By Nicholas Cucci
Network Merchants Inc.
Living in this age of technology means personal financial information is increasingly vulnerable to fraudsters. According to a study by the Bureau of Justice Statistics, 23 percent of consumers subjected to identity theft lost money due to the fraud. The average out-of-pocket loss was $1,870, but half suffered losses of $200 or less.
The emotional impact of identity theft is often far more painful than the actual financial loss. Now, with instances of cyber fraud, it is becoming more important for merchants, banks and processors to be proactive about guarding card information and the personal details included with it.
Despite card issuers' efforts to protect customer card information, we have still seen two large breaches in 2011, the ones at Sony Corp. and Michaels Stores Inc. In the Sony breach, over 100 million card numbers were exposed. Because of the breach, the Sony network went down for 23 days and only recently was restored. Sony expects to be fully back up by the end of June.
Sony's Playstation Network breach is likely to cost the company well over $100 million. However, this breach could cost Sony even more as the estimate does not include lawsuits filed against Sony from users of the hacked network.
Sony's servers were hacked between April 17 and 19, which impacted three networks, the Playstation Network, Qriocity and Sony Online Entertainment services. Sony discovered the breach on April 19, but did not disclose any information publicly until April 26.
On May 28, Sony offered its Playstation Network and Qriocity customers the services of Debix, an identity protection firm, with the first 12 months of protection free of charge. But is that enough to make consumers happy? Will this be the new aftermath trend for breaches? Only time may tell, but it's definitely a start in the right direction.
The Michaels breach was a little different. Ninety POS terminals were tampered with in Michaels stores in 20 states. Michaels used terminals and PIN pads that were Payment Application Data Security Standard certified. However, the attackers got around the security by swapping out the compliant PIN pads with compromised ones.
Due to the Michaels breach, the U.S. Secret Service is now investigating fraud incidents linked to POS device tampering. But the breach would have been relatively easy to avoid if store managers had been paying attention to what was happening in their stores.
An axiom in the fraud prevention world is that fraudsters will always travel the path of least resistance. The more safeguards merchants have in place, the less likely it is fraudsters will spend the time required to gain access to their systems. Here are eight basic fraud prevention tips for ISOs and merchant level salespeople (MLSs) to pass on to merchants:
If a merchant calls a person who claims to have never authorized a certain charge, the merchant simply cancels the order and advises the person to call his or her credit card company to get a new card issued. Doing this will solidify your merchants' relationships with customers (and potential customers) and help prevent further fraudulent charges.
Merchants can also help themselves by staying alert and proactive when it comes to POS terminal security. Here are a few tips to follow to guard against POS attacks:
With the expansion of e-commerce, fraudsters are becoming increasingly sophisticated, and identity theft and credit card fraud are taking on new aspects every day. Therefore, it is more important than ever that ISOs and MLSs inform merchants on what steps to take to ensure they do not become the next breach victims.
Nicholas Cucci is the Director of Marketing for Network Merchants Inc., a graduate of Benedictine University and a licensed Certified Fraud Examiner. Cucci is also a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners. NMI builds e-commerce payment gateways for companies that want to process transactions online in real time anywhere in the world. Contact him at firstname.lastname@example.org.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next