Retail Payments Risk Forum
Font Size: A A A

Portals and Rails

March 24, 2014

The Fraudsters Are Omni-Channel--and Omnipresent

"Omni-channel banking" is an in-vogue term for what bankers have known for quite some time: customers can access multiple channels to conduct their banking, have a preference for one over the others, and that preference to a large degree reflects their ages. Despite their primary preference, these consumers are likely to use multiple delivery channels, and when they do, they want a seamless experience when moving from one to another. The banking industry has struggled to successfully implement such an experience. Achieving this seamlessness is difficult because the industry has historically had a vertical organizational structure, in which each distribution channel has its own strategic plan and sometimes even an independent technology, which leads to differences among the channels. For example, if a customer were to check his or her account balance from an ATM or automated call center, the balance can be different from the balance they would get from a teller inside a branch.

Unfortunately, criminals have also adopted omni-channel usage, and at an even faster pace—they are not concerned with having a transparent or seamless experience. In fact, they seem to be more successful when there are disparate systems because that makes the detection of fraudulent activity more difficult. For example, we have seen criminal attacks move from in-branch armed robberies to ATM cash-out cyberheists. Why risk a physical confrontation and mandatory jail sentence when you can work anonymously and actually get a greater haul? We are also aware of cross-channel fraud activity within the electronic channels. In one case, e-mail phishing attacks led to a customer unwittingly disclosing online banking credentials (user ID and password) and then fraudulent payments or wires being initiated through the online channel. In a recent post, we talked about how criminals often target call centers. They use social engineering techniques to gain sufficient account information to fraudulently access accounts through a variety of channels.

A lesson from these incidents is that financial institutions must take a holistic view of fraudulent activity and not just a channel-specific view. For major losses, they have to perform forensics to determine the channel where the fraudulent effort began not just the channel where the actual fraudulent transaction occurred. Only after such investigative work can the financial institution identify the weak points in its system and processes and take the necessary steps to fortify them to provide a higher level of protection against future attacks.

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 24, 2014 in banks and banking, crime, cybercrime, financial services | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a5118d52d4970c

Listed below are links to blogs that reference The Fraudsters Are Omni-Channel--and Omnipresent:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

December 23, 2013

Here We Go: Number 10!

As the year draws to a close, the Portals and Rails team would like to share its own Top 10 list of major payment-related events that took place in the United States this year.

  1. The Consumer Financial Protection Bureau finalized Dodd-Frank 1073 money transfer rules.
  2. The payments industry experienced increased regulatory scrutiny of third-party processors and high-risk business customers.
  3. Major global ATM cash-out fraud attacks—including many U.S. ATMs—totaled $45 million.
  4. FTC issued a proposal to ban telemarketers from using remotely created checks and payment orders.
  5. Debit networks sought a compromise on an EMV interface—while there is little movement on the issuance of EMV cards.
  6. The newly designed $100 bill with additional security features was released.
  7. Several major data breaches occurred, and identity theft occurrences skyrocketed.
  8. Cyber Monday online sales were up 17 percent, with phones and tablets representing almost a third of the total.
  9. Virtual currencies received increased public, legislative, and regulatory awareness after the U.S. Department of Justice took action to close down virtual currency operators Liberty Reserve and Silk Road.
  10. U.S. District Court Judge Richard Leon threw out Regulation II debit card interchange fees and routing rules.

And as we head into 2014, here are a few payments-related topics we will be following closely:

  • As regulators continue to monitor developments in the virtual currency market, will the usage of virtual currency as a legitimate medium of exchange expand among the merchant community?
  • Will 2014 finally be the “Year of the Mobile Payment” as stakeholders have yearned for over the last several years? What progress will be made in addressing the awareness, security, and education aspects of mobile payments?
  • With online and mobile commerce showing no signs of slowing down, what authentication solutions will be most widely adopted to prevent a rising tide of card-not-present fraud?
  • How will merchants and card issuers deal with EMV implementation?
  • What effects will the regulatory attention on third parties and high-risk businesses have on the due diligence practices of financial institutions?

