Fraud, ID theft on sale this holiday season

To celebrate the 2018 holidays, the Dark Web is having a clearance sale on personally identifiable information, offering criminals a generous inventory of names, addresses, dates of birth and Social Security numbers, at prices as low as $2 per record. Bryan Lewis, president and CEO at Intellicheck, a security technology provider, said much of the stolen data has been vetted for accuracy during a lengthy incubation period.

"Bad guys are building a product, packaging it and getting it ready for sale," Lewis said. "Before these records go on the Dark Web, they are cross-referenced and confirmed with other data."

The 2017 Equifax breach compromised 145 million civilian records, Lewis noted. This event and increasingly complex, sophisticated identity theft schemes make the 2018 holiday season a dangerous time for holiday shoppers and retailers. "Javelin Strategy and Research puts the total value of identity theft at nearly $17 billion dollars last year," he added. "On average, an identity was stolen every 1.88 seconds in the United States in 2017. More than 57 million records have been exposed this year according to the Identity Theft Resource Center."

Bad Santa

Chris Marchand, vice president, business development at Verifi, a risk mitigation company, has seen increased friendly fraud, also known as chargeback fraud, throughout the holiday season. These events increase merchant headaches and costs. They occur when consumers make purchases with their own credit cards but then, after receiving the goods or services, ask their credit card issuers to reverse charges. These false chargebacks are often triggered by credit card statement sticker shock. Some issuers would rather process a chargeback than risk losing a customer, he stated.

"Adding fuel to the fire, some customers dispute legitimate transactions due to billing confusion, such as the merchant's name not matching their trading name or forgetting about a purchase made," Marchand said. "Consequently, merchants face loss of revenue and merchandise, plus fines and fees applied by acquiring banks."

Merchants and card issuers should collaborate and share transaction information to resolve issues at the earliest possible stage, Marchand advised, adding that merchants "need to ensure they deliver the best customer experience while arming themselves against chargebacks at an already frantic time of year."

Forewarned, forearmed

Lewis said Intellicheck recently found a news organization's contact email and password for sale on the Dark Web. Intellicheck had been working with the company but does not use the same password on multiple sites. "Fortunately, our corporate policy is they have to use different passwords [on different websites], so we weren't at risk," he said. "You open yourself up to security threats when you do that."

Javelin Strategy provided additional protections against identity theft in the whitepaper titled 2018 Identity Fraud: Fraud Enters a New Era of Complexity, as follows:

• Turn on two-factor authentication wherever possible. Two-factor authentication requires a separate action to be taken to access an account, making it more difficult for fraudsters to take over your accounts.

• Secure your devices. Secure online and mobile devices with a screen lock, data encryption and anti-malware solutions ‒ and avoid public Wi-Fi networks.

• Place a security freeze. A freeze on your credit report can prevent anyone else from opening an account in your name. Credit freezes must be placed with all three credit bureaus and prevent everyone except existing creditors and certain government agencies from accessing your credit report. Costs vary per state but are typically less than $20 for each bureau.

• Sign up for account alerts everywhere. Notifications can be received through email or text message, making some notifications immediate. Some go so far as to allow customers to specify notification scenarios to reduce false alarms.

• Protect yourself from unauthorized online transactions. Some financial institutions offer alerts for online transactions, the ability to institute limits on online transactions, or even advanced controls through 3-D Secure (for example, Verified by Visa, SecureCode from Mastercard). These can help quickly detect and even prevent online fraud.

"There is enough data on every one of us; it's far too easy to steal identities," Lewis said. "Cybercriminals used to be able to steal a little bit about you, but Equifax had all the information about you in one place and for the first time, Social Security numbers are more prevalent than credit card numbers on the Dark Web."

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.