2011年11月22日 星期二

Low-Tech Fraud Continues To Daunt Card Issuers

Credit-card issuers have spent billions of dollars to stop data thieves cold in their tracks by strengthening their information-technology systems and developing programs that can flag bogus transactions as they occur.

Despite the investments, lenders remain daunted by one of the oldest tricks in fraudsters' playbooks: card skimming.

Skimming involves stripping account information from a credit card using man-made devices that thieves can attach to gas-pump terminals, automated teller machines and retailers' check-out systems. Fraudsters use this information to make purchases online and produce counterfeit cards for spending at brick-and-mortar merchants.

"There's no sophistication about card skimmers," said George Peabody, director of the emerging technologies advisory service at Mercator Advisory Group. "It's an inexpensive item and anybody can do it."

Manhattan District Attorney Cyrus Vance Jr. on Friday said 28 people were indicted in connection with a fraud operation that involved waiters at several high-end restaurants using hand-held skimmers to steal customers' account information. The crimes ensnared at least 50 customers of American Express Co. and occurred from April 2010 through this month.

Such incidents reinforce the need for banks to do more to involve their customers in fraud-fighting efforts, analysts said.

Officials investigating the New York fraud ring said the alleged thieves were able to pull of the heist because the victims were well-to-do clients with high credit lines. The perpetrators used stolen cardholder information to buy watches, handbags and other luxury goods — items the victims presumably could have purchased themselves — that they resold.

With banks, "there's been a belief that ... we don't want to talk to the consumer about security because we don't want to scare the consumer," said Phil Blank, managing director of security, risk and fraud at Javelin Strategy and Research. However, research Javelin has done suggests that consumers want to be actively involved in managing their accounts through alerts that notify a customer when transactions occur.

While more banks have invested in this technology, few have aggressively promoted the services, Blank said. Such services could help customers and their banks more quickly stop fraud like that which occurred in the New York incident by making customers aware when transactions and other activities occur.

The financial value of identity fraud, which includes credit-card fraud, fell 34% in 2010, to $37 billion, according to Javelin. However, the mean costs to an individual consumer affected by identify fraud actually rose more than 60%, to $631, reflecting that fact that certain types of fraud have taken longer to detect, requiring more time to resolve, Blank said.

An American Express spokeswoman declined to discuss specifics of the New York case but wrote in an email that the company has "sophisticated monitoring systems and controls in place to detect fraudulent activity."

Federal law limits customer liability from credit-card fraud to $50, though many banks have zero-liability policies in place to cover consumers.

American Express cardholders are not liable for fraudulent charges on their cards, the spokeswoman wrote.

沒有留言:

張貼留言