Wishing you all happy holidays and a fraud-free 2014!

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

December 23, 2013 in ATM fraud, crime, EMV, identity theft, regulators | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c019b03847b7e970d

Listed below are links to blogs that reference Here We Go: Number 10!:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

October 15, 2013

Fighting Counterfeit Currency and Protecting the Integrity of Our Payments System

The Federal Reserve recently introduced the redesigned $100 note into circulation and has begun an extensive public awareness campaign to acquaint consumers and merchants with the new note. The production of this note marks more than 10 years of effort and technology innovation to make U.S. currency more resistant to counterfeiting. The note incorporates two new security features: a 3-D security ribbon and a color-shifting image. These features are in addition to features such as an embedded security thread, portrait watermarks, and microprinting, introduced in the first redesigned note—the $20—back in 2003. The redesign of the $100 completes the current cycle of note redesign; there are no plans to redesign the $1 and $2 notes due to their low appeal to counterfeiters.

Fighting the constant battle against counterfeiters falls officially to the United States Secret Service, although they certainly rely on support from other federal, state, and local law enforcement agencies as well as from the general public. Many people erroneously believe the Secret Service was created in July 1865 as a reaction to President Lincoln’s assassination three months earlier. But the original mission of the Secret Service was to suppress the rampant problem of counterfeit currency being produced by the 1,600-plus private banks. The authority of the Secret Service was broadened two years later to include bootleggers, mail robbers, and others conducting fraudulent activities against the federal government. The Secret Service wasn’t given official responsibility for executive protection until the early 1900s, following the assassination of President William McKinley.

How big is the counterfeiting problem? It is constant, even though electronic financial crimes have more lucrative payoffs and are more difficult to investigate and prosecute. Over the last 10 years, the Secret Service has seized more than $295 million in counterfeit notes. The Secret Service investigates every counterfeiting report since it is often a series of individual reports that leads to a trail of counterfeiting activity by a criminal moving over a geographic area.

Criminals still employ crude counterfeiting techniques, but improvements in printer technology have made detecting counterfeit bills more difficult. Early counterfeiting deterrence relied on the skill needed to operate an offset printing press, along with the high costs of these printers. Now, the weapon of choice of counterfeiters is the advanced laser printer. Since these printers are capable of producing high-quality graphics, the development of the additional anti-counterfeiting technologies now incorporated in the new $100 note (as well as the redesigned $50, $20, $10, and $5 notes) was necessary in this continuous challenge to stay ahead of the criminals.

At Portals and Rails, we urge all financial institutions to maintain communication with your consumer and business customers about the challenges that counterfeit currency present and the steps to take should they come across a note that appears suspicious.

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

October 15, 2013 in crime, fraud, law enforcement | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c019b000cd617970b

Listed below are links to blogs that reference Fighting Counterfeit Currency and Protecting the Integrity of Our Payments System:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 06, 2013

Staying One Step Ahead of ATM Attacks

Ever since the first ATMs were installed in the United States more than 40 years ago, criminals have used a variety of methods to steal money, through either physical or virtual attacks on machines or customers. The early ATMs were installed primarily through the exterior wall of bank branches, so they were generally as secure as the building's cash vault. Consequently, the attacks generally took the form of robbing customers using or employees servicing an ATM.

The industry reacted, with some state regulatory nudging, with camera surveillance, improved lighting and visibility, privacy screens, drive-up reconfigurations, and customer safety education programs. When less-armored, freestanding cash dispensers began to appear in retail locations, criminals turned to trying to pull the entire ATM out from its floor or wall anchors and then cracking it open at a remote location.

As criminals grew more sophisticated, they turned their attention from such aggressive physical attacks to stealthier ones. In one such activity, referred to as "skimming," they place false card readers over the real ones to capture the data on the cards' magnetic stripe so they can create a counterfeit card. The criminals may generally also install a pinhole camera positioned to capture the customers entering their PINs on the keypad. Card skimming has become a major problem for the card payments industry overall and has been an impetus for the migration to chip cards throughout the world and finally in the U.S.

