Fraud remains a thorn in the world of credit cards. The industry lost about $1.8 billion last year to credit card fraud. The total includes costs incurred by online merchants, who are mostly liable under Visa and MasterCard rules. Several industry attempts to prevent card fraud have succeeded, but unfortunately criminal schemes continue to evolve, adapting to the new security measures and attacking new areas of weakness.
From a bird's eye view, some of today's fraud schemes remain the same. Schemes such as counterfeiting and mail intercept fraud have been around for years; however, their tactics have adjusted to the deterrence plans. In addition, new schemes are emerging that pray upon consumer vulnerabilities. The most common means by which a card account is compromised are the following:
Card associations have curbed counterfeiting practices by making the cards harder to produce. Aside from the physical characteristics of the card, magnetic stripes have also become better encoded. However, counterfeiters now embrace skimmers to skirt this obstacle. Using a skimming device, which is usually the size of a pager, thieves are able to obtain the information contained on a magnetic stripe without the victim's knowledge. They are frequently used in situations where the card is out of the cardholder's sight for a brief period of time, such as in a restaurant or bar. The information is in turn used to create a counterfeit card. The victim becomes aware of the theft when fraudulent charges appear on their bill.
Mail Intercept Fraud
Thieves scout out mailboxes that are easily accessible looking for a pre-approved offer, a credit card statement, or a paid bill waiting to be pick-up by the postal carrier. Mail that is delivered to an old address also poses a problem. The industry has long done away with sending pre-approved credit cards in the mail - which was a source for fraud; however, thieves have rerouted their efforts and simply respond to the offers on behalf of the unsuspecting victims.
Institutional Identity Theft and "Spoof" Sites
Corporate integrity is at stake when fraudulent sites mimic legitimate ones. These "spoof" sites may be so convincing that they mislead victims into thinking that the sites into which they are entering their personal information (such as their name, telephone number, address and credit card number) are legitimate. In recent years, a trend has been not to simply simulate an existing Web site, but form an alleged "affiliate" site. For example, this affiliate site may pose as a discount site for the merchant. Many of these spoof sites are sophisticated, offering a convincing mock-up and a shipping confirmation page for extra reassurance. Victims leave these sites with the impression that their order is going to a legitimate merchant.
Identity theft is an increasing threat to consumers. Unfortunately, personal information is easy to obtain and used to assume one's identity. It is indeed a challenge to the card industry as accounts are either being opened illegitimately with stolen identities or fraudulently taken over by a criminal equipped with the right information.
Several solutions must be in place to make a significant dent in card fraud. This is especially the case given that credit cards are ubiquitous; used across several sales channels, such as the Internet, telephone, mail, and at the point of sale; and may be given "away" freely or unknowingly by consumers. Four of the top techniques financial institutions can apply to preventing today's credit card fraud are the following:
Neural networks and rules-based systems are being increasingly utilized by financial institutions. These systems can recognize abnormal behavior within an account and can raise red flags for further investigation. Each year, monitoring technologies save millions of dollars by alerting a party to fraud prior to it resulting in greater losses.
Smart cards adoption has failed to take off in the US largely due to a supply and demand conundrum fueled by the cards' high development and implementation cost. However, the industry has not abandoned the initiative. We will see a stronger smart card presence as technology evolves to a point at which the card's cost is reduced. However, online initiatives that utilize password-protected strategies, such as Verified by Visa and MasterCard's SecureCode, are gaining some traction in the market. They face some of the same obstacles borne by smart cards, but online merchants are being enticed with pledged shifts in liability and little is required of consumers.
ID Verification technologies. ID Verification technologies are increasingly being utilized to address the fraudulent openings of credit card accounts. Upon requesting the appropriate information from the application, these technologies can be deployed to validate and correlate the applicant's information, as well as detect oddities that may identify potential fraud. Their automated processes are especially embraced by firms who cannot afford to verify a large number of applications by hand.
Every party privy to a card transaction must be aware of the latest fraud schemes and remain diligent. Consumers are especially in need of awareness or else they could fall prey to schemes like spoof sites or telemarketing scams which will put even the most protected accounts at risk.
Ariana-Michele Moore is a senior analyst within the banking group at Celent Communications, a financial services technology research firm based in Boston. She can be reached at [email protected]
This article originally appeared in Bank Systems & Technology eNEWS,a weekly e-mail newsletter. To order a free subscription, click here: