Latest Trends in Credit Card Fraud & How to Prevent It

 

 

 

Introduction

Every year corporations and card holders lose billions of dollars in credit card fraud and the tactics in which it's carried out are evolving. Let's take a look at the statistics in the USA alone. In 2010, 8.6 million households experienced some form of identity theft. In 2012, a staggering 16.6 million households reported one or more identity theft cases. Why did the number double within just 2 years? This doesn't include the millions around the globe that are victims of an evolving unethical dilemma we find ourselves in with in-app purchases. Merchants want your money just as much as the criminals. The difference is that it is unethical for the merchants, but unlawful for the criminals. Let's take a look back in history.

History has shown that the criminal masterminds and merchants are evolving faster than the industry's security systems and government regulations. Just as legitimate workers go to work daily, criminals do the same but they play by a different set of rules. Just as legitimate workers gain knowledge and skills, criminals do the same, nonetheless, they become criminal masterminds. Nonetheless, not only have criminals evolved, but merchants have too with in-app purchases that employ hidden fees and lure tatics.

Ladies and gentlemen today I want to bring you up to speed on the latest criminal tactics targeting credit card fraud and my view on how to defeat it with Two-Factor Credit Card Authentication, Product Classification & Underlying Merchant Data, Recurring Payments Fraud Alerts, and In-app Encrypted Biometric Authentication. All of the aforementioned features are not in use today by any credit card issuer, and are the ideas of Brandon Lee to combat the latest trends in credit card fraud.

In addition, I will explain why services such as LifeLock are mere organizations looking to capitalize on American's concern rather than offer real protection and why it may not be a good long term investment for investors.

The Trend

Previously, criminals and merchants were just interested in minimal credit card data but they've self-educated based on banks legacy systems and the charge back process. From a criminal's point of view, they know that if the address doesn't match, this sets off alarms. If purchases are made outside your typical locations, this too sets off alarms. On the other hand, merchants know that their revenue increases when they can better hide fees and/or lure you into in-app purchases.

Therefore, instead of just collecting your credit card information, they're now collecting historical purchase data, demographics, billing info, IP addresses and social media content to aid in increasing revenue. Why? Criminals and merchants understand that they can profit more by profiling and understanding their victims rather than not.

Where does it start? For criminals, it all starts with a legitimate purchase you've made at a well-known merchant and your purchase information is obtained via big data breaches. In 2014 alone, some of the biggest organizations were all hit with big data breaches such as UPS, Home Depot, and JP Morgan Chase to mention a few out of over a dozen impacted.

Secondly, you may find that your stolen credit card was not only involved in one fraudulent transaction, but multiple transactions over time.

Third, when you find out about this fraud, you proceed to submit a dispute thinking it's going to be easy-breezy and that's when things go from a mere inconvenience to a possible lifestyle change. Wait, that just happened. Oh no, how could that happen? I didn't make those purchases, I'm innocent, honesty this is identity theft.

Now, how did I lose my dispute, the facts always prevail right? No, if the information submitted to the bank is accurate in its entirety, you lose. Remember, someone has to pay and it's going to be either you or the merchant. How did I not notice this on my credit card? You're the target of an evolving credit card fraud tactic I refer to as profile-based credit card fraud.

Profile-Based Credit Card Fraud: The Evolution.

In the early years of credit card fraud charges were easily identifiable and easily rectified. For example, a $300 charge appeared on your credit card bill sets off alerts as your spending history doesn't support this type of charge--a deviation from the norm. Therefore, credit card fraud has evolved to profile-based credit card fraud. This is when the mastermind elects to charge amounts between $10 and $50 instead of $200 as your spending history shows your average credit card purchase is between $10 and 50 per transactions. This way, you don't see a big charge on your credit card that is easily identifiable by the human eye or the bank's fraud protection thus making the transaction easier to overlook.

Also, criminals may elect to make purchases at places and locations you're spending history suggests, allowing them to avoid today's security measures. But wait, it doesn't stop there, merchants want in on the action as well.

