The Green Sheet Online Edition
October 22, 2012 • Issue 12:10:02
Fraud alert: Threat level rises
U.S. financial institutions have now been alerted to greater cyber threats, according to the Financial Services Information Sharing and Analysis Center. On Sept. 19, 2012, the FS-ISAC raised the threat level from elevated to high. This came after Bank of America Corp. reportedly experienced problems related to periodic website outages.
The short advisory from the industry group urged banks and other industry members, especially in the payments arena, to "ensure constant diligence in monitoring and quick response to any malicious events."
According to published reports, BofA's online banking site experienced intermittent slowdowns on Sept. 18, and a hacker group claimed responsibility for the problems. The claims had not been verified at press time.
"In response to the group's claims, I can assure you that our customer and client information, our online banking platform and the related systems remain safe and secure," BofA spokesman Mark Pipitone said. "Our online banking services have been, and are, up and running. The vast majority of our customers did not experience any issues."
What can be verified, though, is a trend of heightened attacks against U.S. institutions and their employees. In a recent fraud alert, the FBI and the Internet Crime Complaint Center described cyber schemes that share a goal of draining thousands of dollars from online accounts via unauthorized wire transfers.
BofA wasn't alone in experiencing denial-of-service (DoS) cyber attacks. The consumer banking websites of JPMorgan Chase & Co., Wells Fargo & Co., and U.S. Bancorp also reportedly experienced intermittent slowdowns or have been unavailable to some customers since Sept. 19.
This year, we have seen our fair share of policy debates regarding consumer information. This legislation, which would strengthen the government's ability to help secure private networks, has so far been stalled in Congress by groups concerned about privacy issues or opposed to increased regulation.
Barbarians at the gate
The payments industry has acknowledged that fraud is an ever-increasing burden. We have seen ISOs, value-added resellers and merchant level salespeople provide their merchants with numerous fraud-fighting techniques, and they continue to educate merchants on fraud schemes. However, this year, fraudsters are making more attempts than ever to commit the following schemes:
Ongoing training in anti-fraud techniques by payments industry professionals is more important than ever. For example, ISOs can assist their Level 4 merchants by:
- Evaluating the extent of their Payment Card Industry (PCI) Data Security Standard (DSS) validation requirements
- Helping merchants obtain full PCI compliance, including the completion of self-assessment questionnaires
- Explaining how POS terminals and PIN pads can be breached and what to look for, such as sticker seals, keypad overlays, pinholes and unauthorized people claiming they need access to devices to service or replace them.
Nicholas Cucci is the Director of Marketing for Network Merchants Inc., a graduate of Benedictine University and a licensed Certified Fraud Examiner. Cucci is also a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners. NMI builds e-commerce payment gateways for companies that want to process transactions online in real time anywhere in the world. Contact him at firstname.lastname@example.org.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.