News & Resources

As online incidents of fraud grow, preventative measures must improve

Feb 22, 2013 Dave King

The popularity of electronic payments has forced the vast majority of businesses to implement ecommerce strategies. These cross-channel methods have proven to be extremely beneficial - multiple studies revealed that retailers reported revenue growth in 2012, largely because of ecommerce platforms - but they are not without flaws.

The rising popularity of electronic payment methods has also spurred an increase online credit card fraud. For example, one particular scam led to approximately $200 million lost in global fraudulent transactions, according to BankInfo Security. 

"This elaborate network utilized thousands of false identities, fraudulent bank accounts, fake companies and collusive merchants to defraud financial institutions of hundreds of millions of dollars in order to facilitate extravagant lifestyles they could otherwise not afford," FBI Special Agent David Velazquez said in the arrest announcement, according to the news source. 

The 18-member fraud ring developed a sophisticated scheme, during which they established fake profiles to receive loans. Through more than 25,000 fraudulent credit card transactions, the scammers were able to steal more than $200 million from institutions across the globe. 

Fraud prevention measures must improve
The two-year scam, which involved approximately 7,000 fake identities, revealed just how sophisticated fraudulent transactions have become. The criminals also used international bank accounts that made them even more difficult to track. 

"Transaction monitoring and core banking systems, when they do risk ratings, tend to work in a vacuum," Micah Willbrand, an industry expert, told BankInfo Security. "They set rules and say if something goes outside those boundaries, something is wrong. But the systems don't take into account any customer information or due diligence after the account is created."

Another concern for retailers is that in certain cases, merchants can be held liable for fraudulent transactions.

In a recent blog post for Lexology, Craig Hoffman, partner at Baker & Hostetler, discussed a recent incident where a New England bakery's point-of-sale system became infected with malware. According to Hoffman, just because the company had outsourced its card payment methods did not mean they were completely off the hook, highlighting two particular compliance regulations:

- State notification laws obligate companies to notify customer bases anytime people's personal information - credit card numbers and debit PINs, for instance - have been placed at risk.

- Credit card association laws require organizations to make banks aware about these breaches. 

Small businesses are especially vulnerable to card fraud, according to Hoffman, as approximately 85 percent of these breaches affect companies with less than $1 million in yearly transactions.