Study-on-fraud-prevention-in-the-CR by liwenting

VIEWS: 2 PAGES: 41

									            FRAUD-PREVENTION PROJECT FOR NON-CASH PAYMENTS




    A STUDY OF FRAUD IN NON-CASH PAYMENTS IN THE CZECH REPUBLIC




 AUTHORS:


 Dr. Ing. František Klufa, Czech Financial Arbitrator
 JUDr. Petr Scholz, Ph.D., Deputy Financial Arbitrator




 Prague, November 2008




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR         -1/41 -
 1.     Objective of the study
 The objective of the study is an analysis of the present situation for fraud in non-cash payments
 in the Czech Republic, the presentation of statistical data related to the issue, an outline of
 potential solutions and measures for providers of those services, and the submitting of specific
 methods for protection against potential misuse for consumers.

 2.     Payment instruments used in the Czech Republic

 2.1.       Cash payments
 Traditionally coins and banknotes are the most commonly used payment instrument. Coins and
 banknotes are accepted and paid out in banks, post offices and ATMs throughout the Czech
 Republic. Following the founding of the Czech Republic in 1993 new coins and banknotes
 were gradually issued with better security features in line with European standards. Banknotes
 are issued in eight denominations (CZK 20, 50, 100, 200, 500, 1 000, 2 000, 5 000) and coins in
 seven denominations (CZK 0.50, 1, 2, 5, 10, 20, 50). On 31 October 2003 10 and 20 heller
 coins were no longer accepted. On 1 September 2008 50 heller coins and CZK 20 banknotes
 were no longer accepted. While CZK 50 banknotes are legal tender they are no longer printed,
 and only coins are minted with that value. Fraud in this field occurs primarily in the
 counterfeiting of money, i.e. the producing of counterfeits or the altering of genuine tender and
 their subsequent release into circulation as genuine coins or banknotes. As the exchange rate of
 the Czech koruna has become stronger, in recent years koruna banknotes have been
 counterfeited to a greater extent, especially the CZK 1 000 banknote. The authorities concerned
 have also seized counterfeit euros and dollars. Tackling fraud of this kind is a matter for the law
 enforcement authorities. To avoid fraud the bank of issue has published prospectuses that
 specific the parameters and features for recognising genuine coins. See annex no. 1 for an
 example of such a prospectus and annex no. 2 for the security features for banknotes.

 2.2.       Non-cash payments
 The methods for non-cash payments most frequently used in the Czech Republic are credit
 transfers, direct debits, payment cards, ATMs, electronic purses and payments by mobile




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                       -2/41 -
 phone. Less frequent methods are cheques, bills of exchange, promissory notes, premium-rate
 telephone numbers and other methods. Those methods for non-cash payments in the Czech
 Republic are described in detail below. Developments in credit transfers are clearly towards
 electronic credit transfers, which eliminate the need for personal visits to institutions and offer
 maximum ease and speed of payment. Those methods are preferred not only by the population
 but also by institutions, which offer price and other incentives to motivate their clientele.
 In non-cash payment money is transferred from the payer’s account to the beneficiary’s
 account. The execution of non-cash payments is reserved for financial institutions, i.e. the
 banks at which clients have deposited money. The sole system for interbank payments in Czech
 koruna in the Czech Republic is the CERTIS (Czech Express Real Time Interbank Gross
 Settlement) system. CERTIS began operating on 8 March 1992. Each participant in the
 CERTIS system is uniquely identified by its bank code, which is an obligatory component of
 every bank transaction. Additional numerical codes are used in payments. The creation and
 operation of the CERTIS system and the rights and duties of participants are stipulated by the
 Payment System Act. Accounts for interbank payments are maintained at the CNB on the basis
 of account agreements concluded with participants pursuant to the Commercial Code. Those
 agreements stipulate uniform standards and legal and technical conditions for maintaining
 accounts and relaying and processing data from interbank payments for all participants. Direct
 participants in interbank payments are banks that are licensed to operate as banks, branches of
 foreign banks and credit unions. CERTIS, which is located at the CNB head office, only
 communicates with the head offices of the individual banks. The CNB maintains only one
 interbank payment account for each bank. That means that banks must first internally process
 all data from their branches and then extract transfers to other banks.

 2.2.1.            Credit transfers
 Credit transfers are the most widespread form of non-cash payment in the Czech Republic and
 are used primarily by legal and natural persons to make payments arising from contracts,
 although any form of payment is admissible. Banks also execute transfers on behalf of their
 clients for regularly repeated payments (e.g. rent and utilities) on the basis of standing orders.
 Clients may submit payment orders in electronic or documentary form. Banks currently provide




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                        -3/41 -
 various kinds of electronic services and the majority of payment orders are submitted in
 electronic form. The time limits for credit transfers are stipulated by the Payment System Act.
 If a credit transfer is within a single bank the beneficiary’s account is credited on the same day
 the payer’s account is debited. In interbank credit transfers the beneficiary’s account is credited
 on the next day, or at the latest on the second working day following the day on which the
 payer’s account is debited; interbank credit transfers should therefore not exceed three working
 days. In practice interbank credit transfers are generally executed within two days. The period
 between submitting an order to the bank and debiting from the payer’s account is the subject of
 an agreement between a bank and its client. In normal cases if a payment order is submitted in
 the morning the payer’s account is debited on the same day.
 Pursuant to Act No. 124/2002 Coll. a transfer is defined as an operation conducted on the basis
 of an order which the originator submits to his or her transfer institution for the purpose of
 transferring funds to the beneficiary. A transfer can be made within a single transfer institution,
 or between two institutions within a single country, or for payment abroad. Transfers are
 executed on the basis of submitting a completed document, which may be a payment order, a
 direct debit order, a collective payment order, a standing order for domestic payments or a
 payment order for payments abroad. Those documents must satisfy the stipulated particulars,
 which include the account details of the payer and the beneficiary (consisting of the account
 number and the bank identification code), the currency, the amount, the date of issuing the
 order and the signature of the originator, while for a foreign payment order or direct debit it is
 also necessary to include the name and address of the beneficiary’s financial institution and the
 purpose of the credit transfer. Transfers of funds in the Czech Republic are executed by means
 of the Czech National Bank’s clearing centre on the basis of an agreement concluded with the
 institution in question. Institutions are obliged to execute the transfer of funds within the time
 limits stipulated by Act No. 124/2002.

 2.2.2.           Direct debits
 Direct debits are routinely used in the Czech Republic for certain kinds of payments, especially
 for energy and telecommunications fees and payables arising from certain contracts. A
 precondition is a mandate from the payer in which the payer specifies the beneficiary’s account




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                       -4/41 -
 number and the maximum amount to be debited. The payer’s bank does not verify any
 agreement concerning the mandate that may exist between payer and beneficiary. Unlike a
 credit transfer the beneficiary of the payment gives his or her bank a direct debit order.
 Through the interbank payment system the beneficiary’s bank sends an electronic direct debit
 request to the payer’s bank. If the direct debit is admissible the payer’s bank transfers the funds
 to the beneficiary’s account; if not, the payer’s bank does not execute the payment and sends
 the beneficiary’s bank a report on its rejection. The time limits for direct debits are stipulated in
 a CNB decree from 2004. If a direct debit is transacted within a single bank the beneficiary’s
 account is credited on the same day the payer’s account is debited. For an interbank direct debit
 the payer’s account is debited on the second or at the latest on the third working day following
 the day on which the beneficiary submitted the direct debit order to his or her bank. The
 beneficiary’s account is then credited on the next day or at the latest on the second working day
 following the day on which the payer’s account was debited. Interbank direct debits should
 therefore not take longer than five working days.

 2.2.3.            Payment cards
 Payment cards have been used in the Czech Republic since 1990. Banks mainly issue debit
 cards under licence from MasterCard and VISA. American Express and Diners Club
 International also issue payment cards in the Czech Republic. Some institutions other than
 banks issue various types of cards (e.g. prepaid, credit and loyalty cards). A payment card is an
 electronic payment instrument that can be used for payment to a retailer or for purchases on the
 internet, or to withdraw cash from an ATM. A payment card is protected against misuse by a
 PIN, which is a numerical security code that is generated automatically and known only to the
 cardholder, and by the holder’s specimen signature on the reverse of the card. A payment card
 usually has a magnetic stripe (where data identifying the cardholder is recorded) or a chip (i.e. a
 microprocessor that holds the information required to verify the holder’s personal code; this
 technology is more secure and to date there have been no instances of its misuse), and some
 payment cards, known as hybrid cards, have both types of protection. A debit card is a card
 which the holder can use to draw funds up to the level of the balance on his or her account. The
 holder uses a credit card to draw credit extended by the institution, which is usually repaid on a




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                         -5/41 -
 monthly basis under a schedule agreed in advance. A prepaid card is a payment card that
 contains a limited amount of money that is gradually reduced as it is drawn. In many cases that
 amount can be renewed. These cards are usually used as customer loyalty cards such as
 telephone cards, for buying fuel, etc. They are equipped with chips. If a payment card is
 misappropriated and subsequently misused it is essential that the holder immediately block the
 payment card, i.e. prevent the further use of the card. The Criminal Code has been amended to
 include a special provision on payment card fraud in Article 249b “Unauthorised possession of
 a payment card”; see below.