Some recent efforts to attack ATMs have involved gaining unauthorized access to the applications controlling ATM transaction authorizations. In an incident in Oman that took place earlier this year, cyberthieves established real-time access to the authorization files on a foreign bank's prepaid card application system and changed the balance available for withdrawals. They also continually reset the daily usage counters. Using a large gang of money mules with counterfeit cards and the PIN to access the prepaid account, the criminals conducted a coordinated attack, making continuous cash withdrawals at numerous foreign ATMs until the cash supply at all the ATMs was exhausted. This gang netted the equivalent of almost US$39 million—yes, that's not a typo, it was $39 million.

It now appears there is a trend, at least in Europe, of criminals resorting to physical attacks on the ATMs again. Gangs have been injecting explosive liquids and gases into ATMs, then igniting them to blast open the ATM vault to gain access to the currency cassettes. I believe it is only a matter of time before such attacks are initiated here in the United States.

These activities emphasize that criminal attacks against our payments system will continue to take different forms and target all payment channels. In a comprehensive risk management plan, stakeholders must always anticipate the next type of attack and take the necessary and prudent preventive measures. Sometimes we are lulled into a sense of complacency with mature payment channels and focus all our efforts on the emerging channels or payment products. How long has it been since you have done a risk evaluation on your ATM delivery channel?

David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 6, 2013 in ATM fraud, crime, identity theft, risk management | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017eeadcbd0a970d

Listed below are links to blogs that reference Staying One Step Ahead of ATM Attacks:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

August 27, 2012

Mind the Gap: PIN versus Signature Authentication

In a January post, Portals and Rails considered the difference in fraud rates for payments using signature versus those using PIN authentication. Based on the data at hand, we concluded that "financial institutions have significantly more exposure to fraud losses from card payments with signature authentication than those from PIN authentication." The just-released PULSE Debit Issuer Study reveals that in 2011 the gap in loss rates between signature and PIN debit transactions has widened further. Issuers lost an average of three cents per signature debit transaction compared to less than one-half of one cent on PIN transactions.

Debit Card Issuer Loss Rates

Fraud is a concern for issuers
According to the study, which was conducted by the consulting firm Oliver Wyman on 57 banks and credit unions, 74 percent of large financial institutions (asset size greater than $10 billion) and 90 percent of small institutions (asset size under $10 billion) view fraud as a major challenge for 2012. Looking deeper into 2012 fraud concerns, 54 percent of issuers, regardless of their size, expect signature debit fraud to increase, while only 37 percent of issuers expect an increase in PIN debit fraud levels.

With fraud being of such high concern to issuers, I expected EMV card issuance to be high on their priority list, but that is not the case. In fact, 71 percent of the financial institutions have no immediate plans to issue EMV cards. In the past, we've highlighted some of the many possible ways to do an EMV implementation—according to the study, these unknowns of a U.S. EMV implementation have many financial institutions taking a "wait-and-see" approach.

Of particular note, issuers are interested in knowing if PIN authentication will become mandatory or if it will continue to coexist with signature authentication. Hopefully, this issue and others surrounding EMV implementation will soon be addressed by the industry through the recently announced collaborative EMV Migration Forum created by the Smart Card Alliance. The sooner these issues get sorted out, obviously, the better, as signature debit card fraud is showing no signs of slowing down.

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

August 27, 2012 in chip-and-pin, crime, EMV, fraud | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0177445db2c5970d

Listed below are links to blogs that reference Mind the Gap: PIN versus Signature Authentication:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 16, 2012

Oh, SNAP! Benefit trafficking costs millions

As I watched the local evening news several weeks ago, one particular story caught my attention. A local convenience store owner had been arrested for the repeated abuse of the Supplemental Nutrition Assistance Program (SNAP), formerly known as the food stamp program. The store owner allowed SNAP recipients to exchange their electronic benefit transfer (EBT) cards for such items as cigarettes and alcoholic beverages, charging a premium of anywhere from 25 to 50 percent of the items' values. This type of SNAP fraud is known as "trafficking." Another form of trafficking fraud occurs when the program recipients sell their cards on the black market in exchange for cash. These cards are then reported as lost or stolen, so recipients receive a replacement card.

