Check out all the in-demand sessions at the Intelligent Security Summit here.
For many of us, the upcoming holidays are a time to gather with family and friends and exchange gifts.
But they also mean good news for fraudsters and scammers.
Card-not-present (CNP) tricks, identity theft, gift card co-opting, advanced phishing scams, refund abuse — these are all gifts that bad actors (or “friendly” fraudsters with bad intentions) can keep giving.
American Express and Accertify teamed up 12 years ago to help prevent such scams. And, as Tina Eide, EVP of fraud and risk for banking products at American Express, noted: “Through our work together, we’ve identified new trends and strategies that fraudsters are using.”
Intelligent Security Summit On-Demand
Learn the critical role of AI and ML in cybersecurity and industry-specific case studies. Watch the most in-demand sessions today.
“The fraud threat landscape is constantly changing and we have to look at what’s coming up to help protect,” he said.
Here are some threats retailers should look out for — and be aware of — this holiday shopping season (and the inevitable return), according to Eide and Accertify CEO Mark Michelon.
Bots are growing in sophistication and use – and attack methods.
In particular, bots have been driving credit master attacks, Eide said. This is a trick to try multiple combos on both logins and transactions to guess the details and proceed to take ownership or authorized purchases of cards.
Fraudsters have expanded their use to be more effective and more secure, he pointed out. Also, one-time pass code (OTP) bots make automated calls to customers to arrive at the OTPs required to log into accounts and 3D security protocols.
‘Friendship fraud’ isn’t all friendship so much
First-party abuse or return abuse — sometimes called “friendly fraud” — is when consumers make legitimate purchases, then dispute the transaction or say the item wasn’t delivered, Michelon explained.
“As online shopping is at its peak, orders are increasing exponentially, and some delivery companies are still doing contactless delivery,” he said.
So, regardless of the amount of the order, there may not be a signature for proof of delivery, he said. Fraudsters may claim they never received the order (when in fact they did) and will demand a full refund or reshipment.
This can happen for a number of reasons – buyer’s remorse is a common culprit, says Michelon.
This affects retailers with recurring registration fees, too, he said. Instead of trying to cancel the subscription, the customer can dispute the charge. Also, another “less aggressive” example is when buyers don’t see the charge or seller’s description on their statement, think the charge is suspicious, and dispute it.
Prevention, not just detection
Scammers of all kinds should not be ignored. It is no wonder that they are growing in sophistication. Thus, says Eide: “It is important that organizations and consumers remain vigilant.”
Organizations should be aware that gift card scams are more common during the holiday season. They should warn customers to never buy gift cards from an unfamiliar third-party company, and be wary of suspicious requests from executives or other trusted companies to buy gift cards in bulk.
“Many times, such requests are a scam and come from bad actors,” Eide said.
Organizations should also be aware of new types of “social engineering” fraudsters, where criminals impersonate organizations to access one-time codes and customer card data, Eide said. To combat this, they should consider strengthening defenses with multifactor authentication (MFA) and biometric authentication, as well as campaigns to educate consumers on best practices.
Ultimately, says Eide, it is important to shift the focus from mere detection to active prediction. Understanding when scams and fraud can occur, and educating customers on how they can help protect themselves, is critical.
“Prevention is always better than cure,” said Eide.
Complete fraud protection
The key to helping prevent fraud during busy shopping periods is to approach it from several angles, Michelon said.
“It’s important to have a multi-layered fraud prevention solution that can help keep merchants protected,” he advised.
And, if an attack does happen, it’s important that vendors already have solutions in place to help with device identification, user behavior analytics, machine learning (ML) and payment fraud detection, among others, he said.
Also, state the terms and conditions “clearly and clearly,” including your refund, return and exchange policy, he advises. Also, make it easy for customers to reach the support team if they have any questions about the transaction.
“Prompt actions and faster customer service can help prevent fraud-related disputes and charges,” Michelon said.
Consumer awareness is also important
Consumers should educate themselves and be aware of how to avoid such fraudulent attempts, Michelon said.
First, stay on the lookout for phishing attempts, he said. Be suspicious of messages with warnings like “Your payment is overdue,” or “Your account will be locked unless you take action.” (Also look closely, as they may appear to be legitimately written, but the book may be closed or contain typos; this is a common tactic among hackers.)
“This may indicate that the email is from a fraudster who is trying to obtain confidential information that would allow them to access your account,” Michelon said.
Most importantly, be aware of unexpected phone calls or texts. Bad actors can pretend to be from a financial institution and ask to verify account information, PINs, and card verification or security codes. This is what is called “prevention” efforts.
Fraudsters can also try to get confidential information through text (“smishing”) that encourages users to click on links or suspicious messages about purchases they didn’t make, or messages with gift card offers. At the click of a user, fraudsters can quickly install malware.
“When in doubt, call the number on the back of your card and speak to a customer service representative to find out if your bank or credit card company is really trying to contact you,” says Michelon. “Also, be wary of any caller who urges you to act with great urgency.”
Importantly, sign up for MFA, which can prevent fraudsters from accessing the account even if they have the correct username and password.
“Once you’ve signed up for two-factor authentication, never reveal these security codes to unsolicited callers, even if they say they’re from your bank,” says Michelon.
VentureBeat’s work it should be a digital town square for technology decision makers to get information about changing business technologies and trade. Get our Summary.