 2.2.4.              ATMs
 An ATM is a device that is used for cash withdrawals by means of a payment card. It has a
 client zone and an operator zone. In the client or service zone there is a screen, a keyboard, a
 card reader, a cash slot and a receipt printer. In the operator zone, which is intended solely for
 servicing the ATM, there is a vault with payment and coding modules. The operator zone also
 includes a CPU, a journal printer, an operator screen and a keyboard. ATMs are usually
 multipurpose: after entering his or her PIN the cardholder has the option of withdrawing cash
 or ascertaining the balance on his or her account, and there may also be the option of topping
 up his or her mobile phone. ATMs are designed to prevent their being damaged, and for
 security reasons are usually mounted on the floor. Some institutions also equip their ATMs
 with camera systems that monitor illicit use.

 2.2.5.              Electronic money
 At present electronic money is only issued by non-banking organisations under licence from
 the CNB. Issuers of electronic money offer schemes based on cards. Issuers include e.g.
 passenger transport corporations, etc. If any undertaking in the Czech Republic (a legal or a
 natural person) as part of its activities accepts money from the public, and:
 •        its value represents a receivable from that undertaking;
 •        that monetary value is stored on an electronic money instrument (card, computer
          memory);
 •        the undertaking allows the payer to use that electronically stored monetary value to “pay”
          other undertakings for goods and services;




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                       -6/41 -
 •     the undertaking then reimburses those undertakings for the goods and services provided
       on behalf of the “payer” and simultaneously reduces the “payer’s” electronically stored
       monetary value,
 that activity satisfies the characteristics of the issuing of electronic money in the sense of Act
 No. 124/2002 Coll., on Transfers of Funds, Electronic Payment Instruments and Payment
 Systems (the Payment System Act).
 Only undertakings listed in Article 18a of that Act are authorised to issue electronic money:
 •     banks and branches of foreign banks, provided that the activity of issuing and
       administering means of payment is stated in the licence granted to them;
 •     foreign banks, provided that they are authorised to issue means of payment within the
       territory of the Czech Republic under the single licence pursuant to the Act on Banks;
 •     credit unions for their members, provided that the activity of issuing and administering
       means of payment is defined in the licence granted to them;
 •     electronic money institutions (Article 18b);
 •     foreign electronic money institutions which carry on activities pursuant to this Act within
       the territory of the Czech Republic under the single licence – see the list of foreign banks
       providing services in the Czech Republic under the free movement of services without
       establishing branches (xls, 467 kB);
 •     the Czech National Bank;
 •     other undertakings on the basis of a Czech National Bank permit (Article 19).
 For the issuing of electronic money, the Czech National Bank grants:
 •     licences pursuant to Article 18b of that Act to non-bank joint-stock companies or
       European companies (pursuant to Act No. 627/2004 Coll., on the European Company)
       with registered office in the Czech Republic which issue electronic money as their main
       activity, or
 •     permits pursuant to Article 19 of that Act for other undertakings (legal or natural persons)
       who mostly issue electronic money with certain restrictions (see Article 19) in addition to
       their main activities – see the list of undertakings with CNB permits (xls, 25 kB) .
 The CNB grants licences and permits in administrative proceedings, which are currently free of
 charge.




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                      -7/41 -
 2.2.6.           Payment by mobile phone
 In the Czech Republic, as in other developed countries, the mobile phone has become an
 integral part of daily life. Banks have naturally adapted to that trend and have introduced the
 option for their clients to make payments by mobile phone, without the client needing to visit
 the bank. Practically all banks operating in the Czech Republic offer that service. Some banks
 have based their existence on telephone banking: they have a minimum number of branches
 and contacts with their clients and the execution of their payment orders is conducted primarily
 by mobile phone. The service is available to clients 24 hours a day 7 days a week and is
 available in all countries in which the mobile phone operator has a provider. Telephone
 banking can be used for practically all banking operations, both active (e.g. payment orders,
 standing orders, opening various kinds of accounts) and passive (e.g. checking account
 balances, etc.). Access to the system is based on various kinds of confidential information
 known only to the persons authorised. After dialling the relevant telephone banking number the
 client informs an authorised party of his PIN. Once that is verified the client is authorised to
 issue instructions for the funds on his or her account. In line with the client’s needs the
 cryptographic verification of the caller’s authorisation to use money on the account may be
 more sophisticated, e.g. by giving the client an optical key card, which after the client logs in
 with his or her password uses an algorithm to generate a numerical combination that must be
 approved by the banking system. Only then is the client permitted to use the funds on his or her
 account. Those are the most typical security features of telephone banking. If they are disclosed
 fraud may of course result, but keeping the PIN and other security features secret is above all a
 matter for the client. That obligation is part of the standard terms and conditions of the banks
 providing telephone banking and clients must confirm in writing that they have been
 familiarised with that obligation. Since the institution of Financial Arbitrator was established
 the Financial Arbitrator has tackled cases of fraud in which telephone banking has been
 misused by ordering unauthorised payments via mobile phone.

 2.2.7.           Cheques
 A cheque is a payment instrument. It is a security that includes the cheque issuer’s
 unconditional order to the bank to pay from his or her account the amount specified in the




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                     -8/41 -
 cheque to the authorised bearer. It is used for instance in cases where the beneficiary’s bank
 account details are not known, or the bank account details between the payer and the
 beneficiary are insufficient. In the Czech Republic the particulars and use of cheques are
 governed by the Bill of Exchange and Cheque Act No. 191/1950 Coll. A cheque must also be
 in written form and in a single language. The document must include the word “cheque”, an
 unconditional order to pay a certain financial sum, the name of the person who is paying, the
 place where payment should be made, the date and place of issuing the cheque and the
 signature of the cheque’s issuer. If any of those particulars is missing from the cheque the
 cheque is invalid. In 1994 the Guaranteed Cheque System was established in the Czech
 Republic, which according to the agreement between the founding banks uses a uniform
 document, a uniform guarantee card, the logo of the Guaranteed Cheque System and the
 maximum amount for which a cheque may be issued.
 The cheques most often used for payments are bank drafts, (i.e. cheques issued by a bank
 which give an instruction to another bank that verifies the solvency of the bank and whether
 funds are adequately covered) private cheques (i.e. cheques without a bank guarantee issued by
 a natural or legal person – for cheques of this kind it is necessary to verify that the funds are
 covered) and traveller’s cheques (the oldest type of cheque, most often used for travel abroad as
 a replacement for cash – it can either be used for payment directly or exchanged for cash).