Merchant-Based Credit Card Fraud: The Evolution.

Merchant-based credit card fraud is evolving too. This is when shady merchants charge you for additional products and/or services you did not agree to purchase or was not made aware of. This is common with subscription based services and in-app purchases that keep your credit card on file after you've made a legit purchase. For example, alarmmonitoringservices.com may sell you an alarm service, which is paid in full for the entire year. However, after a few months you may come to find they charged you upwards of $200 for services you did not order or was made aware of. "The BBB wrote, BBB has received a pattern of complaints from consumers alleging consumers sign up for alarm monitoring service for a specified rate, and are later charged a higher rate without warning.”

Additionally, with in-app purchases, you may lured in with one price, but later come to find that to unlock certain features or to add credits you have to pay additional money.

How do merchants like this stay in business? As long as their chargeback rate is lower than their agreed threshold with their payment processor, they can continue to operate under the radar. What do I mean by under the radar? Payment processors allows merchants to continue to conduct business as long as their chargeback rates do not exceed an agreed percentage. Meaning, the larger the merchant volume, the more chargebacks will be allowed--it's a number game. The number of chargebacks go up, the merchant cuts back on its shady dealings, and when it goes down, they increase.

How is Social Media Being used to Aid in Credit Card Fraud?

Everyday millions of users are posting content, pictures and their whereabouts on social media sites such as Facebook, Twitter, Instagram and others. Criminals are now leveraging this data to determine typical areas a cardholder may be or things a cardholder may buy. This allows criminals to make purchases in places that doesn't set off the bank's security systems or for things the cardholder might buy bypassing the bank's security measures and the human eye.

What are credit card companies doing to combat this?

I particularly like one of the features American Express introduced that allows you to get real-time text messages of transactions based on predefined rules. This allows us to quickly review who's charging our cards and possibly prevent years of credit card fraud. However, criminal masterminds and merchants have already adapted in such a way that they can slip charges by the everyday consumer and this feature was just released in 2014--it's not enough.

How can technology solve these problems? The solution.

Two-Factor Credit Card Authentication

I would implement an optional feature that would allow card members to enabletwo-factor credit card authentication. The way this would work is when your credit card is charged, you would get an alert on your device (e.g. mobile phone, computer) that allows you to approve or reject the charge. By implementing such feature would eliminate over 99% of credit card fraud in similar cases. This would also uncover those merchants that are billing customers based on that legendary hidden fine print allowing for prompt resolution. I believetwo-factor credit card authentication is the future.

Spending Pattern Behavior Algorithms

Next, I would introduce better spending pattern behavior algorithms to detect charges that deviate from the card holder's norm. This would work by categorizing/classifying merchants and product purchases while analyzing cardholder historical spending to flag possible fraudulent transactions. For example, if the cardholder has never purchased a porn subscription that would be a good indication that it could be fraud and the cardholder should be alerted.

Today that is not possible. Why? When a merchant submits a transaction for processing via payment processors such as FirstData they are not required to classify product purchases and in many cases they don't have insight into the underlying merchant.

Product Classification & Underlying Merchant Data

Criminals know that purchases made at places the cardholder is not familiar with may set off alarms. For example, you receive a text alert from American Express stating you made a purchase at an unfamiliar merchant.

Therefore, they may make purchases through merchants who employ payment processing vendors such as Epoch who mask the underling merchant. This undermines credit card issuing banks fraud protection systems as Epoch on the surface seems like a typical transaction. But that doesn't mean that Epoch done a good job on screening their merchants. And, to the cardholder, they may have other charges from Epoch that they did in fact make. Combined with a complete cardholder's profile, makes for a persuasive way to pass the charge off as legit. In this case, I would require payment processors to expose the underlying merchant data including product classifications allowing better tracking of transactions--modernize payment processing.

