In our most recent webinar, I had the pleasure of moderating a panel session with four fraud experts spanning across many diverse backgrounds. The consistent theme throughout was that cyber criminals have become quite proficient at stealing data or account credentials. Once a cyber criminal has valid account data, they have incredible access to a broad range of possibilities. How an account is used; a real-time view of deposit and withdrawal patterns and what types of alerts and notification settings are in place. A determined fraudster may observe accounts for long periods to ensure they are able to make their move at the optimal time.
One of the biggest issues is being able to tell “friend from foe”, particularly in light of the endless supply of perfect, disposable data. I posed this scenario to our panel and asked what organizations can do now to protect themselves:
SCENARIO – Telling friend from foe
Credit card companies encourage travellers to alert them in advance of unusual travel to avoid red flags or declines while out of town. This can be a double-edged sword. A fraudster with appropriate credentials can contact a credit card company a few weeks before a “trip” to alert them of planned travel. At the start of the “trip” the distraught fraudster can then contact the credit card company to report a stolen card and request a replacement be expedited to them at their “destination.” The result is a fraudster armed with a completely legitimate card they can use at their leisure and with little risk of detection.
There were three key take-aways the expert panel recommended:
- Enhance your visibility. Without this important tactic, you won’t know what hit you. Fraudsters are armed with pristine identity data so they will look and act more like your best customers.
- Employee multiple security layers. You may be focused on ensuring that you know your customer, but does the transaction pattern fit normal behavior for the user? Malware could be embedded on the device. Are items such as language and other settings consistent with what you’d expect for your legitimate customers?
- Protect profile setups / online enrolment and reward programs the way you protect transactions. While the financial risk to your business may be limited, the potential regulatory exposure and brand reputation hit can be significant. It takes years to build your reputation with your best customers – but only seconds to destroy it. Undermining their trust in online or mobile interactions with your business has an immediate and destructive impact on loyalty.
What do you think? Let us know.