Upon performing an Internet search on this topic the next day, I was surprised to discover that SNAP trafficking is actually a $300 million-a-year problem. According to a 2011 report of the USDA Food and Nutrition Service, trafficking diverted an estimated $330 million annually from SNAP benefits, or about one cent for each SNAP dollar redeemed. Interestingly, this figure is down significantly from earlier reports published by the USDA. In 1993, trafficking resulted in more than $800 million of fraud, or nearly four cents per SNAP dollar redeemed. Since the first report, the trafficking rate has fallen, leveling off at its current rate of 1 percent. Still, fraud levels for this EBT program are significantly higher than for general purpose credit and debit card cards.

The main reason for this decline has been the electronification of the old food stamp program. During the mid to late 1990s, some states began replacing food stamps with EBT cards. And since June 2004, all states have used EBT cards to distribute SNAP funds.

Though taking this program from paper payments to plastic payments has dramatically reduced trafficking fraud, fraud is still an issue at 1 cent per dollar redeemed—so much so that the USDA recently proposed a new rule that would allow state agencies to deny replacement cards to recipients who make four replacement requests over a 12-month period.

The USDA's proposed rule is currently open for comment through July 30. I encourage anyone with thoughts or ideas on this particular rule and on trafficking fraud in general to make their voice heard and provide feedback to the USDA. The SNAP EBT fraud rate, which is substantially higher than credit and debit card fraud rates, is the burden of all taxpayers. What else can or should we do to further tackle this particular payments fraud?

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 16, 2012 in crime, fraud, regulators | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0167688b6e94970b

Listed below are links to blogs that reference Oh, SNAP! Benefit trafficking costs millions:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 21, 2012

Cramming and bill-to-mobile payments: Managing the risk

An interesting market segment in the evolving mobile payments industry is bill-to-mobile payments, which is a service that permits wireless carriers to add charges to consumers' mobile phone bills for generally small-value transactions involving digital and virtual goods purchased over the Internet. At the same time, the telecommunications industry is accommodating the addition of more third-party charges to consumers' mobile phone bills. Naturally, fraudsters are finding opportunities to apply unauthorized charges to these bills, a practice known as "cramming." As bill-to-mobile services grow more popular, how do we mitigate the potential risk of this fraudulent activity?

Telecoms and bill-to-mobile services
Telecoms have license to add charges to bills for a variety of call-based services. The advent of bill-to-mobile as a type of mobile payment began as intermediary platform providers—namely, Zong and Boku—entered the market to facilitate payments from consumers to online merchants through mobile carrier billing. Even Facebook allows the purchase of Facebook credits for games and apps to be billed to the customer's mobile phone bill in lieu of a credit or debit card payment. These services have become hugely popular as an electronic micropayment solution alternative to credit and debit cards. This makes a lot of sense when you consider the younger demographic market segment for online games and their social reliance on mobile for day-to-day interaction.

Regulation and law enforcement
As mobile phone usage grows, the incidence of criminal activity is growing in lockstep. In fact, since deregulation of the telecommunications industry, according to one state's Department of Justice report, complaints about erroneous charges on telephone bills have grown. Crammers bet on consumers not reading their phone bills carefully, and thereby failing to notice an extra dollar or two fraudulently charged each month.

The Federal Communications Commission's (FCC) Truth-in-Billing rule requires that telecom firms organize bills clearly by complying with specific requirements, such as including "clear and conspicuous notification" of charges that would be apparent to a reasonable consumer and that the name of the merchant associated with each charge is clearly identified on the bill. It also requires that the bill contain clear and conspicuous disclosure of inquiry contacts in the event of a billing dispute so that the consumer will know who to contact to dispute unauthorized charges.

