Fraud schemes that rely on social engineering and other attacks to steal consumers’ sensitive information are especially dangerous this time of year, when the hustle and bustle of the holiday season may lead Americans to let down their guard and skimp on security.

The top five ways fraudsters steal identities include: creating seemingly safe free Wi-Fi hotspots in public places; having customers verify information under the guise of census or survey taking; getting personal information via social networks; pretending to be a merchant providing an offer or discount; and establishing underground fraud forums, according to “The Fraudsters Playbook,” a whitepaper released by imaging and security technology developer Jumio Inc.

“It’s the season for giving and the season for fraud,” says Marc Barach, chief marketing officer at Jumio. “The commonality that applies to all these scams…is that they’re not technology-based, but human nature-based.”

Most attacks come from low-level criminals that then sell the information on fraudster marketplaces, he says. Fraudsters calling their victims and social engineering them to disclose personal information is a trick frequently used, Barach notes.

A fraudster could, for example, add someone on Facebook and figure out where he or she recently ate dinner. Impersonating the restaurant manager, the fraudster might then call the unsuspecting consumer and say the restaurant overcharged for the meal and offer to refund the money if the consumer provides his or her credit card number.

The whitepaper is the latest effort by Pal Alto, Calif.-based Jumio to bring attention to mobile commerce-related issues, and follows a survey last summer that shed light on a number of mobile payments-related topics.

While Jumio doesn’t have specific products to deter any of those attacks on consumers, the company has developed both NetVerify and Netswipe to help businesses identify their customers.

NetVerify is used by banks and ecommerce retailers to meet Know Your Customer regulatory requirements. Businesses can authenticate customers’ driver’s licenses, passports and other IDs by having consumers take a short video of their identification card with their smartphone cameras or with a webcam.

NetSwipe Mobile allows customers to scan their plastic payment cards with their smartphone cameras to initiate and validate payments.

“About 2% of the IDs that are presented via our customer base are fraudulent,” Barach says. “Typically, increasing security means less convenience for consumers…but we increased security but also sped up the customer experience.”

Generally, when a business wants to confirm a consumer’s identity, it would have the person fax a copy of his or her identification.

That approach not only takes time. Because of the low-quality resolution of faxes, manipulations might not be caught, Barach says.

Plus, because consumers are faxing their personal documents to an unknown employee and are unaware of how those documents are then disposed of or stored, they risk having information stolen, he says. Sending a fax also interrupts the flow of a transaction, says Barach.

“There’s no tolerance for an extra click or page or delay…because then the transaction gets lost,” he says. n

Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry