This past weekend I read a number of articles pertaining to identity theft and other forms of fraudulent activities happening around the world. Then a gentleman I have known for a number of years stopped by to ask me for some advice. It seems someone had skimmed his American Express card and made a clone so they could begin the process of stealing. American Express called him to see if he had made some recent charges over 2000 miles from where he resides. None of the charges were his so once again someone will have to spend several hours reviewing various items as well as completing forms to make sure this single credit card was the only affected item for him and his family.
I explained to him as I have so many others what steps he should take to protect potential future problems. File a police report, contact all three major credit bureaus and place a notice at the credit bureaus, and also send a written dispute to American Express. It is nearly impossible for individuals to truly protect themselves from many of the annoyances that come with losing their credit card information. Skimming, Phishing, Pharming, Data breaches, and multiple other ways thieves steal information from unsuspecting parties and companies.
Companies and a number of organizations provide information on what steps individuals should utilize to protect their private information and yet companies require individuals to provide this same information without any assurance that the company will actually be able to protect it. The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year. Another article shows; No matter what your industry, fraud is a part of it. Did you know that merchants are paying $139 billion annually in fraud losses alone, according to the 2010 LexisNexis True Cost of Fraud Study? This alone should make people wary of any company’s ability or desire to truly protect them and question what companies are really doing to fight fraud or data breaches.
The loss of information by a number of different means is a world wide problem as outline in a recent article; LONDON (AP) — A hacker claims to have compromised the personal information of more than 350,000 users after breaking into a disused website operated by pornography provider Brazzers. A small sample of the hundreds of thousands of pieces of user data allegedly compromised were posted to the Internet earlier this week. Emails, usernames, and encrypted passwords were divulged, and in some cases it was possible to infer porn users’ full names and country of origin.
I review the reports of losses through multiple means on a daily basis. I also review various companies and organizations recommendations on how people should protect themselves from losses and below is just a fraction of what has been recommended for people to do;
• Do not carry a Social Security card.
• Do not give personal information over the phone.
• Do not give checking account or debit card information over the phone.
• Do not leave outgoing mail in a home mailbox.
• Do not respond to e-mail requesting account information.
Companies who accept credit cards for payment of goods or services use a point of sale device to validate the card and authorize the transaction amount. These companies rely on their payment processors and the banks who issue the cards as well as the credit card companies themselves, to validate the card and that the person using the card is making a valid transaction not a fraudulent one.
My question to companies is, with all of these layers of protection that is suppose to protect individuals why are reports like the following still being written; “The U.S. currently accounts for 47% of global credit and debit card fraud even though it generates only 27% of the total volume of purchases and cash, according to Global Card Fraud, from a recent issue of The Nilson Report, a respected trade newsletter on the payments industry. Payment card fraud losses totaled $3.56 billion last year in the U.S. from all general purpose and private label, signature and PIN payment cards. “The U.S. has a disproportionate percentage of the global total losses for two reasons . . . U.S. banks have been slow to adopt newer technologies such as EMV chip cards, and issuers are reluctant to decline card authorization from merchants because they don’t want to alienate their cardholder,” said David Robertson, publisher of The Nilson Report.”
How does a company protect their customers and their company information? Can this actually be achieved when the crooks are using some of the best stolen equipment available while the companies are using ‘older’ models because of budget constraints? Companies make do with what they have and crooks make do with the newest equipment they can steal
When will a multi-level multi-dimensional protection system be produced? Systems that utilize accurate purchasing patterns as well as, instant notification of purchases, for the individuals that wish it. An example of an extra layer of protect on credit card or mobile payment that could easily be initiated would be a zip code verification the merchant themselves could utilize with the point of sale device. The first three numbers of the zip code could be placed on the mag strip or other encrypted information captured by the point of sale device. If the three digits are outside of a 100 or even 200 mile radius of where the transactions are taking place the merchant could take one more step to protect the cardholder and them selves from any losses. This would eliminate much of the skimmed information from being transmitted to someone several states away and a card being cloned and use.
People believe that fraud will never happen to them but if it does, it can be expensive and very time consuming attempting to take the necessary actions to undo the long term damage it does. When enough people are affected or the reported losses are high enough governments discuss ways to fight the various problems. Sometimes laws are enacted requiring companies to protect the data of their customers. Many times years may go by before companies comply with these laws. It is sometimes easier to argue against the need for the protection than to invest in protecting the customers’ data.
Reading daily reports, I am reminded how little things have changed in over 10 years when it comes to fighting fraud in this new world of technology advances. Below are two excerpts comprised of the beginning and ending of an article I wrote for a publication in August, 2000.
“Imagine sitting on a full plane on the tarmac, delayed for an hour or more due to weather. How does this relate to a story on Internet Fraud? It reminds us that despite the fact that the world continues to get more sophisticated, we remain at the mercy of intangibles. Despite all their advances, the sophisticated systems of an airline and the high-tech capabilities of the Internet can be beaten by the unanticipated. In the case of the airlines, the unanticipated is the weather. In the case of the Internet, it is the new age thief.”
“As we taxied back to the gate after an hour on the tarmac, I could not help but think that no matter how sophisticated the world and machines have become, we are sometimes stopped by the unexpected and the unwanted. In the case of Internet, it is the new age thieves and other unscrupulous parties that cause problems for companies and individuals trying to adjust to a new way of doing business.”
Thieves, over the last 10 years, have expanded their methods to included attacking nearly every industry. Data theft, Healthcare fraud, Identity theft, and Bank fraud are some of the largest at this time. Year after year losses grow and year after year companies continue fighting all forms of fraud with reactive solutions instead of investing in proactive solutions. When companies become proactive in fraud fighting there will be little need for their customers to worry about someone obtaining their credit data or stealing their identity.