The Green Sheet Online Edition
January 24, 2011 • Issue 11:01:02
Fraud: What to expect in 2011
Fraud losses cost the financial and retail industries over $250 billion annually. Every year, these losses grow as cybercrimes become more sophisticated. The key for banking and payment professionals is to know the top fraud trends and how to respond to them.
Here are some of the fraud trends expected in the payments industry during 2011:
It entails placing skimmer devices directly over the slots where customers swipe their bankcards to get cash from ATMs. Skimmers read and store sensitive personal information kept on the cards' magnetic strips. Skimmer devices are so small authorities have difficulty finding them.
Skimming has been around since the early 1990s and can be directly traced to a fraud ring in Europe. This trend will be ongoing; however, most countries are in the process of implementing the Europay/Mastercard/Visa (EMV) chip standard. Rather than using magnetic strips, EMV cards employ an embedded microchip for data storage.
According to First Data Corp., as countries have converted to EMV chip technology, fraudsters have thus far stumbled when it comes to finding an effective skimming technique. As a result, the new trend overseas is "card-trapping."
Card trapping relies on a device placed on the ATM that will trap the card. Thus, once a customer puts his or her card in the ATM, the card will not come back out. The fraudster, posing as a helpful stranger, suggests the customer enter his or her PIN again, and the fraudster "shoulder surfs" as the customer does so.
Once the PIN is entered and the card does not come out, the customer then enters the bank to notify a teller. Meanwhile, the fraudster needs only a few seconds to pop the card out of the trapper and leave with the customer's stolen account information.
Malware, short for malicious software, gains access to and damages a victim's computer without the victim's knowledge. In 2009 the frequency of this type of attack was 10 times greater than in 2008. Most malware attacks today are designed for financial gain. The malware escapes detection while collecting and transmitting sensitive data such as the user's bank account information, passwords and bankcard details.
Hackers and fraudsters create new malware daily, exploiting new vulnerabilities before they can be detected and fixed. Keeping up to date on your virus protection gives you the upper hand because vulnerabilities are usually found in older or out-of-date virus definitions.
Javelin Strategy & Research suggests malware attacks will increase by about 15 percent in 2011.
Phishing, SMSishing and whaling
Pretending to be trustworthy entities like banks or credit card companies, Phishers send emails and instant messages prompting users to send sensitive information to confirm they are the actual owner of specified accounts. Phishers even send text messages now (SMSishing).
Whaling in the fraud world is when high-worth accounts are targeted. Usually this is through social networking sites such as LinkedIn and Facebook. They target profiles with certain descriptors such as vice president, chief executive officer, chief financial officer, etc.
Google was hacked in 2010 via a PDF file sent to executives that, once opened, caused vulnerability on each user's computer so hackers in China could grab information.
According to media reports at the time, it is believed the hack stemmed from the Chinese government or was at least approved by it; however, Google cannot prove to a 100 percent certainty the Chinese government's involvement. Phishing can happen to anyone; the key is to be vigilant and never respond to or open unfamiliar files from unfamiliar sources.
The popularity of social media is helping make advanced phishing methods even easier, given the availability of personal information on publicly viewable profiles.
Here are some statistics on the growth of social media:
- Fifty percent of YouTube's 300 million users visit the site at least once a week; it's the second largest search engine on the web.
- One in five Americans aged 18 to 35 use Twitter.
- Twitter has 75,000,000 users; 300,000 new members sign up every day.
- Facebook users share 3.5 billion pieces of content every week.
- Sixty-five million Facebook users access their accounts through mobile phones.
- Fifty-one percent of Americans now have smart phones.
With social media becoming more prominent, the threat of phishing will continue to rise. All information posted on profiles becomes public information, including cell phone numbers, email addresses and even personal addresses. What's scary is now people even have access to photos online of what a person may look like. I highly recommend that anyone with a Facebook, LinkedIn, YouTube or other social media account keep private information private.
Most people never have to worry about having too much cash on hand. But after either selling stolen data or cashing out from using stolen data, criminals don't want to raise suspicions by having too much money in bank accounts or risk keeping it "under the mattress."
As with most other criminal organizations, fraudsters rely on a range of money-laundering tactics to hide their money. Unique to the fraud underground is the use of money mules to transfer money into foreign bank accounts.
Criminals also increasingly launder money through otherwise-legitimate online enterprises, as well as by investing in large-scale brick-and-mortar enterprises to hide their ill-gotten gains. Examples include buying restaurants or developing real estate.
Watch for more fraudulent merchant accounts to pop up during 2011. With more information readily available from social media, once a card or identity has been compromised, the fraudster will absolutely look to open a fake merchant account to funnel funds through.
Geotagging the location of transactions should help differentiate legitimate transactions from fraudulent ones. For example, a dry cleaner's merchant account should not have transactions from overseas. All transactions should come from within the store for the services rendered.
With 2011 now here, we must work together to reduce fraud worldwide.
Nicholas Cucci is the Director of Marketing for Network Merchants Inc. He is a graduate of Benedictine University and a licensed Certified Fraud Examiner. Prior to joining NMI, he worked in the payment processing division for a Fortune 500 company and has advised several large retailers on credit card fraud protection, screening and risk assessment. Nicholas can be reached at firstname.lastname@example.org or 800-617-4850.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.