Recurring Payments Fraud Alerts

Recurring payments add up, and it's easily overlooked as it appears normal once the initial payment is processed successfully. To combat this, I would deploy another feature that allows customers to setup recurring fraud alerts which will trap unauthorized recurring billing charges. One can then leverage certain cards for recurring transactions vs. one-time transactions. Think of this like a spam trap. The way this would work is that a cardholder would flag a credit card as non-recurring, and if the same merchant processes the same fee each month, it would alert the cardholder and require the cardholder to approve the charge--pro-active instead of re-active.

In-app Encrypted Biometric Authentication

I believe that in-app fraud can be significantly reduced with the introduction ofencrypted biometric in-app authentication. This would require a buyer to authenticate the purchase with a biometric signature that is encrypted and can only be decrypted by the bank. Additional, I would require the merchant to display all possible charges (today and later) vividly on the screen with a tamperproof watermark. Upon confirmation of purchase, order details with watermark, encrypted biometric authentication, and product information would be submitted to the bank for approval. The importance of the tamperproof watermark is so that the bank can verify what was really shown to the buyer--no more hidden fees.

What problems does this resolve? The problems that this solves is that no merchant or criminal would be able to process an in-app purchase without the consent and presence of the cardholder. Whereas now, if you have access to the device and password (could be your child), you can authorize that transaction from anywhere in the world. Furthermore, this would eliminate those notorious hidden fees as if they are not visible on the watermark provided fee schedule, the bank would simply ping the buyer for authentication prior to approval of payment—preventative fraud protection and no more hidden fees. The ping can simply be a popup on your device that can be authorized via a biometric endorsement at any time.

Why services such as LifeLock simply don't work and not a good long term investment for investors?

LIfeLock and services alike are re-active. Meaning, they monitor your credit report, and accounts for charges that seem out of the ordinary. This means the damage is already done, and you still have to clean it up and prove your innocents. Even more, given the level of sophistication in your identity theft case, and the guarantee that LifeLock offers, it can still be a lengthy experience. The world needs preventative security, not re-active security and preventative security must happen at the source, not the middle man--pro-active rather than re-active.

Why LifeLock may not be a good long-term investment for investors?Simply put, as banks and organizations modernize their security systems, the demand for services such as LifeLock will dimension--simple economics, supply and demand.

What would I say to cardholders given today's technology?

Together we must raise awareness and we must "not wait to strike till the iron is hot; but make it hot by striking," as stated by William Butler Yeats.

Issuing banks will listen to our concerns if we together press the issue. Please, share this article with them and government to raise awareness and demand these features be put in place immediately. Get involved, don't wait till you or your loved ones are affected by this evolving unethical dilemma, take action now. And remember, real change must happen at the source to be preventative protection, and not re-active.

Also, watch your bills and leverage all available features offered at your issuing bank. If you find yourself in a similar situation, the goal is to catch and stop it before it gets too costly.

About Brandon Lee

Brandon Lee is the CTO of Circuit ID (www.circuitid.com) who possess over 15 years of active computer programming, network management, business administration, law enforcement and telecommunications knowledge. Formerly responsible for protecting NASA against all threats, foreign and domestic, Brandon Lee has extensive knowledge in the field of technological-anything.

5 ways to protect yourself from credit card fraud at gas stations

By JENNIFER CALONIA
GOBANKINGRATES.COM

Consumers typically worry about credit card fraud when making purchases online or conducting ATM transactions, but over the past few years, fraudulent credit card activity has taken the form of gas station scams that use technology to victimize patrons.

According to the FTC’s 2011 Sentinel Network Data Book, which reports on consumer complaints, credit card fraud was ranked second among the highest and most prevalent complaints. Despite the fact that gas stations have been on thieves’ radars for quite some time, many consumers still fail to recognize the tell-tale signs of gas station credit card fraud at the pump.

I, too, learned the hard way as I fell victim to gas station credit card skimming a few years ago. It occurred at the Shell gas station I regularly visited, just one block from my home. Fortunately, I happened to check my account balance the very next morning, only to find a second unauthorized Shell transaction for about $7 at a gas station 50 miles away from my home.

It’s moments like these that frighten consumers into avoiding credit card use altogether. But by practicing a short ritual of security measures before swiping a credit card at the gas pump, you can safeguard sensitive card information.

