Tag Archive for online fraud detection

Online Fraud Detection on 5 ecommerce fraud predictions for 2017

5 ecommerce fraud predictions for 2017

Ecommerce fraud is on the rise as more consumers turn to online shopping. Luckily, by being vigilant, merchants can fight fraud and win.

As the number of consumers turning to online shopping increases, the rise of online fraud is also rising.

Those committing internet crimes are depriving their victims of either funds, interests, personal property and/or sensitive data. As the threat escalates, consumers and companies alike are seeking various methods to tackle the phenomenon.

Ecommerce fraud has a long and controversial history. Thus, providing a forecast for the months ahead can help retailers adopt an adequate solution to confront the many challenges in 2017.

1. Identity theft and friendly fraud

The main threat will remain identity theft. Fraudsters will seek your personal information. Their main goal is to use a different identity and, for example, place an online order. Identity theft also includes a concept known as man-in-the-middle attacks where credit-card data is intercepted and copied as it is transferred online.

In the practice of friendly fraud, a customer pays for ordered goods and/or services through a direct debit or a credit card. The second step involves a deliberate chargeback from the issuing bank, taking place only after receiving the purchased goods or service. The involved fraudster then goes on to claim the credit card or details of customer’s account has been stolen. While the “customer” is reimbursed, they decide to keep hold of the goods.

2. Merchant and triangulation fraud

In merchant fraud, the goods are provided at extremely low prices yet no shipment takes place. There is also a wholesale version of this fraud. No specific method enjoys any exclusivity, yet it is common knowledge that no-chargeback payment methods come to life in this practice of fraud. This also involves a majority of the push payment types.

Considered as one of the more complex ecommerce attack methods, triangulation fraud involves quite a bit of collaboration, as three points are involved. Role #1 belongs to an ordinary customer placing an order through a type of credit, debit or PayPal tender. Role #2 involves a fraudulent seller receiving the placed order, then requesting the actual product from a legitimate ecommerce website while using a stolen credit card. Role #3 is the part played by a legitimate ecommerce website completing the order requested, completely unaware of the criminal nature.

3. Affiliate and clean fraud

Two types of affiliate fraud are popular these days, while both seek one objective. By manipulating sign-up data or traffic, fraudsters are pursuing the objective of collecting more money. Options include actual people using fake accounts who log into sites of merchants or simply employing an automated process.

Clean fraud also involves the use of a stolen credit to make an order. In such a method, criminals resort to complicated practices, such as using sound analyses equipped in fraud detection systems, and obtaining in-depth data on the owners of stolen credit cards. This information is needed to deceive the payment process and bypass the fraud detection solution.

4. The counterattack

Online piracy and the sale of counterfeit goods will face new challenges, as the U.S. Department of Justice has declared a new initiative teaming up state and local law enforcement agencies in this struggle. Washington has already pumped $3.2 million into this campaign.

New state-of-the-art advances are also making life more difficult for fraudsters, especially with the introduction of EMV chip card technology. This is a significant leap forward in enhancing credit card security, providing a strong incentive for small and large companies to jump on the bandwagon.

5. Fighting fraud

Fraud prevention and chargeback guarantee for ecommerce merchants, Riskified works on establishing genuine financial security between online customers and ecommerce merchants. This company delivers ecommerce fraud prevention solutions for merchants to certify previously avoided transactions.

At a time when the relationship between a buyer and a seller is in search of trust more than ever before, customer experience and the bottom line is protected through the services provided by this firm in pioneering the charge-back guarantee.

“We founded Riskified with the retailer in mind and have grown adept at servicing the needs global retailers have as they expand their e-commerce and m-commerce operations to provide more personalization to consumers,” says co-founder and CEO Eido Gal, signaling the high demand and importance of such services in today’s digitized world.

As calls for digital goods increase, we are witnessing a rise in the necessity of protection against fraud.

“Digital goods, such as electronic gift cards and e-tickets, are becoming increasingly popular. In the U.S., over $127 billion is spent on gift cards annually,” Shalhevet Zohar explained in a blog post about ecommerce fraud trends.

Such statistics, growing as we speak, demonstrate the huge market fraudsters seek to tap into—and the utmost necessity for consumers to be adequately prepared.

Final thoughts

The fraud landscape is a constantly changing and evolving phenomenon, demanding an adaptive approach to remain at top of your game. Retailers in the U.S. have suffered $109 billion more due to suspected fraud costs resulting from false declines of legitimate orders. This is far beyond actual fraud losses. The ecommerce industry is increasing its demand for fraud prevention platforms, and there is a new revenue opportunity for those companies able to provide such high-valued expertise.

