Look out for These Four 2012 Bank Fraud Trends
Credit Card Fraud:
This is another scam that allows fraudsters to use stolen pre-paid gift cards to steal your money. Fraudsters will begin by demagnetizing the magnetic strip (rendering the card useless), apply a chemical wash to remove the printed card number and then re-embossing the card with valid information from a purchased list of compromised credit cards. With this method, the card swipe fails at the POS, but the retail associate is happy to key in the transaction manually and viola … high-tech (and easy) credit card fraud.
Phishing Schemes Continue:
Phishing scams have been impacting financial institutions for over six years and, during this time, they have become increasingly complex and convincing.
- Phishing attacks impact all account holders; however, the majority of attacks will continue to focus on commercial accounts and businesses. These accounts are targeted due to the nature of the account -- most commercial accounts will contain larger amounts of money that can become a quick and easy target to criminals who can easily initiate money transfers via wire transfers or ACH.
- It has become increasingly difficult for customers to discern real bank communication from phishing attempts. The best defense against a phishing outbreak continues to be customer education, password complexity and aging policies. It seems like a small thing, but where phishing is concerned, regular password changes can dramatically reduce the chance of compromised credentials being used to commit fraud.
Many financial institutions have turned to third-party transaction processing networks to manage transaction processing. This provides a cost-effective means to handle the processing volume but also adds to the overall risk to the organization that is often overlooked through standard security practices and validation.
Organizations cannot assume that these third party providers are practicing the same level of security for these hosted systems. This is an area where it pays to conduct a thorough security assessment to ensure these remotely connected systems are adequate to protect your sensitive customer transaction data.
This year we have watched headline news reports detailing the results of insider fraud impacting several larger organizations. According to expert Tom Wills, senior security and fraud analyst at Javelin Strategy & Research, next year doesn't look any better. As organizations continue to “outsource” computing and transaction processing to outside organizations in what RSA refers to as "the hyper extended enterprise," an insider is no longer just an immediate employee or hired contractor -- he or she has to now be viewed as anyone with authorized access to the bank's network resources, suppliers and partners as well.