While the FCC's rule might not have envisioned a mobile-payment-enabled environment and associated charges for financial services, the rule should provide adequate consumer protections for victims of phone bill cramming.

Managing the cramming risk for mobile payments
Currently, U.S. wireless carriers are limiting bill-to-mobile services to micropayments for virtual and digital goods. Purchases are typically limited to $100 a month because so far the carriers have not demonstrated an appetite for managing credit risk. Telecom firms generally resolve complaints quickly, as the cost associated with time spent by staff devoted to error disputes far exceeds the value of the charge in a complaint. As these services grow, however, this may not always be the case.

With appropriate consumer protection regulation in place, risk mitigation lies with the consumer, who should consider the following steps to protect against cramming:

  • Read your bill monthly, just as you would a credit card bill.
  • Be alert for changes in your bill, particularly those with language including words like "activation" and "service fee."
  • Address irregularities as soon as possible. The FCC's Truth-in-Billing rule requires phone bills to include a toll-free number to make it easy for a consumer to quickly report a dispute about a charge.

Cindy MerrittBy Cynthia Merritt, assistant director of the Retail Payments Risk Forum

May 21, 2012 in crime, mobile payments | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c016305b2d682970d

Listed below are links to blogs that reference Cramming and bill-to-mobile payments: Managing the risk:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

November 07, 2011

International Fraud Awareness Week is here

According to the Association of Certified Fraud Examiners (ACFE), organizations worldwide lose roughly 5 percent of annual revenues to fraud. That's huge. A theme that we return to again and again in Portals and Rails is the fact that technology is making our lives—including the ways we transact consumer payments—more efficient and secure. But these new technologies also offer fraudsters new and sometimes better ways to perpetrate crime.

Fraud Awareness WeekIn an effort to promote fraud awareness and education, starting November 7, the ACFE is sponsoring International Fraud Awareness Week, a "time dedicated to fraud awareness, detection, and prevention." So in keeping with this theme, we are using this space to refocus on some of the issues around payments fraud in the United States.

U.S. payments fraud is on the rise but hard to measure
Unlike other countries, the United States does not have a single, uniform repository for collecting fraud loss data. Industry analysts primarily base their concerns about the industry on anecdotes from law enforcement, financial intelligence agencies, and regulators. In addition, recent media accounts of check fraud, corporate account takeovers, payment card breaches, card payment terminal skimming, and the like leave no doubt that in the retail payments arena, leave no doubt that the problem of fraud is universal and growing.

Also validating the growing concern are proxies such as fraud surveys from organizations like the American Bankers Association (ABA), which measures deposit account fraud in banks, and the Association for Financial Professionals, which works with corporations to measure their fraud loss experience. However, more information may be needed as payment systems grow more complex, provide new alternative solutions and access new electronic channels.

Internal fraud is growing globally
The global economic downturn has led to an increased incidence of payments fraud. Sometimes financially distressed employees—rationalizing their behavior in light of dire circumstances—commit frauds within a business, effectively stealing from their employers. For example, employees in financial institutions who have access to large amounts of customer data may use their insider access to commit fraud. In one of our podcasts, an expert noted that internal fraud is more growing more common—and complex—as criminal rings increasingly place their people within legitimate organizations, where they can then steal data. Once they have the data, they can use it to commit a variety of frauds, including identity theft and payment crimes, such as card counterfeiting and counterfeit checks, to name just a few.

Fraud awareness week highlights old-school solutions
The International Fraud Week web page highlights resources for fraud prevention and education that businesses and consumers can tailor to their own particular needs. For example, the site offers a link to a Fraud Prevention Check-Up, which provides a framework for business to assess their risk and evaluate the strength of their fraud mitigation environment. Another anti-fraud resource is a presentation with tips to help organizations prevent and detect fraud.

To that same end, Portals and Rails in an earlier blog offered a recommendation for businesses to be proactive by adopting relatively simple control processes. For example, basic checklists like the one that follows can help organizations comply with ACH rules and regulations, avoid human error, and reduce fraud.