Online Security Review Steps to Protect Yourself from Tax Identity Fraud

By William F. Whelan, guest columnist and Senior VP, Branch/Government Banking, Capital Bank.

As the 2017 tax season gets underway, Capital Bank of New Jersey is urging all customers to take extra precaution when filing their return to prevent their exposure to tax fraud.

“Fraudsters are using very clever tactics to get a hold of your personal information and submit false tax claims,” said David J. Hanrahan, Sr., President and CEO. “Consumers must be suspicious of any communication from the IRS—through e-mail, text or social media—that requests personal information, and should keep a watchful eye out for missing W-2s and mail containing sensitive financial information.”

Tax identity fraud takes place when a criminal files a false tax return using a stolen Social Security number in order to fraudulently claim the refund. Identity thieves generally file false claims early in the year and victims are unaware until they file a return and learn one has already been filed in their name.

To help consumers prevent tax ID fraud, Capital Bank of New Jersey is offering the following tips:

  1. File early. File your tax return as soon as you’re able, giving criminals less time to use your information to file a false return.
  1. File on a protected Wi-Fi network. If you’re using an online service to file your return, be sure you’re connected to a password-protected personal network. Avoid using public networks like a Wi-Fi hotspot at a coffee shop.
  1. Use a secure mailbox. If you’re filing by mail, drop your tax return at the post office or an official postal box instead of your mailbox at home. Some criminals look for completed tax return forms in home mailboxes during tax season.
  1. Find a tax preparer you trust. If you’re planning to hire someone to do your taxes, get recommendations and research a tax preparer thoroughly before handing over all of your financial information.
  1. Shred what you don’t need. Once you’ve completed your tax return, shred the sensitive documents that you no longer need and safely file away the ones you do.
  1. Beware of phishing scams by e-mail, text or phone. Scammers may try to solicit sensitive information by impersonating the IRS. Know that the IRS will not contact you by e-mail, text or social media. If the IRS needs information, they will contact you by mail first.
  1. Keep an eye out for missing mail. Fraudsters look for W-2s, tax refunds or other mail containing your financial information. If you don’t receive your W-2s, and your employer indicates they’ve been mailed, or it looks like it has been previously opened upon delivery, contact the IRS immediately.

If you believe you’re a victim of tax identity theft or if the IRS denies your tax return because one has previously been filed under your name, alert the IRS Identity Protection Specialized Unit at 1-800-908-4490. In addition, you should:

  • Respond immediately to any IRS notice and complete IRS Form 14039, Identity Theft Affidavit.
  • Contact your bank immediately, and close any accounts opened without your permission or tampered with.
  • Contact the three major credit bureaus to place a fraud alert on your credit records:
  • Continue to pay your taxes and file your tax return, even if you must do so by paper.
  • More information about tax identity theft is available from the FTC at ftc.gov/taxi theft and the IRS at irs.gov/identity theft.

Capital Bank opened for business in Vineland in 2007.  Currently, it has four locations—two in Vineland, one in Woodbury Heights, and one in Hammonton. Capital Bank lends money to businesses and individuals throughout South Jersey, is an Approved SBA Lender and a New Jersey EDA Premier Lender. It is also 5-Star rated by BauerFinancial (BauerFinancial.com). For more information about Capital Bank, visit capitalbanknj.com.

Security and Risk Complaints Online on Building a ‘human firewall’

A recent research study Mimecast conducted with Vanson Bourne revealed that 66% of the surveyed South African businesses said that they thought it likely that their organization would suffer from cyber-criminal activity in 2017.

So said Mimecast MD Brandon Bekker, adding that there are three major threats his organization believes SA businesses are facing in terms of IT security.

Ransomware

“Ransomware will explode to become one of the biggest threats, fuelled by smaller ‘opportunist’ attackers using off-the-shelf kits to deploy malware. This is an easy and cheap attack method that produces fruitful results. Few organisations have effective defenses against this type of malware and now with bitcoins enabling the perpetrators to increase distance from their victims further, it has never been so easy to get away with it,” he adds.

When asked how to prevent or mitigate attacks of this nature, he says cyber criminals are becoming increasingly more sophisticated and insidious, and are continually revising, updating and re-inventing their tactics and technologies to carry out an attack.