 2.2.8.           Bills of exchange and promissory notes
 The conditions for use and the particulars that a bill of exchange or promissory note must
 include are defined in the Bill of Exchange and Cheque Act No. 191/1950 Coll., as amended,
 which is based on the Geneva Conventions on the law for bills of exchange and promissory
 notes. As well as the distinction between promissory notes and bills of exchange, they may be
 further distinguished according to whether they are payable at sight, at a fixed period after
 sight, etc. A promissory note must include these particulars:
 1 – the term “promissory note” inserted in the body of the instrument and expressed in the
 language employed in drawing up the instrument;
 2 – an unconditional promise to pay a certain sum of money;
 3 – the time of payment;




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                     -9/41 -
 4 – the place where payment is to be made;
 5 – the name of the person to whom or to whose order payment is to be made;
 6 – the date and the place where the promissory note is issued;
 7 – the signature of the maker.
 All promissory notes and bills of exchange are securities pursuant to the provisions of Article 1
 paragraph 1 of Act No. 591/1992 Coll., on Securities. If such a security lacks any of those
 particulars it is not valid as a promissory note, with the exception of the following cases:
 re 3 – a promissory note in which the time of payment is not specified is deemed to be payable
 at sight;
 re 4 – if not specified otherwise the place of issuing the promissory note is the place for
 payment and also the place of the maker’s domicile;
 re 6 – a promissory note which does not mention the place of its issue is deemed to have been
 made in the place mentioned beside the name of the maker.
 Further, so far as they are not inconsistent with the nature of these instruments, the following
 provisions relating to bills of exchange apply to promissory notes: endorsement, time of
 payment, payment, recourse in the event of non-payment, payment by intervention, copies,
 alterations, forfeiture, holidays, the calculation of time limits and the prohibition of days of
 grace. The provisions concerning bills of exchange payable at the address of a third party or in
 a locality other than the domicile of the drawee also apply to promissory notes: the stipulation
 of interest, discrepancies concerning the sum payable, the consequences of the signature of the
 promissory note under certain conditions, the consequences of signature by a person who acts
 without authority or who exceeds his authority, the provisions concerning a bill of exchange in
 blank, and the provisions on aval. It must also be stated that the maker of a promissory note is
 bound in the same manner as an acceptor of a bill of exchange, and that a promissory note
 payable at a certain time after sight must be presented to the maker to see within a time limit of
 one year, although the maker may reduce or extend that time limit and the endorser may reduce
 it. The time limit at sight commences on the day of sight confirmed by the maker’s signature on
 the promissory note. If the maker refuses to confirm and date a promissory note payable at
 sight, that must be authenticated by a protest and the time limit after sight commences on the
 date of the protest.




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                      -10/41 -
 Bills of exchange and promissory notes were widespread payment instruments in the Czech
 Lands, primarily in the later half of the 19th century, and they remained popular until the end of
 the 1950s (the first Bill of Exchange Law for the Czech Lands – i.e. Bohemia, Moravia and
 Silesia – was published on 1 October 1763). With the advent of the centrally-managed
 economy and the nationalisation of manufacturing companies those instruments practically
 disappeared from ordinary life and only functioned as payment and security instruments in
 foreign trade. The restoration of the market economy brought a certain revival of those
 payment instruments, but they are almost unknown to ordinary citizens and only play a very
 marginal role in the economy, and disputes concerning the fraudulent use of those instruments
 consist in non-payment. Those disputes are resolved in court. As they are not common payment
 instruments in the Czech Republic and the law stipulates the particulars they must include, to
 ensure that the rights ensuing from those instruments may be exercised forms for bills of
 exchange and promissory notes are sold in post offices and stationers. When a form is correctly
 completed both the maker and the acceptor may be assured that the instrument has all the
 particulars required by law. See annex no. 3 for a specimen form for a promissory note.

 2.2.9.           Premium-rate telephone numbers
 In the Czech Republic premium-rate telephone numbers are used for a wide variety of business
 activities such as divination using cards, astrology, adult chat lines, etc. Fraud occurring with
 those services consists in the specifying of an incorrect rate, or specifying the correct rate but
 redirecting after a certain time to a line with a higher rate, etc. The damages incurred by an
 individual rarely exceed a level that would result in such action being judged as an offence. For
 such action to be tackled by the law enforcement authorities there have been a number of cases
 where class actions have been brought. Such problems are not within the Financial Arbitrator’s
 jurisdiction.

 2.2.10.          Other means of payment

 A number of systems are used in the Czech Republic for payment on the internet. There are
 currently more than 1 000 internet shops in the Czech Republic.




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                     -11/41 -
 The popularity of payment for buying goods on the internet is increasing, but cash payment on
 delivery is the most frequent way of payment. 97% of internet shops offer cash on delivery
 sales and 70-80% of customers use this form of payment, whereas card payments are used in
 about 10% of cases. The situation abroad is exactly the opposite; payment on delivery is the
 preferred method for only about 12% of customers and is on the third place. Most internet
 transactions (about 80%) are realised by payment card.

 In Western Europe the proportion of payments for goods bought on the internet is 80%.
 However, there has been a 100% year-on-year increase in the Czech Republic and the
 popularity of this method of payment is rising very rapidly. For payment on the internet Czech
 banks offer retailers internet payment gateways supporting the 3D secure standard (e.g.
 PayMuzo). It is also possible to use less secure methods for payment by card on the internet:
 MO/TO transactions, entering the card number and validity on the retailer’s website. That
 payment method carries a high risk of misuse and unauthorised transactions. The PayPal
 system for paying for goods, widespread abroad, is not used for internet purchases in the Czech
 Republic. Czech citizens can use it when paying for goods bought from certain foreign internet
 shops, but the system deducts a certain amount for payments from the Czech Republic. A bank
 has developed the PaySec system, a Czech equivalent of PayPal for paying for goods bought on
 the internet, which was launched in the Czech Republic at the end of April 2008. To use this
 payment system it is necessary first to open an account with PaySec, which is neither
 complicated nor expensive, and then deposit funds in that account, as with an electronic purse.
 Funds can be deposited on the account in two ways: by transfer from a current account, or by
 using a payment card via PayMuzo. A client who wants to use PaySec may have an account at
 any bank. The maximum amount for a single purchase is CZK 60 000 and the charges for using
 it are acceptable: the first top up is free and subsequent top ups cost 2% of the amount credited,
 while there are no charges for purchases. This new model of paying for internet purchases has
 been relatively successful in the Czech Republic, and in its brief existence it has become the
 most dynamic payment method. It has already been used by over 10 000 internet users, who
 have spent more than CZK 15 billion on their purchases. PaySec is accepted by approximately
 100 internet shops. A disadvantage is that both the customer and the retailer must have
 accounts with banks that operate this payment system. Given PaySec’s short history it is not




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                     -12/41 -
 known if there have been any instances of fraud associated with it. If so they would come under
 the Financial Arbitrator’s jurisdiction.




 3.    Legislation on fraud
 Czech Law was harmonised with the law of the European Communities when the Czech
 Republic joined the European Union on 1 May 2004. In line with EU requirements for
 consumer protection and the prevention of fraud the institution of the Financial Arbitrator was
 established, amongst other measures. The Financial Arbitrator is a natural person and the
 institution was established for the purpose of protecting consumers by Act No. 229/2002 Coll.,
 on the Financial Arbitrator. Consumer protection is an integral component of the policies of
 countries with developed market economies.
 Proceedings before the Financial Arbitrator can be defined as the process of settling disputes in
 which a neutral third party, the Financial Arbitrator, acts as the arbitration authority.
 Proceedings before the Financial Arbitrator are governed by the aforementioned Financial
 Arbitrator Act and by Act No. 500/2004 Coll., the Rules of Administrative Procedure, as
 amended. Decisions by the Financial Arbitrator do not represent supervisory activity and are
 not supervision by an administrative authority, which the Financial Arbitrator is to some extent.
 In the sense of Act No. 229/2002 Coll. the Financial Arbitrator is a conciliation body.


 Summary of selected legislation against fraud in non-cash payments in the Czech Republic,
 including European regulations that have been incorporated:


 Act No. 140/1961 Coll., the Criminal Code, as amended:
 We list Articles 140, 141 and 142 as they offer protection for foreign non-cash payment
 instruments.
 -     Article 140 Counterfeiting and alteration of money
 -     Article 141 Presentation of counterfeit and altered money
 -     Article 142 Manufacture and possession of counterfeiting tools




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                         -13/41 -
 -     Article 143 Common provision (here we quote the provision in full: “The protection
 pursuant to Articles 140-142 is also extended to currencies other than the domestic currency,
 and to domestic and foreign non-cash payment instruments, and to domestic and foreign
 securities.”
 -     Article 249b Unauthorised possession of a payment card (here we quote the provision in
 full: “Whoever obtains without authorisation another person’s non-transferable payment card,
 identifiable by name or number, or an object capable of performing its function, shall be
 punished by imprisonment for up to two years, or by a fine, or by forfeiting articles or other
 asset values.”


 Act No. 40/1964 Coll., the Civil Code, as amended:
 -     Article 3 paragraph 1 – This provision has a special role as it stipulates that the exercise
 of rights and duties ensuing from civil law relationships may not be at variance with good
 morals. In some of his decisions the Financial Arbitrator has stated that the exercise of certain
 duties imposed by financial institutions and which resulted in detriment to consumers was at
 variance with good morals.