Electroic Payment Checklist

International Fraud Awareness Week activities
To help raise awareness around fraud, the ACFE recommends that businesses participate year round in its blog and in other social media initiatives, such as forums for dialoguing and sharing ideas on fraud detection and mitigation. It also suggests that organizations spread the word to colleagues and clients about International Fraud Awareness Week and the resources available to promote strong fraud risk management program development.

One thing we know for certain, and can't say enough, is that our payment systems are growing more and more complex, in terms both of sophisticated technologies and of multiple new nonbank service partners entering the mix. With this constant change and development, the payment distribution chain will undoubtedly contain more points of potential vulnerability to risk and fraud. Taking basic preventive measures and increasing industry awareness through the activities and resources highlighted during International Fraud Awareness Week can go a long way to combating payment-related risks and fraud.

Cindy MerrittBy Cynthia Merritt, assistant director of the Retail Payments Risk Forum

November 7, 2011 in crime, fraud, identity theft, payments risk, payments systems | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c015392dfd1e6970b

Listed below are links to blogs that reference International Fraud Awareness Week is here:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

October 17, 2011

As payments system evolves, "funny" money is still no laughing matter

Counterfeit money in the United States has been in circulation since colonial America. During the Revolutionary War, counterfeiting of Continental American money became so rampant that the currency became worthless. Hence, the phrase "not worth a Continental" was born. Counterfeiting continued after the country's independence from the British, so the government established the U.S. Secret Service in 1865 to suppress it. It was only later that the agency was also tasked with the highly visible and publicized mission of protecting national leaders, most notably the president, and visiting foreign leaders.

Since the establishment of the Secret Service, payment types have advanced from paper bills to checks and card-based payments. Alongside the advancement of our nation's payment methods, the security features of each payment type are evolving to combat attempts at counterfeiting. Yet today, 111 years after the Secret Service was established, counterfeiting remains a threat to the U.S. payments system. This blog examines the security technological advances currently deployed and those in development to fight counterfeiting schemes in consumer payments.

Counterfeit currency
In 1865, approximately one-third of all currency in circulation was counterfeit. Today, counterfeit currency is estimated to represent only 3/100ths of 1 percent of total currency—yet the crime of counterfeiting currency remains popular. According to its Fiscal Year 2010 Annual Report, the Secret Service made more than 3,000 domestic and international arrests for counterfeiting offenses in 2010, resulting in the removal of more than $261 million in counterfeit currency from circulation. This amount is an increase of more than 150 percent from the 2008 level of $103 million. Continued advancements in computer and printing technologies aid counterfeiters in producing hard-to-detect counterfeit bills. It is also important to note that counterfeit bills do not have to be perfect. These bills just need to be good enough for the counterfeiters to exchange once to another party to be deemed successful.

To mitigate the production of counterfeit currency and to help detect it, the U.S. Department of the Treasury constantly enhances paper currency's security features. Newer features such as color-shifting ink, watermarks, and security threads have made paper currency more difficult for criminals to counterfeit accurately.

Counterfeit checks
Much like paper currency, checks became an important payment instrument in the United States following the Revolutionary War. And as is the case with paper currency, checks are also a common target for counterfeiters. Even as check usage continues to decline, check fraud continues to increase and remains one of the largest threats to businesses today, according to the 2011 AFP Payments Fraud and Control Survey: Report of Survey Results. Also according to this report, the counterfeiting of nonpayroll checks using an organization's MICR line data remains the most widely used technique to commit check fraud.

Counterfeit cards
Since the first credit card was introduced in the United States in 1958, card-enabled debit and credit payments have become many consumers' preferred payment methods. But just as payments migrated from paper to electronic methods such as debit and credit cards, counterfeiting fraud schemes have shifted from paper as well. Today's payments fraud-related headlines are flooded with stories of card-skimming schemes to produce counterfeit cards. Fraudsters are using skimming devices on point-of-sale (POS) terminals and at ATMs to capture card numbers. As my colleague Cynthia Merritt previously discussed in an earlier post, these skimming devices are becoming more sophisticated. According to Verizon's 2011 Data Breach Investigations Report, tampering of ATMs and POS terminals accounted for 98 percent of physical data breaches in 2010. The report notes that these tampering attacks, which have been occurring for years, are on the rise.

