Our guest blogger this week is Zachary Smith, a legislative analyst for the Experian Government Affairs team.

Despite being a top priority for the Administration and leadership in Congress for much of the past year, the Senate failed to reach agreement on a comprehensive cybersecurity bill before adjourning for August recess.

After several revisions, the Senate began debate on the Cybersecurity Act of 2012 during the last week of July.  The bill would have created a National Cybersecurity Council to develop best practices for industries designated as “critical infrastructure.”  These industries might include utilities, pipelines and financial service companies.  In addition, the legislation would have encouraged the establishment of voluntary data exchanges to allow government agencies and private companies to share cyber threat information.

Disagreements arose between over the level of authority that the proposal would provide the Federal government to establish new cybersecurity standards for certain entities that it deemed to be “critical infrastructure.”  A majority of Senate Republicans voiced support for alternative legislation that would make the participation by private entities completely voluntary.

There were also attempts to establish a new law for a national data breach notification standard.  However, the Senate could not reach agreement on specific provisions of a preemptive program. 

There is a possibility that the Senate could revisit cybersecurity legislation when it returns for a brief work period in September or during the lame duck session after the election.  However, unless there are significant changes made to the bill so that it is palatable to a significant majority in the Senate, it is highly unlikely that legislation will be passed and signed into law this year.

The holidays may be over, but scams targeting holiday gift cards purchased by consumers are an unwanted gift that keeps on giving.  The National Retail Federation estimates that gift cards are a $50 billion annual market, so it’s little surprise that fraudsters search for creative ways to grab a piece of the action throughout the year.  These thefts leave retailers in the difficult position of either reinstating gift card balances to victimized customers – and consequently cutting into their revenue and profitability – or sacrificing consumer confidence in the integrity of an important sales vehicle.

Addressing this violation starts with understanding the ways in which gift cards are scammed.  One of the most popular hustles involves covertly copying identification numbers from gift card displays, then stealing funds from these cards after they’ve been purchased by customers.  Scammers typically call to inquire about the balance on “their” card to determine whether cards have been activated; once this is confirmed, the thieves then purchase goods online before rightful customers have the chance to do so.  The hoax is even easier to pull off if employees are the ones cribbing card numbers and can personally monitor when the cards are activated.  Alarmingly, this is just one of numerous known scams, which run the gamut from gift card cloning to selling stolen gift cards on auction websites.

Implementing strong security around gift card programs is key to ensuring its protection for both customers and businesses.  Simple steps, such as altering gift card displays so that actual cards aren’t accessible to the public, as well as building in privacy features like pin codes, can go a long way towards deterring criminal activity.  Internally, companies must also take measures to ward off employee fraud; for example, discarding used cards and monitoring blanks to prevent employees from switching customers’ cards with old or inactive zero balance cards.

Gift cards are a growing market for businesses and should be treated as valuable sales currency, with the same risks of consumer fraud and internal misconduct that are posed by credit cards.  Developing robust safeguards, proper auditing and early detection and reporting of abuse are critical to protecting a program that is popular with customers and profitable to retailers.

I mentioned in a previous blog that the  use of stolen credit cards to purchase merchandise is one of the most common forms of fraud.  The negative affects are not only realized by the business, but also impact the consumer whose card was stolen.  The national debate about how best to fight credit card fraud is expected to heat up in 2011 with the introduction of point of sale chip and PIN technology.

The point of sale chip and PIN payment technology is believed to be a safer form of payment than the common magnetic striped credit card. The new technology uses a card with an embedded microchip that requires the consumer to enter a unique PIN through a reader to make payment. Conversely, magnetic stripe credit cards require little verification beyond a signature, which opens the door to fraud.

Many major retailers, like Wal-Mart, are eager to implement this technology as a measure to help prevent point of sale credit card fraud.  According to a representative, Wal-Mart experienced a significant drop in fraud rates once the card reader system was adopted.

So why aren’t more businesses adopting this technology?  There are concerns that consumer credit card data can be breached at each transaction.  A technology researcher was able to make purchases with these POS systems in place without knowing the card’s PIN verification code using simple hardware purchased at an electronics retailer. Simply put, a clever thief can access a customer’s credit card number and easily authorize other transactions leaving very little trace.

How is your company addressing credit card fraud? Put processes in place before your business becomes a victim.



The Holiday Season is one of the busiest times of year for consumer-facing businesses.  While Holiday sales can help improve a bottom line, the increased consumer activity also brings many headaches. One of the biggest headaches is falling victim to fraud schemes from wily consumers hoping to take advantage of business who do not have policies or controls in place.  Unfortunately many businesses don’t realize that they are victims until after the most wonderful time of year.

According to a recent article, use of a stolen credit card to purchase merchandise is one of the most common forms of fraud.  However, fraudsters are becoming more sophisticated and have learned to steal credit card information by intercepting transmissions from retail credit machines.   Scary isn’t it?

What can a business do to protect itself from damages now and in the New Year?  There are three things your business can implement immediately.  For example, require employees who process credit cards to ask customers to sign the credit receipt and check signatures on the back of the credit card.  Secondly, focus on delivering excellent customer service.  A happy customer is less likely to retaliate by making charge backs.  Lastly, define and implement a return policy to address the very real threat of merchandise return fraud.

Take the time to discuss threat of consumer fraud with your employees and implement policies to reduce fraud.  Doing so will enable your business to benefit from the seasonal increase in sales.

A majority of the media attention has focused on the sharp increase of personal identity theft or on the loss of customer data by businesses.  Very little focus has been given to the damage done by fraudsters who craftily steal the identity of a business.  The difference between personal and business identity theft is quite simple.  The victim of the fraudulent act is a company instead of an individual. However, the damage to a business can be just as, if not more, devastating.

Unfortunately, the consequences of a stolen business identity can affect not only the proprietor, but also suppliers, clients and even employees.  The consequences may include fraudulent high dollar value purchases, illegitimate business agreements, fraudulent loans and damage to business credit ratings.  As one 2009 study found, 88 percent of US companies that experienced fraud reported a decline in financial performance.

Recovering from these fraudulent acts can be quite difficult and expensive. However, the best defense against the damages of business identity theft is to prevent it from happening. There are many basic things a company can do to reduce the risk of becoming a victim. For example, shred all business documents and purchase computer security software to protect electronic information.  Additionally, establish processes to detect and deter fraud from happening.  Develop written procedures to define how certain accounting procedures are handled.  Or establish an anonymous way for employees to report suspected fraud.

Please evaluate what your business is doing to prevent fraud. Even the simplest changes can prevent your business from becoming a victim.