 Act No. 513/1991 Coll., the Commercial Code, as amended:
 Division XX Letter of Credit
 -     Article 682 - Article 688
 Documentary Letter of Credit
 -     Article 689 - Article 690
 -     Article 691 Other Letters of Credit
 Division XXI Collection Contract
 -     Article 692 - Article 696
 Documentary Collection
 -     Article 697 - Article 699
 Division XXIII Current Account Contract
 -     Article 708 - Article 715a
 Division XXIV Deposit Account Contract




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                     -14/41 -
 -     Article 716 - Article 719b
 Division XXV Traveller’s Cheques
 -     Article 720 - Article 724, which we quote in full: “Traveller’s cheques are not subject to
 the legislative provisions on bills of exchange and cheques.”


 Act No. 254/2004 Coll., on Restrictions on Payments in Cash, as amended:
 -     The act incorporates the requirements of an EU directive. For completeness we quote the
 full wording of the relevant provision.
 -     Article 4: “(1) The provider of a payment in excess of EUR 15 000 (hereinafter “Limit”)
 is obliged to execute that payment in non-cash form; that does not apply if the payment must be
 executed in cash pursuant to a special legal regulation.
 (2) For the purposes of this Act a payment in Czech or any foreign currency is converted to
 euros according to the exchange rate on the foreign exchange market reported by the Czech
 National Bank for the day on which payment is executed.
 (3) The Limit shall include all payments in Czech and foreign currency executed by the same
 provider of a payment to the same beneficiary on a single calendar day.
 (4) If a payment exceeds the Limit the beneficiary is obliged at the request of the provider of
 the payment to inform him without undue delay of the account number at the financial
 institution to which the payment is to be transferred.”


 Act No. 253/2008 Coll., on Selected Measures against the Legitimisation of Proceeds from
 Crime and the Financing of Terrorism


 Act No. 124/2002 Coll., on Transfers of Funds, Electronic Payment Instruments and Payment
 Systems (the Payment System Act), as amended:
 -     This Act incorporates the applicable regulations of the European Communities (Directive
 97/5/EC of the European Parliament and of the Council of 27 January 1997 on cross-border
 credit transfers; Directive 98/26/EC of the European Parliament and of the Council of 19 May
 1998 on settlement finality in payment and securities settlement systems; Directive 2000/46/EC
 of the European Parliament and of the Council of 18 September 2000 on the taking up, pursuit




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                   -15/41 -
 of and prudential supervision of the business of electronic money institutions; Directive
 2000/46/EC of the European Parliament and of the Council of 14 June 2006 relating to the
 taking up and pursuit of the business of credit institutions – recast) and governs:
 a) transfers of funds in Czech currency within the Czech Republic and cross-border transfers
 (Article 2 paragraph 2),
 b) the issuing and use of electronic payment instruments,
 c) the establishment and operation of payment systems in any currency and the rights and
 obligations of the participants in such systems if the participants agree that such payment
 systems are to be governed by Czech law, and certain obligations of the participants in the
 payment systems operated under the laws of the member states of the European Union and of
 the other states constituting the European Economic Area.
 -     Article 18 incorporates Article 8 of Directive 97/7/EC of the European Parliament and of
 the Council of 20 May 1997 on the protection of consumers in respect of distance contracts:
 “Remote use of electronic payment instruments
 If an electronic payment instrument has been used,
 a) without physical presentation, or
 b) without an identification of the holder with a personal identification code or similar proof of
 identity where the nature of the electronic payment instrument precludes physical presentation,
 and if the holder declares that he did not use the electronic payment instrument himself, he
 shall be entitled to require the issuer to refund without delay the funds withdrawn as a result of
 such use of the electronic payment instrument.”


 Decree No. 62/2004 Coll., stipulating the manner of execution of payments between banks and
 settlement on accounts at banks, and the technical procedures to be used by banks for corrective
 settlement
 -     The Decree of the Czech National Bank regulates the manner of execution of payments
 between banks and branches of foreign banks, settlement on accounts at banks within the
 Czech Republic in Czech currency and the technical procedures to be used by banks for
 corrective settlement.




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                     -16/41 -
 4.     Processing statistical and similar numerical data
 In the Czech Republic there is no institution that comprehensively processes statistical data on
 the use of payment instruments, including data on their misuse. The Statistical Office has not
 conducted any collection of data from which the required data could be acquired. Statistics for
 payment cards are monitored by the Czech Bank Card Association, and other data has been
 taken from statistics produced by the company Factum Invenio.

 4.1.       CERTIS statistical data
 In 2007 the CNB’s clearing centre processed a total of 411.2 million items with a total value of
 CZK 174 854 billion (EUR 6 598.3 billion). The daily average number of items was 1.64
 million, and the average daily value of items was CZK 696.6 billion (EUR 26.3 billion).


                                 Average daily number of items




                              Average daily turnover (CZK billion)




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                   -17/41 -
                              Average daily number of items in 2007




                           Average daily turnover in 2007 (CZK billion)




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                      -18/41 -
 4.2.      Statistical summary of data on payment cards in the Czech Republic – BCA

 The Bank Card Association (BCA – http://www.bankovnikarty.cz) is an association of legal
 persons – banks and other organisations – who are interested in the expansion of payment cards
 in the Czech Republic and the coordination of work related to that expansion. The BCA
 negotiates with Czech and international payment card organisations on behalf of its members.
 The BCA produces quarterly statistical data on the Czech payment card market and publishes it
 on its website. Each year it compiles that data into five-year periods, and the following
 statistics cover the years 2003 to 2007.


           4.2.1. Issuing payment cards

 In the Czech Republic banks primarily issue MasterCard and Visa cards as well as proprietary
 Czech cards, although the latter are in decline. The BCA statistics currently include non-bank
 cards from American Express, Diners Club and CCS issued in the Czech Republic. The
 following tables and graphs present the trend for the number of active cards (cards registered in
 issuers’ databases as usable):

               year                          2003      2004      2005      2006      2007
               Total number of cards    6 373 591 6 867 733 7 390 357 7 865 227 8 623 124
               of which: chip           1 428 732 2 166 418 2 830 302 3 488 627 5 811 912




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                    -19/41 -
               credit (including charge)   203 274   372 933   971 911 1 261 606 1 648 977
               debit                     5 829 857 5 873 728 6 418 446 6 603 621 6 974 147




                                                              Total number of cards
                                                              of which: chip
                                                              credit (including charge)
                                                              debit


 Looking at year-on-year growth reveals fluctuations in the increase in classic debit cards and
 increasing interest among issuers and customs in chip cards. Credit cards have stabilised at an
 annual growth around 30%, following a maximum in 2005:

               Year-on-year growth (%) 2003/2002 2004/2003 2005/2004 2006/2005 2007/2006
               Number of cards             20.35       7.75      7.61      6.43      9.64
               of which: chip              78.47     51.63     30.64     23.26     66.91
               credit                     108.21     83.46    160.61     29.81     30.60
               debit                       12.24       0.75      9.27      2.89      5.61

              4.2.2. The use of payment cards issued in the Czech Republic

 The following data characterises the use of payment cards from Czech issuers (the BCA
 “Issuing” statistical group) for payments to retailers and cash withdrawals from ATMs, both in
 the Czech Republic and abroad:

              Payments to retailers by card:

                                                       2003       2004        2005        2006        2
               Number of payments                67 652 432 83 493 644 99 756 686 116 890 828 137 899
               Volume of payments (CZK thousand) 77 588 299 91 727 996 114 584 198 133 746 846 155 830
               Average payment (CZK)                  1 147      1 099       1 149       1 144       1




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                      -20/41 -
                                                                 Number of payments

                                                                 Volume of payments
                                                                 (CZK thousand)

 The number and volume of payments has risen steadily, with the greatest increase between
 2002 and 2003. The average value of a payment has been relatively stable and is slightly in
 excess of CZK 1 100:

                                                      2003       2004        2005        2006        2
              Number of payments                67 652 432 83 493 644 99 756 686 116 890 828 137 899
              Volume of payments (CZK thousand) 77 588 299 91 727 996 114 584 198 133 746 846 155 830
              Average payment (CZK)                  1 147      1 099       1 149       1 144       1

              ATM withdrawals using domestic cards in the Czech
              Republic and abroad

 In contrast, for ATM transactions a degree of stabilisation is apparent in the number of
 withdrawals with a rising amount of cash withdrawn, including an increase in the value of the
 average withdrawal. That is evidently the sustained influence of introducing and increasing
 charges for withdrawals and the distinction between machines operated by the cardholder’s
 bank and other ATMs. The “economic” behaviour of cardholders is the consequence:

                                                          2003         2004       2005           2006     20
                                                                                                        144 0
               Number of withdrawals               118 096 693 119 815 016 125 159 933 133 737 642          3
                                                                                                        531 2
               Volume of withdrawals (CZK thousand) 344 853 470 382 434 935 422 183 267 475 192 728         0
               Average withdrawal (CZK)                   2 920       3 192       3 373       3 553       36




