When someone says fraud as a consumer you may automatically think “stolen credit card, but my bank will fix it” and move on with your day. When someone says fraud as a business owner you may automatically think back to your PCI Compliance and how the liability shift from 2015 means that you are now on the hook for 100% of whatever the fallout happens to be.
In order to protect ourselves from the rising fraud, it helps to understand the different types of fraud. This is a quick breakdown of some of the most common types of fraud.
Account Takeover – This is when the fraudster attempts to gain access to a consumer’s funds by changing the registration information on the account to their own email, residential address, and name.
Re-shipping – this typically involves recruiting an innocent person to use their address. The criminal has used stolen credit cards and ordered merchandise to have delivered to their “partner’s” address. Then the individual would re-packing the goods and ship them to the instigator, usually in exchange for a share of profits.
Affiliate Fraud – this type of fraud happens when the fraudulent use of a company’s referral or leads for profit. For example, a shady company would submit fake leads with real customer information. For example, in 2011, Wells Fargo created millions of fraudulent savings and checking accounts on behalf of clients who some of which did not even know what had happened until news broke in 2016. This can be used for quite a while before the company becomes aware of any issues.
Botnets – A botnet is a device connected to the Internet. Each device capable of running one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection making you extremely vulnerable. When botnets meet e-commerce mass chaos can happen because stolen payment and identity information makes it appear transaction matches up with the credit card being used.
Identity Fraud – To obtain and use sensitive personal information, such as a social security number, passports, and driver’s licenses. Collectively the fraudster having this information opens up a freeway of different crimes and scams, which turns into a lifetime of trouble for you.
Friendly Fraud – this is the most common fraud. Friendly fraud means a merchant received a chargeback, which is the cardholder denying the purchase or receiving any products. Most of the time the merchandise or services were actually received/rendered. Sometimes it is a disgruntled family member or friend who commits Identity Fraud by using the cardholder’s information.
Clean Fraud – is almost impossible to detect. Clean fraud means squeaky clean, the fraudster has managed to have valid customer account information, the IP address matches the billing address, accurate data, and card verification number, etc; The only option in combating clean fraud is to ask more questions, but this creates more risk of abandoned shopping carts.
Phishing – When someone creates an email that appears to be from legitimate businesses with an end goal of stealing personal information, account log-in details, passwords, and account numbers.
Sphishing is SMS phishing A new to the scene threat where text messages are sent to consumers asking for them to provide personal information, their online banking password or ask them to make a phone call to a number controlled by the fraudster so they can enter their ATM PIN number or online password.
Whaling – is a variation of phishing, but targets or ‘spears’ a specific subset of individuals, customers, consumers, or employees. Fraudsters send doctored messages which appear to be legitimately sent from another staff member, known business partner, or other trusted party.
Pharming – This is where a website re-directs traffic to an illegal site where customers unknowingly enter their personal data.
Triangulation – The typical ruse is to steal valid credit card information by posting a product online at a too good to be true price, which is then purchased with a credit card. Now the criminal can access the unsuspecting buyer’s card number, continue to steal, and add other credit card numbers using the same scam.
Tiffany Tucker, a Systems Engineer at Chelsea Technologies listed these steps to help businesses with phishing attacks.
Educate your employees and conduct training sessions with mock phishing scenarios.
Deploy a SPAM filter that detects viruses, blank senders, etc.
Keep all systems current with the latest security patches and updates.
Install an antivirus solution, schedule signature updates, and monitor the antivirus status on all equipment.
Develop a security policy that includes but isn’t limited to password expiration and complexity.
Deploy a web filter to block malicious websites.
Encrypt all sensitive company information.
Convert HTML email into text-only email messages or disable HTML email messages.
Require encryption for employees that are telecommuting.
The best solutions are being aware of the current risks, effective fraud management, consistently monitoring and updating fraud prevention protocols since the scams as fraud schemes change.
Schedule with a Payment Professional to review potential areas for fraud.