GRC & Fraud Software Journal: Breaches, EMV, mobile payments combined create fraud risk

12-Oct-2015

Boise–Kount, a provider of fraud protection and sales boosting technology, is warning the GRC & Fraud Software industry that technology designed to make transactions safer may actually put businesses and consumers at greater risk.

Recent large-scale data breaches at the Office of Personnel Management, Target, and other organizations, combined with the shift to Europay, Mastercard & Visa (EMV) security standard and the massive move to mobile channels and payments are individual forces that combined create a perfect storm of fraud.

Kount's ebook, "Perfect Storm of Fraud", investigates how these trends - desgned to make electronic transactions safer by protecting consumer information - may actually increase opportunities for theives.

EMV: U.S. will see increase in card-not-present fraud

New technologies create the false premise "that transactions are becoming more secure than they are in reality," said Don Bush, vice president of marketing at Kount.

"For instance, while it’s true that EMV may decrease fraud for in-person transactions, it drives fraudsters to focus on card-not-present transactions, where the EMV chip is almost irrelevant."

This will become painfully evident as the United States undergoes the shift to EMV and becomes "one of the largest e-commerce economies in the world," Bush said. "Fraudsters movement to online fraud will have a global effect."

Sending personal account information into the world

Bush points to data breaches, in which private customer account information for tens of millions of has been stolen. Once stolen from supposedly secure databases, the name, address, social security numbers, account numbers and other financial information is sold and resold to fraud rings and individuals around the world. With the theft of fingerprint data at the Office of Management and Budget, federal investigators say, fingerprints belonging to 5.6 million U.S. government employees and contractors may have become available on the open market.

Those and other recent data breaches, combined with increasing use of new mobile payment solutions, make it easier for thieves to obtain and use stolen data, leaving merchants and consumers extremely vulnerable to fraud.

"Recent trends are creating an environment that makes it easier for fraudsters and more difficult for merchants. But it is possible for businesses to weather the storm and protect themselves –and their customers – from fraud," Bush said.

Time to face facts

First, merchants, fraud software providers and consumers must realize the danger that exists, Bush said.

"The solution is not just to acknowledge that the current environment is making it easier for fraudsters to organize and attack your business. With that knowledge, merchants must employ multiple, real-time techniques to better understand their good customers and work in the context of an order to block truly fraudulent transactions while also protecting the legitimate ones."

How can vendors and consumers alike protect themselves against fraud?

Kount offers the following tips:

First, for the vendors

Employ a comprehensive fraud strategy. A modern fraud strategy should be tailored to your business strategy and use multiple techniques in real time. These techniques include: analytics, scoring, device data, product based rules, link analysis, data validation, payment information, behavioral monitoring, and geographic analysis. The best possible implementation will use this data in both a machine-learning environment and a rules-based system. This maximizes the value of the data while giving the merchant complete control. This sort of system will make doing the following steps very easy.

Scrutinize big ticket items. Stolen cards or account details will have a short lifespan as the real owner realizes their card has been stolen. Fraudsters seek to maximize their profits by purchasing big ticket items such as jewelry, TVs, and technology, and are likely to order those items multiple times to maximize profits.

Always verify elements of the order. By verifying the elements of the transaction – such as geolocation and shopping cart data – merchants can see issues as they arise.

Ensure IP location, billing information, and shipping information are in sync. Not every order will line up nicely, but fraudsters often try to fool your payment system or ship to locations that are not close to the person making the order. This can be a sign of fraud.

Beware of "Running a Card." Fraudsters will run multiple transactions on one card, or multiple cards on one or several transactions. This is also known as "card testing" Fraudsters are trying to validate stolen cards and leave merchants with chargebacks and upset customers.

Investigate multiple cards coming from a single IP address or email. Multiple transactions from different cards coming from a single IP address is a strong indication of fraud. Likewise, use of the same card with different email addresses is an additional strategy used by fraudsters to mask their identities.

What consumers can do

Strengthen your password protection. 12345 and qwerty are short, simple passwords that make your account a target for fraud. Make sure you choose a password that’s a mix of numbers, letters (both capital and lowercase) and symbols. However, a difficult password alone is not enough. Having different strong passwords for each of your accounts can help protect you against multiple breaches if a fraudster were to access one password.

Use caution when it comes to free Wi-Fi. Always think twice before joining a free Wi-Fi network. Scammers will create fake networks with the same name as legitimate public venues in the area (think: coffee shops, airports etc.), which contain malware. Once victims join the network, the criminal has access to all of their online accounts and personal information.

Educate yourself. Knowledge is power. Understanding the current landscape will help you protect yourself against loses. It can also be fascinating to learn about the way organized fraudsters attack. A few terrific resources are the Internet Retailer, Krebs on Security and CardNotPresent.com.

Know the rules. Debit and credit cards operated by the large card associations offer very low liability for consumers. This means complete protection in many cases. Responsible use of credit and debit cards from brands like Visa, MasterCard, Discover and Amex provides consumers with easy, low cost transactions and protection from fraud.

Regularly review your accounts. Reviewing your online statements often — at least monthly — can help you keep track of your purchases and make sure arbitrary charges have not been made. If a suspicious charge appears, call the merchant first.

Keep personal information close to the chest. It may seem obvious, but be careful where, when, and how you share your birthday, social security number, or credit card information. Fraudsters go to extreme lengths, including posing as official census takers who go door to door or as customer service representatives over the phone to offer special deals or discounts, to get you to give up private information willingly.

Download the "Perfect Storm of Fraud" eBook here.

About Kount
Kount’s proprietary technology has reviewed hundreds of millions of transactions and provides maximum protection for some of the world’s best-known brands. For more information about Kount, please visit www.kount.com.

Source:GRC & Fraud Software Journal.