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                  -21/41 -
              Ratio of payments to withdrawals

 The trend for the ratio of payments to withdrawals can be considered a sign of the maturity of
 the cardholders’ behaviour – in countries where payment cards have a longer tradition there are
 more payments than withdrawals, while in the early stages after introducing cards the reverse is
 true. In the initial years when payment cards operated in the Czech Republic withdrawals were
 as much as ten times higher than payments, but that ratio has gradually evened out, more
 rapidly for the number of payments/withdrawals than for the financial volume:

                                                 2003        2004        2005        2006        2007
               Number of payments          67 652 432 83 493 644 99 756 686 116 890 828 137 899 579
               Number of withdrawals      118 096 693 119 815 016 125 159 933 133 737 642 144 062 332
               Withdrawals/payments ratio          1.7         1.4         1.3         1.1         1.0




                                                           2003        2004        2005        2006
               Volume of payments (CZK thousand)     77 588 299 91 727 996 114 584 198 133 746 846 155
               Volume of withdrawals (CZK thousand) 344 853 470 382 434 935 422 183 267 475 192 728 531
               Withdrawals/payments ratio                    4.4         4.2         3.7         3.6




                                           2003   2004   2005   2006   2007
               Withdrawals/payments
               number ratio                 1.7    1.4    1.3    1.1    1.0
               Withdrawals/payments
               volume ratio                 4.4    4.2    3.7    3.6    3.4




              The payment cards acceptance network - Acquiring

 The acceptance network is an important characteristic of the payment cards market. In BCA
 that is captured by data in the Acquiring group, which covers data on the number of acceptance
 sites and payments by card to retailers contracted to Czech banks, and withdrawals of cash
 from ATMs installed by Czech banks in the Czech Republic. The statistics include transactions




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                   -22/41 -
 on all cards used in those outlets and ATMs, i.e. cards issued abroad as well as in the Czech
 Republic (by Czech banks we mean banks with banking licences valid for the Czech Republic).

 The following banks are licensed by international card associations to conclude contracts for
 the acceptance of payment cards (acquiring) in the Czech Republic: Česká spořitelna, a.s.,
 ČSOB, Unicredit Bank, a.s., Komerční banka, a.s., eBanka.

 The following table and graph show the trend for the number of outlets that accept payment
 cards:

                                              2003     2004     2005     2006     2007
              Number of outlets             48 723   51 393   54 667   53 265   54 340
              Number of payment terminals   31 678   37 394   44 661   41 875   50 529




                                 Trend for the number of outlets

                                                          Number of outlets
                                                          Number of payment terminals




              Year-on-year growth

              Year-on-year change in the number of outlets 2004/2003 2005/2004 2006/2005 2007/2006
              Number of outlets                                  5.48      6.37     -2.56      2.02
              Number of payment terminals                      18.04     19.43      -6.24    20.67

 The reduction in the number of retail outlets and service companies in 2006 compared with
 earlier years is a consequence of the dynamism of the market, with outlets opening and closing
 as economic conditions change and inactive outlets gradually being eliminated from banks’




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                     -23/41 -
 records. The initial relatively rapid increase in the number of electronic payment terminals
 slowed as it became necessary to replace them with newer models that accepted EMV-
 compliant chip payment cards in line with the requirements of the SEPA Card Framework.
 There are still reserves in the total number of outlets where payment by card is possible,
 especially outside large towns and cites.

              Trend for the number and volume of payments with domestic
              and foreign cards in outlets in the Czech Republic

                                                        2003        2004        2005        2006        2007
                Number of payments                80 373 983 99 072 963 120 342 199 137 414 580 159 110 446
                Volume of payments (CZK thousand) 92 558 911 117 977 852 142 735 769 165 619 320 190 019 145
                Average payment (CZK)                  1 152       1 191       1 186       1 205       1 194




                         Number and volume of payments by card

                                                                 Number of payments

                                                                 Volume of payments
                                                                 (CZK thousand)

              Year-on-year growth

               %                                 2003/2002 2004/2003 2005/2004 2006/2005 2007/2006
               Number of payments in outlets         89.11     23.26     21.47     14.19     15.78
               Volume of payments (CZK thousand)     79.93     27.46     20.99     16.03     14.73

 The statistics show a gradual yet marked slowdown in the rate of growth for purchases paid by
 payment card on the Czech market.




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                   -24/41 -
             Other information on the number of ATMs and their use for
             cash withdrawals

                             2003 2004 2005 2006 2007
             Number of ATMs 2 669 2 850 2892 3 096 3 599




                                         ATMs

                                                                   Number of ATMs

             Year-on-year increase in the number of ATMs

                                          2003/2002   2004/2003     2005/2004    2006/2005 2007/2006
             ATM year-on-year increase        13.57         6.78          1.47         7.05    16.24

 Following a slowdown the increase in the number of ATMs has accelerated in the last two
 years.

             Cash withdrawals using domestic and foreign cards in ATMs
             in the Czech Republic

                                                         2003        2004        2005        2006
             Number of withdrawals                116 825 220 126 816 788 133 508 321 145 681 337 152
             Volume of withdrawals (CZK thousand) 352 253 009 401 818 137 447 277 044 508 918 549 554




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                    -25/41 -
                                    Cash withdrawals

                                                   Number of withdrawals
                                                   Volume of withdrawals (CZK thousand)

               Year-on-year     growth 2004/200 2005/200 2006/200 2007/200
              (%):                            3        4        5        6
               Number of withdrawals       8.55     5.28     9.12     4.40
               Volume of withdrawals      14.07    11.31    13.78     9.05



 The growth of the market for ATM withdrawals in the Czech Republic has been strong but
 variable. If we appraise developments over the last five years the total number of payment
 cards issued in the Czech Republic has risen by a factor of 1.3, the number of credit cards by a
 factor of six and the number of chip cards almost fourfold. The number of ATMs has risen by a
 factor of 1.3. While the number of outlets accepting payment cards has only risen by a factor of
 1.02, the number of electronic payment terminals in outlets has increased by a factor of 1.3.
 The number of payments by payment cards from Czech issuers and their financial volume have
 doubled over the last five years. A positive trend is that the number and volume of payments by
 card has risen more rapidly than the number and volume of cash withdrawals from ATMs: the
 withdrawals/payments ration was 3.6 in 2006, compared to 4.4 in 2002 and 8.0 in 2000.

 5.    Overview and description of the individual forms of fraud

 This study discusses fraud in non-cash payments in the Czech Republic. In the work of the
 Financial Arbitrator from 2003 to the present two-thirds of all disputes settled by the Arbitrator
 involved the unauthorised use of payment cards, which are one of the most important




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                      -26/41 -
 instruments for non-cash payments in the Czech Republic. For that reason this chapter will
 focus on this type of fraud.

 Fraud can be divided into technical fraud and transaction fraud. Technological developments
 and perpetrators’ level of knowledge has resulted in rapid progress primarily in the technology
 for acquiring and misusing sensitive data. Misuse can be described as “attacks on payment
 instruments, e.g. payment cards” such as skimming, and “attacks on people’s trust” such as
 phishing.

