Fraud schemes that rely on social engineering and other attacks to steal sensitive information are especially dangerous this time of year, when the hustle and bustle of the holiday season may lead consumers to let their guard down and skimp on security.
The top five ways fraudsters steal identities include: creating seemingly safe free Wi-Fi hotspots in public places; having customers verify information under the guise of census or survey taking; getting personal information via social networks; pretending to be a merchant providing an offer or discount; and establishing underground fraud forums, according to "The Fraudsters Playbook," a whitepaper released by imaging and security technology developer Jumio Inc.
"Its the season for giving and the season for fraud," says Marc Barach, chief marketing officer at Jumio. "The commonality that applies to all these scams is that theyre not technology-based, but human nature-based."
Most attacks come from low-level criminals that then sell the information on fraudster marketplaces, he says. Fraudsters calling their victims and social engineering them to disclose personal information is a trick frequently used.
For example, Barach says, a fraudster could add someone on Facebook and figure out where he or she recently ate dinner. Impersonating the restaurant manager, the fraudster can then call the unsuspecting consumer and say the restaurant overcharged the meal and offer to refund the money if the consumer provides his or her credit card number.
The whitepaper is the latest effort by Pal Alto, Calif.-based Jumio to bring attention to mobile commerce-related issues, and follows a survey last summer that shed light on a number of mobile payments-related topics. While Jumio doesnt have products to specifically deter any of these attacks on consumers, the company has developed both NetVerify and Netswipe to help businesses identify their customers.
NetVerify is used by banks and ecommerce retailers to meet Know Your Customer regulatory requirements. Businesses can authenticate customers' driver's licenses, passports and other IDs by having consumers take a short video of their identification card with their smartphone cameras or with a webcam.
NetSwipe Mobile allows customers to scan their plastic payment cards with their smartphone cameras to initiate and validate payments.
"About 2% of the IDs that are presented via our customer base are fraudulent," Barach says. "Typically increasing security means less convenience for consumers but we increased security but also sped up the customer experience."
Generally when a business needs to confirm a consumers identity they would have the person fax a copy of their identification. This not only takes time, but also because of the low-quality of faxes, manipulations might not be caught, Barach says.
Plus, because consumers are faxing their personal documents to an unknown employee and are unaware of how those documents are then disposed of or stored, they risk having information stolen, he says. Sending a fax also interrupts the flow of a transaction, says Barach.
"Theres no tolerance for an extra click or page or delay because then the transaction gets lost," he says.