The Green Sheet Online Edition
July 23, 2012 • Issue 12:07:02
Cooperation, social strategies combat fraud
Instead of relying on outdated security methods, banks are beginning to fight fraud with new technology and social engineering. To borrow a concept from self-improvement guru Tony Robbins, within the payments industry, we are in a state of constant and never-ending improvement, or CANI.
Banks across the board have increased customer and employee education to battle online fraud. Financial institutions are adopting special social-engineering training and vulnerability testing.
One of the best social engineering adoptions most banks have made is the ability to send mobile alerts to customers regarding their accounts. Banks now send short message service alerts when accounts reach or exceed limits set by customers. This is having success because some fraudsters go for everything, withdrawing the allotted daily limit in one transaction.
Communication and vigilance
Third-party processors are also playing a stronger role in helping banks and credit unions mitigate risk and detect cross-channel fraud. Some examples of groups supporting this cause are the Merchant Acquirers' Committee (www.macmember.org) and the Association of Certified Fraud Examiners (www.acfe.com). This support opens the communication channel and greatly reduces cross-channel fraud. Members of both groups must qualify to join and take part in the fight against fraud. This is an absolute win for the payments industry.
Fraudsters are very hard to catch; they hide easily behind a company with a fake proxy. Skimmers are even harder to detect because their devices can be installed in seconds and transmit data immediately via Bluetooth. Anyone with a Bluetooth-supported device could be a suspect.
A goodwill write-down
Customers are frightened of identity theft and feel violated when it happens to them. Banks are even more troubled. When their customers' information is stolen, they lose money and goodwill. And banks bear the expense of reissuing new cards with every e-commerce breach.
In a recent card-skimming scheme, the skimmers defrauded 300 Chase Bank customer accounts. These cases involved organized crews targeting ATMs at bank branches in California, according to the California Attorney General's Office. Access-door card readers were manipulated with devices that read credit card numbers, while pinhole cameras captured PINs as they were entered.
After pleading guilty in March, the schemers, Gnel Snapyan and Gervork Aroutiounyan, were sentenced to prison time and ordered to pay restitution to Chase. Aroutiounyan and Snapyan were jointly ordered to repay to Chase the $320,728 they withdrew from accounts between July 2010 and February 2011, according to the attorney general's office.
A ready pool of 'talent'
Two growing factors in this type of fraud are location and a poor economy. Typically, Arizona and California are among the top five states every year for identity theft. This correlates with those states' relatively high unemployment rates. A poor economy makes it easier for fraud masterminds to recruit "mules" to carry out the dirty work.
According to the ACFE and Network Merchants Inc., the following possible indicators, taken together, can help merchants and payments organizations identify possible fraudsters:
- A single Internet Protocol address is used with multiple payment cards within a specified number of days.
- One transaction is an AUTH for a very small amount (typically $1.00).
- The shopper's billing address is more than a specified number of miles from the shipping address, which is usually not even in the same country.
- The email address has been flagged in a database of addresses associated with known fraud activity by other merchants participating in the same fraud-detection strategy.
- Email addresses provided are through Google, Yahoo and other free e-mail providers.
- The bank identification number (BIN) is from a high-risk country. Check with your current processor for the latest trend in fraudulent BINs.
I highly suggest keeping an internal database of known fraudulent email addresses. You will be surprised how often you reference this.
Nicholas Cucci is the Director of Marketing for Network Merchants Inc., a graduate of Benedictine University and a licensed Certified Fraud Examiner. Cucci is also a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners. NMI builds e-commerce payment gateways for companies that want to process transactions online in real time anywhere in the world. Contact him at firstname.lastname@example.org.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.