 5.1.        Technical fraud
 Lebanese loop – this method, which only occurs rarely now, results in the payment card not
 being drawn into and ejected from an ATM. That is achieved by a device that the perpetrator
 installs in the ATM. The perpetrator remains nearby and offers the victim assistance with
 entering the PIN. That is unsuccessful and the victim leaves without the card, which the
 perpetrator then removes and uses it until it is blocked. Effective protection now exists against
 this method: banks have added protective adapters to ATMs. We first encountered this type of
 fraud in 2001.
 Hidden camera – the perpetrator uses a small hidden camera to ascertain the PIN, often
 combined with a Lebanese loop or skimming, sometimes during payment to a retailer.
 Protection consists in concealing the entering of the PIN, e.g. by covering the ATM keyboard
 with one hand. It is important to realise that mobile phones can be used as hidden cameras, and
 using a payment card without sufficient care can result in the card number, validity, CVVC
 code and signature being recorded, e.g. while paying in front of a queue at a retailers, where
 someone standing nearby can easy use a mobile phone to record those details.
 Touch sensors – a relatively rare way of acquiring a PIN that consists in installing sensors on
 an ATM keyboard, or e.g. on the door to a self-service zone. This method may be combined
 with theft, mugging or another way of obtaining the victim’s card. The best defence is caution
 when using a payment card.
 Counterfeit cards – counterfeits are mostly made by criminal groups from various parts of the
 world. After acquiring sensitive data a counterfeit is made and unlawfully used. The equipment
 used to manufacture counterfeits may be as small as a briefcase and a card can be produced




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                    -27/41 -
 within just a few minutes of obtaining the sensitive data. Card companies and banks have
 introduced a variety of security features against counterfeits.
 Misuse via the internet –a payment card or bank account may be directly misused via the
 internet, but there can also be the indirect misuse of a retailer’s database holding records of
 customers’ cards. That risk is practically eliminated in the Czech Republic thanks to the
 introduction of internet payments using 3D security. The risk may exist among American and
 Asian retailers, but in Europe it is minimal. The defence is to use only secure forms of
 payment; credit cards and virtual cards are suitable.
 Skimming – a technique in which the original data from a card’s magnetic stripe is
 electronically copied to another card without the knowledge of the cardholder. During copying
 the PIN and other data on the cardholder are recorded. It is not possible to copy all security
 features (e.g. CVC2/CVV2 codes) and the misuse of the counterfeit payment card produced is
 not possible without those security features, e.g. in ATM withdrawals, where the second code is
 checked. However, there are banks that do not check their cards’ security features and
 counterfeits can be used to make withdrawals from those ATMs.
 Phishing – a fraud based on trust that occurs when email is misused to obtain identity data. The
 risk generally consists in the victim entering the number of his or her payment card and other
 personal data into an email form; the email appears to originate from a bank but is fraudulent
 and if sensitive data is entered that may be shortly followed by the manufacture and misuse of a
 counterfeit payment card; e.g. several minutes later there may be a withdrawal from an ATM in
 another country.
 There are also viruses and trojan horses that are not spread by email. The data collected is not
 only on payment cards but also on access data for internet banking, telebanking and electronic
 purse applications.
 Spoofing – a technique that is not widespread in the Czech Republic. It is, however, one of the
 most dangerous weapons used for unauthorised access to networks. The essence of this fraud is
 that a particular network node masquerades as someone else to access information which would
 otherwise be inaccessible, or uses that person’s name to send something which the perpetrator
 could not, or not with the desired effect. Searches of servers or local networks may under
 certain conditions reveal sensitive data that can then be misused.




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                   -28/41 -
 Trashing – another technique based on obtaining sensitive data. It essentially involves sifting
 through trash to find a range of interesting information that many include passwords, source
 codes, etc. Documents should therefore be properly shredded and the removal and storage of
 “waste information”, both physical and electronic, should be secure.
 Simple theft – the simplest way of misusing a card. Until the loss is discovered and the card is
 blocked the thief can access funds by entering the PIN, if known, or make unauthorised
 payments to retailers. Retailers are, however, obliged to check the signatures on the receipt and
 on the reverse of the card. If a transaction is executed without proper identification of the client
 the transaction is authorised. Losses can be minimised by insuring against misuse.

 5.2.       Transaction fraud
 Misuse by the cardholder – the deliberate execution of a payment transaction or ATM
 withdrawal which is subsequently denied. Such cases are not common but do happen, but the
 cardholder, i.e. the perpetrator, risks prosecution.
 Misuse by a relative – the execution of an unauthorised payment transaction or ATM
 withdrawal by a close relative, child, friend or colleague. It is very easy for those persons to
 obtain payment card data, making it easy to misuse the payment card.
 Misuse by a person unknown – this type of misuse generally occurs with the theft or loss of
 the payment card, but also during transactions when the perpetrator exploits the victim. The
 group at risk mainly includes elderly people who are sometimes unfamiliar with using ATMs or
 making payments and someone offers to “help” them to e.g. withdraw cash, and the result is
 often the unauthorised obtaining or misuse of sensitive data from the payment card.
 Misuse of an undelivered card – most banks send payment cards to their clients by mail, with
 the PIN sent separately. Some cards and PINs dispatched in that way may however be misused
 due to incorrect delivery. A case is known where a payment card and then a PIN for a married
 couple was intercepted by their grandson and the card was then misused. Establishing liability
 for the delivery of the consignment was then a matter for an administrative authority. This type
 of fraud is not widespread, however.
 Remote payments – this involves the remote use of an electronic payment instrument without
 physically presenting it; the essence of this type of fraud is the misuse of sensitive data such as




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                       -29/41 -
 the name of the cardholder, the card number and validity to make payments on the internet.
 However, Article 18 of the Payment System Act stipulates that “if the holder declares that he
 did not use the electronic payment instrument himself, he shall be entitled to require the issuer
 to refund without delay”.
 Fraudulent card application – this type of fraud is not widespread in the Czech Republic. In
 essence it involves submitting a fraudulent application for a payment card for a person other
 than the one authorised to operate the account; security processes in banks prevent this type of
 fraud.
 Misuse by retailers – this type of fraud involves the unauthorised execution of corrective
 transactions without the consent of the cardholder; some types of undertakings such as hotels
 and car rental firms are authorised to execute such corrective transactions (e.g. for not reporting
 consumption from a minibar in a hotel or for damaging a hired car); however, as the transaction
 is influenced by the human factor, i.e. the person who executes that additional transaction,
 unauthorised transactions may be made. Subsequent claims to the cardholder’s bank are usually
 successful, but repaying the funds is restricted by a time limit for settling claims. Another
 opportunity for misuse is that after making a payment, e.g. in a restaurant, another payment
 card may be returned and the original is then misused.



 6.       Analysis of the situation
 Thanks to modern processing methods and new technologies payment is becoming faster and
 more sophisticated. Unfortunately financial crime has adapted to that trend.
 For example the first Lebanese loops appeared in Western Europe in 1999. They only began to
 appear in larger numbers in ATMs in the Czech Republic around two years later, i.e. with a
 considerable time lag. These days any new type of financial crime that appears in Western
 Europe, e.g. skimming, phishing, etc., occurs almost immediately in the Czech Republic. That
 is related not only to the strength and free convertibility of the Czech currency, the free
 movement of people, globalisation, etc., but also to the higher level of education of financial
 criminals. Perpetrators’ knowledge of electronic banking, which is misused most often, is at a
 higher level than the majority of consumers. There are of course still crude attacks to steal




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                      -30/41 -
 money, but there has been an increasing number of attacks on bank accounts by misusing
 payment cards and the unlawful use of internet and telephone banking.
 It is certain that those developments are linked with an increase in the number of ATMs and the
 volume of non-cash payments, and especially with the rise in payment cards, of which banks
 and other undertakings have issued more than 10 million, in a country with a population of
 approximately 10 million. Non-cash payment has become increasingly popular among Czech
 consumers; they request this option and payment cards are currently accepted at approximately
 53 000 outlets. However, in many cases Czechs are careless with their payment cards,
 recording their PINs on pieces of paper which they keep with their cards in their wallets, or
 storing them in their mobile telephones which they keep in their bags with their payment cards,
 or PINs are written on the payment cards themselves. If a bag or wallet is stolen with a
 payment card the thief then has no problem accessing funds on the victim’s bank account.
 There have also been cases of skimming on some bank’s ATMs; the Financial Arbitrator has
 not intervened in those cases as the banks in question reimbursed their clients after skimming
 was discovered. The situation for phishing is rather different: despite warnings from banks and
 the media banks’ clients breach the security regulations protecting their identification data and
 authorisation to access the money on their accounts, revealing them to unauthorised parties.
 The Financial Arbitrator has also intervened in cases of the misuse of telephone banking, when
 the security of the identification data was breached by an unauthorised party and money was
 stolen by using a mobile telephone to submit an unauthorised order. There have also been cases
 of breaches of internet banking security by submitting a credit transfer order on the internet for
 funds which are then collected by a “white horse”. In both cases, telephone and internet
 banking, the banks in question have strengthened their security measures and rules. Consumers’
 awareness of protection for payment cards and PINs remains low. The Criminal Code has
 responded to new developments in financial crime by introducing a number of new offences
 such as the unauthorised possession of a payment card, etc. A unit has been set up at the
 Ministry of Finance to combat money laundering and an act has been passed against money
 laundering, etc.
 In conclusion it can be said that the situation for financial fraud in the Czech Republic is,
 thanks to advancing globalisation, similar to the situation in other EU member states.




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                     -31/41 -
 Unfortunately criminals are one step ahead of consumers, who are not only careless but also
 relatively ignorant. For that reason the Financial Arbitrator welcomes the work of the Czech
 Consumer Association, which should help to improve increase Czech consumers’ awareness in
 that field.