1. Look for Tamper-Evident Stickers

Criminals usually infiltrate credit card mechanisms through the front panel of gas pumps. They implant devices internally, which then capture the credit card information from within once customers swipe their cards.

What to look for: Survey the gas pump’s edges — especially the hatch surrounding the credit card unit. If it looks battered as if someone tried to pry it open or if the lock itself is broken, it might be compromised. Some gas stations, like Shell stations, apply a tamper-proof seal across the opening of the credit card door. When a door is broken into, the sticker is lifted revealing the words “VOID” on the sticker.

I went back to the pump I’d used the night before my credit card information was stolen to investigate whether it really did have the sticker in place. There it was — displaying the word “void.” In fact, all the pumps had their seals tampered with. I haven’t gone back to that station since.

What to do: Before using a gas pump, find out whether the pump has a tamper-evident sticker. If it has one that is placed on the unit correctly (i.e., across the opening of the door) and it reads void, move on to the next pump or station.

Instead of informing the gas attendant (many only offer a look of confusion or annoyance), contact the local authorities to report the gas station scams in the area. This will hopefully get an investigation started if enough reports of gas station credit card fraud are forwarded.

2. Beware of Gas Station Credit Card Skimmers

Gas station credit card skimmers are external devices thieves attach over a real credit card slot at a gas station pump. As customers swipe their cards into the skimmer, the device saves and stores card information immediately.

What to look for: If a credit card slot looks different from the other card readers at the station, it might be a setup for gas station credit card skimming fraud.

What to do: Skimming devices are meant to be placed temporarily for a matter of hours or just a day. For that reason, they are attached using only double-sided tape, so thieves can easily remove them. Before sliding a credit card through the machine, tug on the reader to ensure it is on securely; skimmers will easily pop off with mild effort.

Contact the police to file a police report if a credit card skimmer is found — this is a necessary step so that the device can be placed safely in the hands of authorities.

3. Block View of Pinhole Cameras

These inconspicuous cameras are so small that cardholders really have to be paying attention to spot them. They are sometimes used in conjunction with credit card skimmers to capture footage of customers entering their PIN numbers. With this added information, criminals can withdraw funds directly from bank accounts, as well as make fraudulent credit card purchases.

What to look for: Again, search for anything on the face of the gas pump that looks unique compared to the other pumps. Pinhole cameras are often situated above the keypad area.

What to do: For extra precaution, use two hands when paying for gas at the pump. Use one hand for the transaction, and place the other above the credit card screen to shield the keypad from view of lurking cameras above.

4. Beware of Electronic Pickpockets

Possibly one of the most dangerous tactics implemented to steal credit card information is the use of electronic pickpocketing devices. These are attached to laptops that criminals conceal discreetly in laptop sleeves while walking past their victims. No contact is needed for the device to scan credit cards — thieves only need to be a few inches away.

What to look for: Cardholders susceptible to this kind of gas station credit card fraud are those with a radio frequency ID (RFID) chip implanted in their cards. Some names for these credit cards include PayPass or Blink, and allow customers the convenience of tapping their cards to make a purchase, instead of swiping them.

What to do: Some banks like Chase, who refer to their RFID cards as Blink, have already started to phase this feature out. However, those who still own a RFID-capable card can do two things to protect themselves:

1. Be wary of anyone who walks too closely to you at the pump; remain aware of your surroundings and electronic devices that might be in others’ hands.
2. Wrap your RFID cards in aluminum foil. It sounds funny, but it’s proven more effective in protecting credit card information than expensive $60 RFID-specific wallets on the market, according to Consumer Reports.

5. When in Doubt, Use Cash

While credit cards lend convenience, if a situation just doesn’t feel right, go with your instincts and just use cash. It saves the hassle of disputing a credit card charge in the future and eliminates the risk of putting yourself at risk of long-term credit damage.

If cash isn’t a possibility, cardholders also have the option of handling the transaction with the gas station attendant. However, customers still take on a small risk, as there is no guarantee that the employee isn’t using a credit card skimmer behind the counter.