Because of this, preventive systems, such as anti-virus and intrusion prevention systems, are rendered inadequate. “Planning exclusively to help prevent cyber-attacks, like ransomware, isn’t enough. It’s time for businesses to implement a total cyber resilience strategy that includes security, continuity and data recovery.”

In his view, the ideal approach is to layer together state-of-the-art preventive systems, point-in-time recovery measures, and a means to maintain business continuity during a ransomware attack. He adds that education, or ‘building a human firewall’ plays a vital role, because the more staff can be aware of attacks such as ransomware, the more educated eyes can be on the problem.

The insider threat

According to Bekker, insider threats are also high on the list, and according to a Forrester Technology Adoption Profile study, these threats impact 99% of organisations surveyed.

In addition, these businesses said they had experienced some form of insider security incident in the past 24 months and 36% discovered insiders e-mailing sensitive data out of the organisation.

“With the POPI Act in the spotlight, organisations need to ensure that sensitive corporate data is not being accidentally or purposefully leaked externally; no business wants to be made an example of by the Information Regulator,” cautions Bekker.

The third threat was revealed to be e-mail impersonation, or whaling, which continues to plague businesses in South Africa. The Mimecast study showed that 51% of those surveyed reported seeing an increase in impersonation fraud where recipients are asked to make wire transactions.

Bekker says impersonation technology, in conjunction with regular employee education, will help business protect themselves from these attacks.

What we’re doing wrong

Speaking of what SA companies are doing wrong in light of these three threats, Bekker says although many SA businesses are developing stronger cyber resilience strategies, and cyber activity is being discussed seriously and regularly in boardrooms across the country, IT budgets still limit organisations that need the advanced, layered protection required to protect them from the evolving threat landscape.

“In their move to the cloud, many organisations believe that sufficient security is being built into their messaging platform. We are finding that the increased pace of development in the cybercrime underworld needs to be matched by a focused security solution that integrates with the messaging platform but focuses on the protection of corporate data.”

In terms of what businesses could be doing better, Bekker says there is a vast amount of information out there and many perspectives about what the future holds. “IT managers need to continue exploring all the options, researching the options and meeting with different providers to better understand how they can build a strong cyber resilience strategy and how to layer the right set of solutions into that strategy.

Security and Risk Complaints Online on Protection from Becoming a Victim of Fraud

Remember, your financial information is at risk all the time. Fraudsters will always come up of new intricate ways to trick you from giving credit card details. Here are some advices to protect yourself from scammers.

Shred any receipts or papers with a credit card details on it.

Fraudsters can be dumpster divers, which mean, they can use tossed rubbishes to obtain financial information from you. For this reason, it is best to shred receipts and bank statements before dumping them in the trash.

Keep your PIN private

Do not use the same PIN code on all your cards and avoid using personal information such as your birthdate in your PIN code. If you are going to withdraw, cover up your PIN number when typing and be wary of your surroundings. It is also not advisable to write your PIN number on a piece of paper.

Phone passwords

Passwords must be protected on a high level. If you use the same password on all your accounts, it is time to change it. Change the password on all your accounts and cards as it makes it easy for a fraudster to access all your accounts if all of them have the same passcodes.

Moreover, do not save your passwords on your computer and as much as possible, set a security pin on your mobile phone and computers to avoid unauthorized people from accessing sensitive information inside your device.

Phone calls from your bank

Do not let your guard down especially when you are in a public place or in an internet shop doing online banking. And if you are talking to your bank, do it in a secure and private place where no one can hear any banking details about your transaction.

One of the scam tricks fraudsters do is by trying to lure you using phone calls. They may pretend that they are from the bank and asking you to provide banking details. If this happens, don’t be afraid to ask questions and verify their identity first before providing any important information.

Viruses

To protect your computer from malicious software and spyware, install anti-virus software and make sure to keep it running and updated especially when you are online.

Emails

Beware of suspicious emails. Fraudsters use electronic mailing to trick their victims into giving financial details. They usually pretend to be from your bank and will request that you confirm your banking details. If an incident like this happens, don’t provide information and don’t click any suspicious links in the email as it may contain malware that can steal data from your computer. Remember that a bank will never send an email to threaten you or will request any financial details of you.

Online transactions

Do not trust websites easily especially if you are making online transactions. Do not give away personal and financial details unless that site is reputable.

