A Payments Fraud Primer
Since the earliest days of commerce there has been payments fraud. Hollywood has formed many of our views of how fraud takes place. Whether it’s the bazaar vendor biting on a coin to insure it is gold, a crime boss printing fake $20 bills or Leonardo DiCaprio’s portrayal of Frank Agagnale’s counterfeit check scheme, we all have been exposed to payment fraud as an exciting plot element. However, in real life payments fraud costs businesses billions and those costs are ultimately passed to consumers. Not very entertaining, is it?
Where does Payments Fraud Occur?
The majority of fraud still happens at retail. There has been a lot of fanfare and confusion over the introduction of EMV to address fraud at POS. The EMV standard has proven to solve the in-store Point of Sale data theft problem in Europe and a version is now rolling out in the US. There have been check guarantee solutions the mitigate risk for years and new anti-counterfeiting paper has reduced fake currency.
However, fraud is like water, it seeks the path of least resistance. E-commerce, online and mobile transactions are growing exponentially. And solutions that work at retail don’t always translate in this virtual environment. The bad guys will now focus their efforts on data streams traveling from shoppers to on-line stores, and from those stores to payment providers. In countries where EMV has been adopted we see the rise of online fraud and that is a trend that is repeating itself in the US. With that being the case, every executive needs a crash course in the types of fraud their risk and fraud teams are fighting every day.
Types of Payments Fraud
Identity theft: With the barrage of TV commercials you would think that everyone in America has had their identity stolen. It is not that dire, but it is a real risk that we all face. Identity theft is a common type of fraud online. A cybercriminal steals personal information and uses it under false pretense. Hackers penetrate firewalls of old security systems or hijacking login credentials via public Wi-Fi.
Phishing: The 2016 Presidential campaign ensured that every American is aware of this term. And every IT department is constantly sending out reminders to watch for these attempts. But this fraud technique is still very successful for fraudsters Any emails or websites that require personal or private information such as credit card, bank account or login credentials are prone to phishing. The email or link may appear to be valid, but if you don’t take the time to check, you are handing them the keys to the kingdom.
Wire transfer scams: Fraudsters have taken advantage of customer’s greed, fear and empathy soon after the first telegram was sent. Western Union and MoneyGram have extensive training and consumer education programs that have reduces this at retail. But the virtual world has become the channel of choice for these criminals. Typically, they target credit card users and e-commerce store owners by asking for money in advance in return for a credit card or money at a later date.
Pagejacking: Think you are shopping on Amazon? Well fraudsters can reroute traffic from an e-commerce site by hijacking part of it and directing visitors to a different website. We a customer lands on the page their systems are exposed to potentially malicious material that hackers use to infiltrate a network security system. Online, Mobile and E-commerce businesses must be aware of any suspicious online activity in this capacity.
Merchant identity fraud: Ever wonder why you must provide SO much information to start taking credit card payments? Well fraudster often set up a merchant account for a seemingly legitimate business and begin charging stolen credit cards. The criminals vanish before the cardholders discover the fraudulent payments and reverse the transactions. Since the payment facilitator is liable for the loss and any additional fees associated with credit card chargebacks, the PayFac needs tools to insure they are only working with real responsible businesses.
Common Sense Practices to Protect Your Company:
Require customers to log in to an individual account prior to making a purchase. You may want to add a Multi-Factor Authorization solution.
Stay on top of the latest fraud trends
Change tokens and login credentials regularly
Partner with a verified payment processor
Encrypt transactions and emails
Establish an information security policy
Run scheduled security checks with antivirus software
Do you want to more about payment fraud and how to protect your company? Drop us a note and we will be happy to introduce you to some of the leaders in the fraud industry.