 Despite criticisms raised by the Financial Arbitrator and other professionals the majority of
 banks have not incorporated in their standard terms and conditions the EU’s recommendation
 of restricting a payer’s liability for unauthorised transactions to a maximum of EUR 150 from
 the use of a lost or stolen payment instrument. Although that recommendation has been worked
 into specimen standard terms and conditions produced and recommended by the Czech
 National Bank for issuing and using electronic payment instruments, the majority of banks
 operating in the Czech Republic have rejected those recommendations. The situation will
 change at the latest by 1 November 2009, when the Czech Republic will have to bring legal and
 administrative regulations into harmony with Directive 2007/64/EC of the European Parliament
 and of the Council of 13 November 2007 on payment services in the internal market, where
 Article 61 explicitly addresses the payer’s liability for unauthorised payment transactions.



 7.    Brief recapitulation of the individual forms of fraud and options for protection
 As the above data and descriptions reveal, most fraud in non-cash payments in the Czech
 Republic involves the unauthorised use of payment cards, and that is why this final chapter
 focuses on this issue. In our opinion every effort must be made by all institutions, authorities
 and associations concerned to increase financial awareness among consumers in the Czech
 Republic. The Financial Arbitrator’s experience has demonstrated that Czech consumers
 remain unaware of the need to keep the passwords for their accounts and payment cards secret.
 The importance of such awareness is realised not only by consumer protection institutions, but
 also by the Czech Government, which has made introducing education on the matter in schools
 one of its objectives.




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                     -32/41 -
 7.1.          Options for protection against the misuse of payment cards
 In the Czech Republic protection against the potential misuse of payment cards is secured by
 the issuers of payment cards and card companies by constantly implementing new security
 measures preventing the misuse of this method for non-cash payments. The use of new
 technologies such as chip technologies for payment cards, payment terminals and ATMs has
 significantly reduced the risk of misuse. Cardholders are legally obliged, as is highly desirable,
 to use their payment cards in such a way that misuse is impossible. We have summarised ways
 of avoiding the potential misuse of payment cards, things to look out for and how to use
 payment cards in a kind of guide to using payment cards:
   -    Ensure the maximum security for your card; it is money in another form that can be
        misused
   -    Use your payment card in accordance with the card issuer’s conditions
   -    Know how many cards you have and where they are
   -    Regularly check your account and bank statements and report any problems to your bank
        immediately; use SMS information reports about transactions on your account
   -    Never lend anyone your payment card
   -    Never tell anyone the PIN for your payment card
   -    Never keep the PIN near the card
   -    In shops the staff cannot remove the card from your sight
   -    Always withdraw from ATMs yourself; cover the keyboard with your hands; make sure
        no one can see your hands as you enter the PIN
   -    Report the loss of your card to the bank as soon as possible – store the telephone number
        in your mobile phone
   -    Use payment cards with better security – a photograph is also a security feature
   -    Be as careful as possible when using your card – abroad, on the internet, in internet cafes,
        etc.
   -    Never reply to emails from a bank – banks do not communicate by email
   -    Use a secure computer – e-banking is only as secure as your computer




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                       -33/41 -
      -   When paying on the internet use secure payment gateways and use a virtual payment card
          for those payments, or open an additional current account with a payment card and use
          that card for payments on the internet, only adding the funds necessary to that account
      -   Cards are not only subject to mechanical damage but can also be damaged by mobile
          telephones and computers; for hybrid chip cards (with both a magnetic stripe and a chip)
          the chip can be disabled by brief freezing, after which only the magnetic stripe will work
      -   Insure your payment card against misuse



 8.       Disputes

          8.1. Judicial decisions

 It has not been possible to identify any disputes concerning fraud being settled in court as
 at the date of finalising this study.

          8.2. Extrajudicial solutions
                 8.2.1.1.       The use of electronic payment instruments
 I.
 The claimant sought compensation from an institution after a total of EUR 7 918.52 was
 withdrawn from his account by the misuse of a payment card.
 Since October 2004 the claimant had experienced problems with the functioning of the
 payment card. In response to that complaint the institution blocked the card owing to suspicions
 of its misuse, but subsequently unblocked it. In May 2005 the institution issued the claimant
 with a new card with the same number as the original card, but that new card did not work
 reliably and the claimant was unable to use it in June and July 2005. He informed the institution
 and visited it in person to seek remedy. In August 2005 he used the card to make a number of
 payments, but thereafter the card stopped working. At the end of October 2005 the claimant
 discovered that the card (the original or the replacement) had been used to make payments in
 France, although he had not been there at the time of the transactions.




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                       -34/41 -
 To establish the facts of the case the Arbitrator requested the opinion of an expert witness. The
 expert’s opinion confirmed that the claimant had not checked transactions made with the card
 for a period of one year, despite having had problems with using the card. In the institution’s
 opinion that meant the claimant was largely responsible for the large number of fraudulent
 transactions, which would have been discovered if the claimant had regularly monitored
 statements from the card account.
 Nevertheless the Arbitrator sought to settle the dispute by conciliation that would have
 compensated the claimant for the damages that arose in consequence of the issue of the second
 card with the same number as the first card, but that proposal was not acceptable to either party.
 That exhausted the possibilities for conciliation that the Arbitrator has under the Financial
 Arbitrator Act.
 For those reasons the Arbitrator decided to reject the claimant’s petition.


 II.
 According to the claimant her reputation was harmed during the processing of a request to
 increase the credit limit for an additional credit card in the name of a member of her family.
 She therefore sought compensation of CZK 1 120 from the institution for time wasted and
 telephone calls, including compensation for the harm done to her reputation.
 The claimant informed the Arbitrator that she had telephoned the institution to request an
 increase to the credit limit for the additional credit card and that such requests are normally
 processed within five working days. She subsequently pursued and then complained about that
 request. The limit was increased much later, and she was informed of that by the institution in
 writing by mail.
 In her petition the claimant also stated that during the processing of her request her reputation
 was harmed, as she had had to make payment for accommodation services abroad using other
 sources of finance.
 In her petition she also disagreed with the wording of the Standard Terms and Conditions for
 Credit Card Holders (hereinafter “Standard Terms”) published by the institution and stated that
 she, as the client, had no opportunity to amend the wording so that the Standard Terms were
 admissible to both parties.




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                     -35/41 -
 The credit limit for the additional credit card was raised after eight working days. As the
 institution’s Standard Terms do not stipulate any time limit for processing clients’ requests the
 institution was not at fault in this matter.
 The Arbitrator could not approve the claimant’s request for compensation of CZK 1 120 for
 time wasted and telephone calls, as despite repeated requests the claimant did not present any
 documents to substantiate that expenditure.
 The institution did not breach any of the legal obligations ensuing from the contractual relation
 with the claimant, nor did it breach any of the provisions of the Payment System Act. For those
 reasons the Arbitrator decided to reject the claimant’s petition.


 III.
 The claimant sought from an institution the refund of CZK 248.54 withdrawn from the
 claimant’s account. He justified his petition on the grounds that he had opened a student
 account and after receiving a payment card and its PIN he wanted to use the “AA” service the
 institution offered. He received a numerical code and used it as instructed. The result of that
 attempt was a message that the claimant was not a client of that institution. The claimant
 repeated that attempt several times with the same result. The claimant therefore lodged a
 complaint and requested the refund of the money invested in a service that was not functioning.
 The Arbitrator learned that a caller whose voice did not resemble the claimant’s voice had
 telephoned the institution. After going through the security procedure the telephone banker
 ended the call for reason of potential misuse. The institution’s telephone centre went through
 earlier calls with the claimant and a comparison of the voices confirmed that the holder of the
 telephone banking account had a voice that was clearly younger than the caller.
 The telephone centre employee then contacted the claimant on the telephone number in
 question. The call was again taken by a man with an older voice who claimed to be the
 claimant. The call was terminated for security reasons and that information was passed from
 the telephone centre to the relevant banking advisor. The claimant’s father subsequently visited
 a branch of the institution and admitted that he had contacted the telephone banking service on
 behalf of his son.




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                    -36/41 -
 The Arbitrator stated that the claimant had breached the institution’s contractual terms by
 entering his PIN for the “AA” service instead of his identification number, which was his birth
 registration number. That resulted in increased costs for the claimant (the telephone charges for
 the service). The institution had not caused any harm to the claimant.
 For those reasons the Arbitrator ruled to reject the claimant’s petition. As during objection
 proceedings he learned that the institution had settled with the claimant, he subsequently
 revoked the contested ruling and discontinued proceedings.


