Sharing intel is the best way to combat payment crime
Communication is the biggest weapon against fraud. Fraudsters use fear to their advantage, depending on the fact that people will be scared or ashamed to admit to others that they have been a victim of fraud.
This means that fraudsters can attack multiple individuals with the same scam, knowing that the details won’t be shared. Sharing the details of a scam takes that advantage away.
Fraudsters play the field – they will not be targeting just one person at a time. This can be helpful in combating attacks such as account takeover. Account takeover sounds simple, but it has become a particularly dangerous form of payment and financial services fraud. Using your phone number and full name, a fraudster may be able to redirect certain phone calls, or text messages to a fake sim card, which they have either created or stolen.
While this may sound innocuous, there are several apps that require a one-time password (OTP) to be sent by text message to change an account password.
Many financial services and payment apps are also linked to a phone number and address, for easy re-installation.This could mean someone with a phone number can take over a bank account or a retail app just from using a phone number and full name. For retail apps, the fraudster is also able to use the phone credit to make purchases. By loading a phone with credit from stolen credit cards, they can make purchases using the details of a genuine phone user.
This has been referred to as sim-swap fraud. Using a phone number and full name, fraudsters can request a new sim card online – often being able to guess the answers to security questions, due to information being posted on social media platforms, such as Facebook and Twitter.
What can we do about it? Social media messaging payment fraud is on the rise, with reports citing a 65% increase in recorded incidents of phishing in the U.S. in 2018. We need to be careful about sharing information, only giving away details about yourself to trustworthy sources and not to anonymous end users.
Even if it seems unimportant, data can be manipulated and abused in many ways, and fraudsters spend the equivalent of a full-time career finding ways to exploit genuine users. Think before posting or sharing anything that could be related to a security question, particularly if this information is linked to an important application.
For businesses, it is important to focus on blocking the transactions as quickly as possible, not just high value transactions. Card testing is often at the same value or lower than genuine use and restricting as many transactions as possible will decrease the likelihood of the cards, not just being used elsewhere, but also making high spending via an account takeover less likely. Using machine learning tools and unsupervised learning machines, effective fraud engines can determine changes in spending pattern to a minute level. Not only does this stop the cards being used elsewhere, but it saves a business time and money in not having to do manual refunds and chargebacks.