These days, I never swipe my credit card without implementing my gas pump checklist. I might look wacky, but it’s this level of awareness and common sense that can actively prevent gas station scams from making me a two-time victim.

Do Viagra like medicines have side effects? (Sex query)

Q: I am a 27-year-old and sometimes take  to please my girlfriend. Is it harmful for my health? What about my future sex life? Will I always have to take them? 

All the different tablets mentioned here have the same chemical composition – Manforce and Pengra are actually the desi versions ofViagra, which in turn is the brand name of the generic drug sildenafil. In countries like the US or UK, the drug is only available through prescription but lax laws in India means that it can be easily purchased over-the-counter. One thing you’ve to clearly understand is that Viagra is a drug to beat erectile dysfunction and it’s not an aphrodisiac or libido booster. In simple words, it will only give you an erect penis when you’re aroused. Now the drug is most commonly used by people in their 50s and 60s, those at an age where there heart finds it hard to pump enough blood to the penis to maintain an erection.

However, recent studies have shown that the recreational use of Viagra has gone up among youngsters. Most doctors recommend that the drug shouldn’t be used like this because one’s body can get dependent on it and you could reach a phase where you will find it hard to get hard without the drug. There are other harmful effects as well. You shouldn’t take the drug if you are taking other medicines which contain nitrates. These are usually used to treat chest pain,hypertension and other such ailments. Some of the other common side-effects are facial flushing, headaches, liver problems, heart attacks (rarely), blurred vision, bluish vision and sensitivity to light.

The most infamous side-effect though is erections which last for four or more hours. Sometimes these erections can be extremely painful as well. If you experience that you should call a physician and visit a hospital immediately. In conclusion you should definitely stop using these drugs; they are not for recreational use or to show off your sexual prowess but an aid for men really suffering from a problem. Read more about kegel exercises that can help you beat erectile dysfunction.

Click on the picture below to view photos on – 8 things you didn’t know about Viagra.

Image source: Getty Images

Erectile dysfunction: Viagra and other oral medications

Oral medications are often the first line of treatment for erectile dysfunction. For most men who have trouble keeping an erection firm enough for sex (erectile dysfunction), these medications work well and cause few side effects.

Sildenafil (Viagra), vardenafil (Levitra, Staxyn), tadalafil (Cialis) and avanafil (Stendra) are oral medications that reverse erectile dysfunction by enhancing the effects of nitric oxide, a natural chemical your body produces that relaxes muscles in the penis. This increases blood flow and allows you to get an erection in response to sexual stimulation.

How oral medications differ

Although they work in similar ways, each oral medication has a slightly different chemical makeup. These minor differences affect the way each medication works, such as how quickly it takes effect and wears off, and the potential side effects. Your doctor will consider these factors as well as any health problems you have and possible interactions with other medications you take.

• Sildenafil (Viagra). This medication is most effective when taken on an empty stomach one hour before sex. It's effective for up to six hours.
• Vardenafil (Levitra, Staxyn). This medication also is most effective when taken one hour before sex and can be taken with or without food. It's effective for up to seven hours.
• Tadalafil (Cialis). This medication is taken with or without food about one to two hours before sex. It's effective for 36 hours. It can be taken in a small dose daily or in a larger dose as needed.
• Avanafil (Stendra). This medication is taken with or without food 15 to 30 minutes before sex, depending on the dose. It lasts up to six hours.

When oral medications might not be safe

Before taking any medication for erectile dysfunction, get your doctor's OK. Medications for erectile dysfunction might not work or might be dangerous if you:

• Take nitrate drugs — commonly prescribed for chest pain (angina) — such as nitroglycerin (Minitran, Nitro-Dur, Nitrostat, others), isosorbide mononitrate (Monoket) and isosorbide dinitrate (Dilatrate-SR, Isordil)
• Have very low blood pressure (hypotension) or uncontrolled high blood pressure (hypertension)
• Have severe liver disease
• Have kidney disease that requires dialysis

•