A Thing
The Green SheetGreen Sheet

The Green Sheet Online Edition

October 22, 2012 • Issue 12:10:02

Fraud alert: Threat level rises

By Nicholas Cucci
Network Merchants Inc.

U.S. financial institutions have now been alerted to greater cyber threats, according to the Financial Services Information Sharing and Analysis Center. On Sept. 19, 2012, the FS-ISAC raised the threat level from elevated to high. This came after Bank of America Corp. reportedly experienced problems related to periodic website outages.

The short advisory from the industry group urged banks and other industry members, especially in the payments arena, to "ensure constant diligence in monitoring and quick response to any malicious events."

Traffic jams

According to published reports, BofA's online banking site experienced intermittent slowdowns on Sept. 18, and a hacker group claimed responsibility for the problems. The claims had not been verified at press time.

"In response to the group's claims, I can assure you that our customer and client information, our online banking platform and the related systems remain safe and secure," BofA spokesman Mark Pipitone said. "Our online banking services have been, and are, up and running. The vast majority of our customers did not experience any issues."

What can be verified, though, is a trend of heightened attacks against U.S. institutions and their employees. In a recent fraud alert, the FBI and the Internet Crime Complaint Center described cyber schemes that share a goal of draining thousands of dollars from online accounts via unauthorized wire transfers.

BofA wasn't alone in experiencing denial-of-service (DoS) cyber attacks. The consumer banking websites of JPMorgan Chase & Co., Wells Fargo & Co., and U.S. Bancorp also reportedly experienced intermittent slowdowns or have been unavailable to some customers since Sept. 19.

This year, we have seen our fair share of policy debates regarding consumer information. This legislation, which would strengthen the government's ability to help secure private networks, has so far been stalled in Congress by groups concerned about privacy issues or opposed to increased regulation.

Barbarians at the gate

The payments industry has acknowledged that fraud is an ever-increasing burden. We have seen ISOs, value-added resellers and merchant level salespeople provide their merchants with numerous fraud-fighting techniques, and they continue to educate merchants on fraud schemes. However, this year, fraudsters are making more attempts than ever to commit the following schemes:

  • Phishing, SMSishing and whaling commonly target individuals. Pretending to be trustworthy entities like banks or credit card companies, phishers send emails and instant messages asking users to confirm sensitive information on their accounts. Phishers now send out text messages, too, a practice known as SMSishing.

    Whaling targets executives or high-net-worth individuals whom they find on social media sites when the executives use their corporate titles. Phishing can happen to anyone. The key is to stay on top of security prevention measures and not respond to questionable emails and messages or open suspicious attachments.

  • SQL injections exploit a type of database programming known as Structured Query Language. Hackers inject malware into web forms such as login fields or browser addresses to access and manipulate the database. Hackers sometimes gain access to restricted information, such as credit card details and PINs.

  • DoS attacks and distributed DoS attacks make network resources unavailable to their users. Although motives, targets and means may vary, perpetrators of DoS attacks typically target high-profile sites, such as banks and card payment gateways.

Preventive measures

Ongoing training in anti-fraud techniques by payments industry professionals is more important than ever. For example, ISOs can assist their Level 4 merchants by:

  • Evaluating the extent of their Payment Card Industry (PCI) Data Security Standard (DSS) validation requirements

  • Helping merchants obtain full PCI compliance, including the completion of self-assessment questionnaires

  • Explaining how POS terminals and PIN pads can be breached and what to look for, such as sticker seals, keypad overlays, pinholes and unauthorized people claiming they need access to devices to service or replace them.
end of article

Nicholas Cucci is the Director of Marketing for Network Merchants Inc., a graduate of Benedictine University and a licensed Certified Fraud Examiner. Cucci is also a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners. NMI builds e-commerce payment gateways for companies that want to process transactions online in real time anywhere in the world. Contact him at ncucci@nmi.com.

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next
A Thing