Due to the fact that a card is a physical device that customers are responsible for safeguarding, there are risks associated with losing or misplacing the card or having card information stolen. In addition, with the significant increase in online card payment transactions, risks related to online fraud or theft of card information can also occur for customers, specifically as follows:

1. Customer loses or misplaces the card

In such cases, someone who finds the card or a thief who steals the card can use it at POS terminals or make online purchases on websites that do not require 3D-SECURE authentication.

2. Customer falls victim to fraud or card information theft

a. Direct information theft schemes

Fraudsters install skimming devices (data capture tools) or place hidden cameras at ATMs to steal customers' card information. Additionally, criminals may use thermal imaging cameras to capture heat signatures from customers' hands to determine the PIN code. They can also steal card data by installing malicious software on ATMs.
Fraudsters can be employees of businesses that accept cards. When customers present their cards for payment, these criminals discreetly steal the card information.
Customers make online transactions at online card payment service providers and fall victim to criminals who steal card numbers, expiration dates, and/or CVV/CVC numbers of the genuine cardholders to conduct fraudulent transactions at online card payment service providers.

b. Indirect information theft schemes

(b.1). Scams targeting the theft of banking service information

Fraudsters aim to steal customers' banking service information, allowing them to access and withdraw funds from accounts. Some common methods of stealing this information include:

- Impersonating a website or fan page: Fraudsters pose as family members or acquaintances and claim they will transfer money to the customer. They send the customer a fake link (usually mimicking a bank's website or an international money transfer company's website) and request confirmation of information. The customer accesses the fake link and provides the fraudster with electronic banking service information (username, password, OTP code) or card information (card number, expiration date, CVV/CVC security code, OTP code).

- Creating fake fan pages on social media: Fraudsters create fan pages pretending to be banks or organizations offering e-wallet services. These fan pages often use logos, images, and content copied from official fan pages. The fraudsters approach customers to offer product and service advice and request personal information such as job details, income, etc., for fraudulent purposes or to redirect customers to black-market credit services.

- Buying domain names that closely resemble the addresses customers intend to visit (differing by only a single character in the domain) and designing the interface of the site to closely mimic the real website, causing customers to believe it's the official site. This allows the fraudsters to steal data when customers enter it.

- Impersonating winning messages, warnings, or requests for customers to send card information or click on accompanying links and enter service information for the benefit of the fraudster.

- Impersonating banks or other entities, sending messages about winning prizes, and requesting customers to click on fake links.

- Some examples of fake links include:

http://www.www-vietcombank.com.vn/

http://www.homebank247.com/

http://mail.www-vietcombank.com.vn/

http://western-union-quocte.wixsite.com/ibanking

….

c. Spyware installation schemes

Fraudsters deceive customers into installing spyware or spy applications to steal their information, including service details and OTP passwords sent to their phones.

d. Impersonation schemes

- Impersonating bank employees/employees of electronic wallet service providers, asking customers to verify their information for service upgrades.

- Impersonating law enforcement agencies, courts, or prosecutors' offices, informing customers that they are related to a case involving smuggling, money laundering, drug trafficking, and requesting customers to provide service-related information for investigative purposes.

(b2). Deceptive Schemes Where Customers Transfer Money Themselves

- Fraudsters may impersonate relatives or friends and ask customers to transfer money.
- Impersonators may pose as postal employees, claiming that customers owe telecommunications fees or have parcels that require payment for delivery. They request customers to transfer money for telecommunications fees or shipping charges.
- Scammers may impersonate law enforcement agencies, courts, or prosecutors, notifying customers of their alleged involvement in smuggling, money laundering, or drug trafficking cases. They demand customers to transfer money to a fake law enforcement agency's account for temporary custody during the investigation.
- Criminals may impersonate bank employees, employees of large companies (such as telecommunications companies), or employees of organizations providing electronic wallet services. They inform customers that they have won a prize and ask them to transfer a fee to claim their winnings.