Despite the continued evolution of payment types and their corresponding security features, counterfeiters persist in finding ways to harm the payments system, regardless of payment type. Although the industry can and should strive to eliminate the success of counterfeiters, history shows us that the task is all but impossible. It will be very interesting to see the effect that new security enhancements as they develop will have on counterfeiting trends in the United States. For me, I am eagerly anticipating the effect that dynamic data chip-enabled transactions will have on the skimming and counterfeiting of payment cards should the industry adopt the technology.

By Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

October 17, 2011 in check fraud, crime, fraud, payments systems | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c014e8c5020ad970d

Listed below are links to blogs that reference As payments system evolves, "funny" money is still no laughing matter:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

September 06, 2011

Using data mining to catch suspected financial wrongdoers

The seemingly inconsequential disclosure of a phone number or ZIP code to a store clerk can ultimately end up far away from where it was first shared, especially if it is used for data mining purposes. Data mining is the use of computer-based analytic tools that sift through large collections of data searching for patterns based on statistical techniques. Often times, data records containing personal identifiers are compiled from many sources and transferred to third parties for data analysis.

The information collected and stored in large databases can be used to detect suspicious spending patterns or to uncover improper spending of federal relief funds. Often, the results of the analysis lead to the detection of overall trends or patterns that reveal unusual activity and other specific parameters. While some data mining techniques are used to help with national security, others are in place to help combat financial fraud.


Federal agencies
The Federal Agency Data Mining Reporting Act requires federal agencies to submit reports periodically to Congress informing them of their data mining activities. For instance, two bureaus of the Department of the Treasury regularly engage in data mining activities: the Internal Revenue Service (IRS) and the Financial Crimes and Enforcement Network (FinCEN). The IRS mines financial data to predict which individual tax returns have the greatest potential for fraud and which corporations are most likely to make improper use of tax shelters. FinCEN focuses its data mining on money laundering activities and other financial crimes.

Both agencies use similar data mining technologies that include a database that reviews aggregate Bank Secrecy Act (BSA) forms and information. However, because BSA reports—such as the Suspicious Activity Report and Currency Transaction Reports—do not on their own reveal potential underlying criminal activity, FinCEN, for instance, may also query other law enforcement databases for further data on suspicious trends or patterns indicative of anomalous or illicit activities.

Data mining limitations
While data mining can reveal helpful patterns and trends, it has inherent limitations. For example, data mining cannot identify the underlying cause of the identified patterns and trends. The user must determine the significance of the data collected and must be able to draw relevant and accurate inferences.

A significant drawback to using commercial data is the possibility that the data contain errors or is of poor quality—it may be duplicative, for example, or dated. The accuracy, timeliness, and completeness of the data and analysis of the data are important. Drawing erroneous or adverse inferences about any individual can quickly become problematic. According to the Treasury's data mining report, FinCEN uses checks and balances in its data mining and analysis to ensure that the data is used only by authorized agencies and for statutorily authorized purposes.

Interpreting the data
Large aggregated collections of information are valuable intelligence resources. It is important to understand how and why access to such information is valuable. Sophisticated information retrieval techniques such as data mining allow users to search extremely large collections of data for trends and patterns and to zero in on particular transactions of interest. The information collected can also help law enforcement agencies identify emerging financial criminal trends. However, it is prudent to keep in mind that the initial data gathered many times only serves as lead information, and it may not be that until further analytical and investigative steps are taken that the information can ultimately work to help catch financial wrongdoers.

Photo of Ana Cavazos-WrightBy Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed

 

September 6, 2011 in crime, fraud | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c0153915d68c0970b

Listed below are links to blogs that reference Using data mining to catch suspected financial wrongdoers:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in