Online Security at IRS phone scam finally may be fizzling out

Online Security at IRS phone scam finally may be fizzling out

We all should be thankful on this Thanksgiving Day that one of the worst scams to hit the Lehigh Valley, and the nation, finally is on its way to being cooked.

Complaints about the IRS phone scam have dropped significantly in the past month or so. After three years, international detective work and technological advances finally have carved deeply into these turkeys’ business.

The scheme isn’t completely stuffed away yet, so remain vigilant. But it’s certainly not as prevalent as it was.

The relentless calls started in fall 2013. Con artists pose as IRS and U.S. Treasury agents and threaten people with a lawsuit, arrest or grand jury investigation unless they immediately pay supposed tax debts.

The debts aren’t real but the callers bully people into paying over the phone, usually with prepaid debit cards and iTunes cards. More than 9,600 people, including some locally, have lost a combined $50 million. A California man lost $136,000 when he was exploited repeatedly over 20 days, according to the U.S. Attorney General’s Office.

I heard from hundreds of people who got the calls. Some were scared. Others were confused about whether the calls were legitimate. Many knew they were fraudulent and wanted to know how to stop them or where to report the scoundrels.

Nearly 2 million complaints about the scam have been reported to the Inspector General for Tax Administration. It’s also the top scam complaint to the Better Business Bureau.

But it’s been a month or more since I’ve heard any complaints. Reports to the inspector general and the BBB are way down.

That’s because some of the people accused of making the calls have been locked up. Early last month, authorities in India raided a call center and charged 70 people with fraud. On Oct. 27, U.S. authorities announced that 56 others had been indicted; some of them in the states, along with five call centers in India.

“We are encouraged that our investigation, which resulted in the announced law enforcement action in late October, has had a significant impact on this criminal activity,” inspector general’s spokeswoman Karen Kraushaar told me.

At the peak of the scam, more than 30,000 calls were reported to the inspector general in a single week. That was down to about 1,000 in one recent week.

People still are being ripped off, though, and the inspector general recently learned of 40 people who lost money, Kraushaar said.

“It is extremely important that people remain vigilant and remember to hang up on callers who claim to be IRS or Treasury employees and make threatening calls demanding immediate payment,” she said.

In about the past month, the Better Business Bureau’s Scam Tracker website has received 91 reports of tax fraud, compared to 489 the previous month. While those figures include all types of tax scams, the vast majority are IRS scam calls.

“We are pleased with the drop and are looking forward to the day when we aren’t getting any IRS tax scams reported,” said Kelsey Owen, communications and public affairs director for the Better Business Bureau office that covers eastern Pennsylvania.

There are variations of these scam calls. Sometimes the callers are men. Sometimes they are women. Some calls are live while others at least start as robocalls. Callers often instruct victims not to tell anyone about what’s going on and to remain on their cellphone while they are buying the prepaid cards to pay their supposed debt. The callers try to sound official, sometimes offering badge numbers and case numbers. But their foreign accents often give them away.

In addition to the arrests, technology also played a role in reducing the number of calls getting through.

As I reported in a recent column, a new technique being developed by phone and technology companies to block illegal robocalls stopped a substantial number of these scam calls during a test.

While this is all good news, I fear the fraud could catch a second wind. Schemes as profitable as this often morph into new ones. The Better Business Bureau also warned of that.

“We know from past experience that scammers are opportunists,” Emma Fletcher, manager of the BBB’s Scam Tracker, said in a news release last month. “Hopefully this crew won’t be stealing from anyone again for a long while. But we will be keeping an eye on incoming scam reports so we can alert consumers what the ‘next big thing’ in scams turns out to be.”

The IRS phone scam already was evolving prior to the raid in India. John Miller of Bethlehem Township told me he got several calls in late September from the “Office of Taxation” that followed the same script.

“I guess they gathered that everybody has figured out the IRS game so now they’re trying a different name,” Miller told me.

If you get an IRS scam call, you can report it to the Treasury Inspector General for Tax Administration (800-366-4484, www.tigta.gov) or the BBB Scam Tracker (www.bbb.org/scamtracker/us).

Protect yourself against scams by reading my previous Watchdog columns at www.mcall.com/watchdog. If you are targeted with a new scam, let me know and I’ll warn others.

The Watchdog is published Thursdays and Sundays. Contact me at watchdog@mcall.com, 610-841-2364 or The Morning Call, 101 N. Sixth St., Allentown, PA, 18101. I’m on Twitter @mcwatchdog and Facebook at Morning Call Watchdog.