By installing and using those fraud solutions that make business sense, merchants can thwart much of the fraud attempted in the online and offline world, according to Ted Crooks, Vice President Global Fraud Solutions, and Jim Bishop, Product Manager e-Falcon product, fraud management system for First Data.
    They recently discussed the evolution of fraud and ways to prevent it with Transaction World.
    “Fraud continues to evolve; methods are getting more sophisticated,” Crooks says. “Every time [fraud prevention companies or law enforcement officials] put a roadblock in their way, there’s all kinds of increased activity in attempts to get around that barrier.”
    It used to be that once a way to break through a “secure” system was found that the merchants or other firms using that system needed to only thwart or catch only one person or a handful of individuals to stop the intrusions. But the Internet and increasingly available broadband – so faster – communications has ended all of that.
    “Now as soon as a security hole is discovered, word spreads across the world through e-mails, Internet chat rooms and Web sites dedicated to hacking in just a few minutes,” Crooks says.
    “The pace of fraud is faster; the sophistication [of fraudsters] is a lot higher now,” Crooks adds.
    Adding to fast spread of security compromise information is the increased availability of Internet services here and overseas. No longer does a person need a fast computer and connection speeds from home or work to get on the Internet. Internet cafes, libraries, hotels and other locations that offer high-speed connections at little or no cost are continuing to sprout up, Bishop says. Add to that the ongoing evolution of WiMAX, which makes Internet communications available throughout a community rather than just from a single Wifi location, and it’s increasingly easy to attempt security break-ins from different locations before law enforcement officials can catch on.
    That’s even assuming law enforcement officials can catch on. Online fraud is increasingly occurring from places outside well-organized law enforcement, such as Eastern Europe and other countries that were once part of the Soviet Union, according to Bishop.
    “Most fraud is organized,” Bishop says, “before pointing to ever-higher levels of automation that enable fraudsters to attempt new security attacks at ever-faster speeds. It doesn’t take many fraudsters to break into a lot of merchants. The biggest problem isn’t the stolen information, it’s that [the fraudsters] are trying to turn the stolen information into money.”
    So if they steal credit card information, they’ll look to sell that information (there are even dedicated chat rooms for this) or to buy high-end goods that they can easily convert to cash. There are also those who use the information simply to buy goods for themselves, as in the popular television commercials featuring people with dubbed-in voices discussing what they bought with a stolen card – but those frauds pale in comparison to the more organized ones.
    “One way that merchants can help thwart fraud, is to recognize and report suspicious purchases – such as ski jackets ordered for southern locations. While a few of these purchases may make sense (for people who ski on vacation), a large number of such purchases usually indicates fraud. These jackets are easily resalable through auction sites or through other redistribution.” Bishop adds.
    “Athletic equipment and high-tech goods are other purchases that require additional scrutiny,” Bishop adds.
    Crooks and Bishop recommend that merchants assess their level of risk. If profit margins are slim and the merchant is dealing in only low-cost goods, he probably doesn’t need very sophisticated fraud prevention solutions. If, on the other hand, business is brisk, he’s dealing in high-profit goods (such as large screen TVs) or has a large customer base, more fraud protection is warranted.
    It’s not just the potential loss from fraudulent activity the merchant has to guard against, Bishop and Crooks point out, it’s also the potential loss of reputation and trust from customers. If customers learn a merchant’s customer information has been compromised, they’ll be less likely to do business with him.
    So merchants should make sure they verify the Code Verification Value (CVV) or Card Validation Code (CVC), authentication codes created by Visa and MasterCard; look for unlikely purchases (the ski jacket example above) or other purchases or card activity that appear to be suspicious. If in doubt, delay shipping of the item until information can be verified.
    “Detecting fraud isn’t usually a matter of having just one clue; usually there are several things out of whack,” Bishop says.
    That’s why some of the more sophisticated (and expensive) fraud detection solutions provide scores that indicate a purchase is more or less likely to be fraudulent. These solutions use historical information and neural networks to continually refine score results.
    “Once fraud or suspected fraud is detected, the merchant should contact the card issuer immediately,” Crooks and Bishop say.