Ever since banks began issuing credit and debit cards, criminals have been intent on stealing this valuable data. Despite the concerted effort on behalf of the financial services industry to stem the tide of card theft, the fraudulent use of payment cards continues to cost the industry billions of dollars every year in losses. But a host of new behavior detection technologies -- coupled with Big Data analysis – are helping to turn the tide in favor of financial institutions intent on protecting their customers’ personal payment information.
Card fraud begins when the information associated with a customer’s payment card is compromised. This can happen many ways, from the breach of an online database to a customer simply losing their wallet. Criminals have also embraced a variety of new innovations such as “skimming”, in which a small device can copy sensitive information from a card’s magnetic strip, as well as more nuanced social engineering tactics like phishing, in which individuals are tricked into voluntarily handing over sensitive account information.
Once a cybercriminal obtains stolen credentials, they often work quickly to exploit this this information for financial gain. One popular method is card-not-present fraud, where the Internet and other offline channels (i.e., catalogs) often allow for transactions to occur without the need for a physical card. Simply having enough information from the card and card owner is usually enough to successfully execute a transaction with a merchant who has not adopted appropriate security measures.
Criminal organizations have also begun to ship stolen cards out of the country with the goal of conducting transactions (either using the actual stolen card or fabricated cards encoded with the stolen information). Recently, one such elaborate scheme involved cracking into credit card processors in the Middle East, tampering with withdrawal limits, and cashing out accounts at ATMs in multiple countries. Often cybercriminals will start with small amounts to test what controls a financial institution has put in place, then move on to larger amounts if these small transactions go undetected.
How can card fraud be detected and prevented?
While financial institutions often have little control over what measures their customers take to protect themselves, they can control how quickly they respond once an account is compromised. Of course, the faster an account can be flagged or suspended, the more likely financial losses can be mitigated.
Behavior-based transaction monitoring represents an important, proactive practice that many financial institutions are beginning to employ as a means to prevent and respond to card fraud. Behavior monitoring enables financial institutions to better determine when a suspicious transaction occurs -- one that is atypical for a specific customer to make -- and be able to stop that transaction in real-time.
This is precisely what Detect Transaction Anomaly (DetectTA) from Easy Solutions is designed to do. Behavioral anomaly detection is hard-wired into DetectTA, enabling organizations to add their own rule-based transaction qualifiers for supplemental protection. Furthermore, DetectTA incorporates Suspicious Activity Analyzers, which generate alerts for known fraud patterns associated with common cases of card fraud. These analyzers are constantly updated, ensuring that the system evolves along with the threat landscape.
While the card fraud environment will continue to evolve, taking these proactive steps helps to prevent losses before fraud occurs. By evaluating behavior-based transaction anomalies and constantly updating known suspicious patterns, financial institutions will be better equipped to handle the threats of today and tomorrow.