real fraud situations.

• Contractual clauses: The contractual clauses of the credit card issuer were considered in the analysis of the cases.

• Issuer's responsibility: The responsibility of the credit card issuer in cases of fraud is a complex issue and depends on the circumstances of each case.
  

Observations:

• The data sources were used to support the analysis and suggestions, but they are not the only possible sources.

• It is important to consult other sources of information to have a complete view of the topic.