 IV.
 Proceedings were commenced on the basis of a petition concerning internet banking.
 According to the claimant he had been misled by an institution, as on its website it offered
 clients a service whereby it would send an account statement free of charge. However, when
 the claimant took up that offer he found that the institution had charged him CZK 80 for that
 service, as the resending of the statement.
 The claimant complained to the institution, which admitted its error and amended the
 information on its website, but did not reimburse the claimant. The claimant therefore
 contacted the Arbitrator.
 During the presentation of evidence the institution stated that it had transferred CZK 80 to the
 claimant’s account.
 The claimant confirmed that and the petition therefore became groundless. The Arbitrator
 decided to discontinue proceedings.


 V.
 The claimant sought from an institution the refund of a total of CZK 12 761. She justified her
 petition on the grounds that she had learnt from an account statement the institution had sent in
 October 2006 that during September 2006 fictitious item nos. 1, 2, 3, and 4 had been debited
 from her current account and subsequently from her evidence account. The institution informed
 the Arbitrator that transaction no. 3 for CZK 7 025 was the sum of a fee of CZK 25 for a
 payment card transaction (for withdrawal from another institution’s ATM) and CZK 7 000
 (withdrawn from the ATM), and transaction no. 4 for CZK 3 873.68 was the sum of four




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                    -37/41 -
 operations (CZK 2 000 withdrawn from an ATM; CZK 1 760.50 paid by payment card; CZK
 114 account service charge and interest of CZK 0.82).
 According to the Arbitrator that action was not only in contradiction of the institution’s
 Standard Terms, but also with Article 7 paragraph 3 of the Payment System Act and Article 6
 of Decree No. 62/2004 Coll., which stipulates the manner of execution of payments between
 banks and settlement on accounts at banks, and the technical procedures to be used by banks
 for corrective settlement.
 In his ruling the Arbitrator stated that the entire problem consisted in the fact that the institution
 had confused authorisation with settlement (the execution of the transaction). The institution
 considered the authorisation of the card transaction to be the settlement day and on that day had
 charged interest on the funds drawn from the evidence account. The institution therefore
 breached Article 6 paragraph 1 of the Payment System Act, as it had taken as the day on which
 the transfer order came into effect a day on which it had yet to receive the information required
 to execute the transfer.
 The Arbitrator further stated that the institution (by settling the transaction) had also breached
 Article 7 paragraph 3 of the Payment System Act, Article 6 of Decree No. 62/2004 Coll. and
 Article 712 of Act No. 513/1991 Coll., the Commercial Code.
 The Arbitrator therefore decided that the institution was obliged to reimburse the claimant for
 interest from the unauthorised drawing on the evidence account in connection with card
 operations, including delay charges, and to pay a penalty of CZK 10 000 for breaching the
 Payment System Act.
 The institution subsequently filed objections but did not establish any new facts that would
 have led the Arbitrator to amend his ruling, and his decisions on those objections confirmed the
 ruling.

               8.2.1.2.       The transfer of funds

 I.
 The claimant who petitioned for proceedings to be commenced before the Financial Arbitrator
 sought from an institution the refund of CZK 10 362.33 to the claimant’s account. The claimant
 justified his petition on the grounds that he had requested by cross-border credit transfer order




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                        -38/41 -
 the transfer of DKK 70 858 from his account to the beneficiary’s account, equivalent to CZK
 272 845.81.
 The institution informed the claimant that the transfer had not been executed as the
 beneficiary’s account number had not been entered correctly, and CZK 262 483.48 was
 returned to the claimant’s account. The difference between the amount debited from the client’s
 account and the amount credited (refunded) was CZK 10 362.33. The claimant requested that
 the institution refund the difference, but the institution rejected his complaint.
 In evidence proceedings the Arbitrator learned that the claimant had concluded an Agreement
 for an account in Czech currency (“Agreement”) with the institution, of which the Terms for an
 account in Czech currency were an integral part. In the Agreement both contracting parties had
 undertaken to adhere to the institution’s Standard Terms and Conditions. The Standard Terms
 and Conditions stipulate that the method for converting foreign currencies is that the institution
 sells foreign currency in non-cash form to clients for Czech koruna at the foreign exchange
 selling rate and buys them from clients for Czech koruna at the foreign exchange buying rate.
 On the basis of the evidence the Arbitrator concluded that the institution had not breached the
 provisions of the Payment System Act. For the reasons stated the Arbitrator decided to reject
 the claimant’s petition.


 II.
 Proceedings concerning the late transfer of funds were commenced on the basis of the
 claimant’s petition, but the petition lacked the particulars stipulated in Article 10 paragraph 1 of
 the Financial Arbitrator Act. The petition did not include any proof that the claimant had
 requested the institution to make redress, which pursuant to the Financial Arbitrator Act is a
 condition for proceedings to be commenced.
 The Arbitrator instructed to the claimant to amend the petition, but she did not do so within the
 stipulated time limit. Those errors are by law an obstacle to the continuation of proceedings.
 The Arbitrator therefore resolved to discontinue proceedings.


 III.




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                       -39/41 -
 The claimant sought the refund from an institution of CZK 78 180. She had visited a branch of
 the institution and requested that CZK 75 000 be sent to Berlin using the “P” service.
 Before the transfer was executed the claimant was assured that the beneficiary would receive
 the funds on proof of identity. She checked on the website that the funds were waiting to be
 collected. A subsequent check revealed that the funds had been paid to an unauthorised person.
 She added that as neither she nor her partner had travelled to Germany it was not possible that
 they could have collected the funds.
 The institution stated to the Arbitrator that it did not recognise the claimant’s entitlement as it
 believed it had not breached any of its duties and was not responsible for any damage incurred
 by the claimant. Pursuant to Article 12 paragraph 5 of the Financial Arbitrator Act the
 Arbitrator summoned the claimant and her partner to give a verbal account.
 The claimant stated that she had only informed her partner of the transaction number. She also
 stated that on learning that the funds had been collected by an unauthorised person she had
 immediately telephoned the institution’s branch, where she was informed that the funds had
 indeed been collected.
 From the evidence presented by the institution (a screenshot from the agent arranging the
 transfer) the Arbitrator determined that the person who collected the funds had proof of identity
 – EU identity card (no. XXX), issued in 2004 – listing name and surname, place of birth and
 nationality.
 The claimant’s partner presented the Arbitrator with his identity card (no. YYY) and passport
 (no. ZZZ).
 Other evidence presented by the institution revealed that the beneficiary had given the same
 name and surname as the claimant’s partner. The other data were entirely different. It followed
 that there were discrepancies between all identification data on the beneficiary other than his
 name and surname, specifically his domicile and date of birth, and the type and identification
 number of the proof of identity, including its date of issue.
 In evidence proceedings the Arbitrator found that the conditions listed on the reverse of the
 document presented revealed that the “P” transfer service is intended for transfers of funds
 between relatives, or at least between people who know one another well. They also state that




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                      -40/41 -
 the payer undertakes to impart the identification data on the transfer only to the beneficiary and
 not to anyone else.
 According to the Arbitrator the claimant had clearly satisfied those conditions.
 The institution failed to protect the funds she had entrusted to it and had executed, via an
 intermediary, a payment of funds to a person other than the person stipulated by the claimant,
 with an entirely inadequate security mechanism.
 Pursuant to Article 15 of the Financial Arbitrator Act the Arbitrator therefore ruled that the
 institution was obliged to refund the claimant a total of CZK 78 180 and to pay a penalty of
 CZK 10 000 for breaching the Payment System Act.


 IV.
 In a petition the claimant sought compensation from an institution for the late transfer of CZK
 257 538.38 to an account at another institution. He justified his petition on the grounds that the
 amount was credited to the claimant’s account late.
 It emerged from the institution’s statement that the transfer of funds to the other institution was
 indeed executed after the elapse of the legal time limit. The institution realised it was in error,
 which it explained on the grounds of the implementation of a new banking system. It calculated
 the level of compensation from lost interest at CZK 90.16 and transferred that sum to the
 claimant’s account.
 For those reasons the petition for proceedings to be commenced became groundless. As the
 claimant had not enumerated or proved in his petition or in proceedings that the claimant had
 suffered any other financial damages due to the late transfer the Arbitrator decided to
 discontinue proceedings.




STUDIE PODVODŮ V OBLASTI BEZHOTOVOSTNÍCH PLATEB V ĆR                                      -41/41 -

								
To top