Download pdf - Desperate Times, Desperate Measures

8/8/2019 Desperate Times, Desperate Measures

http://slidepdf.com/reader/full/desperate-times-desperate-measures 1/5C a r d P r o c e s s i n g . P a y m e n t S o l u t i o n s . P r e p a i d C a r d s . C u s t o m i z e d S o l u t i o n s . C o n s u l t i n g S e r v i c e s

Desperate Times,Desperate Measures

Strategies or preventing and detecting economic-hardship

raud at your fnancial institution

By Karen Postma

TMG Card Risk Senior Manager

An overwhelming nancial problem

can push a normally law-abiding

person toward a criminal solution even

in the best o economic times. However,

during a down economy, the sheer

number o people experiencing these

burdens puts the risk o economic-

hardship raud aced by a nancial

institution at dangerous levels.


http://slidepdf.com/reader/full/desperate-times-desperate-measures 2/5

P A G E 2

The Members Group . 1500 NW 118th Street . Des Moines, Iowa 50325 . 800.268.1884 . www.TheMembersGroup.com

Amid one o the lowest employment rates in U.S. history, American nancial institutions

(FIs) today ace the threat o economic-hardship raud rom two potentially criminal groups:

cardholders and employees.

CArd-CArryinG MEMbErs of thE first-tiME CriMinAls Club

FIs invest a great deal o time and eort attempting to keep their cardholders sae rom

card raudsters, and rightly so. What many do not consider, however, is the possibility o a

cardholder and a raudster being one and the same.

Even cardholders in good standing can all victim to the temptations o today’s card-raud

schemes – particularly i their card-issuing FI is not properly set up to detect the scams.

Three popular orms o cardholder-initiated raud are payment kiting, alse account set-up

and riendly perpetrator raud.

Payment Kiting – The cardholder makes a large payment with insucient or alse unds

(typically a bad check). He then withdraws the unds rom an ATM beore the issuer detects

the raud.

False Account Set-Up – A raudster uses a alse or stolen identity to open a new account.

Or more sophisticated yet, an applicant uses a legitimate identity but opens the account

specically with the intent to commit raud.

Friendly Perpetrator Fraud – A cardholder reports his legitimate transactions as raud to

receive compensation. Or, he shares his card and/or PIN with a riend, who then acts as the

thie, “stealing” money on the cardholder’s behal. The cardholder reports this transaction asraudulent and is reimbursed – both by his riend and by the issuer – or the “raud.”

Fortunately, there are raud strategies an FI can establish to help guard against these

sneak attacks.

1) Place tighter restrictions on payment processes. For example,

set limits or the number or amounts o payments that can be

may be made within 30 days.

2) Set available unds limits allowing time or a payment to beveried beore a cardholder can request a cash advance.

Even cardholders

in good standing

can fall victim to the

temptations of today’s

card-fraud schemes.



P A G E 3

3) Congure your system to queue large payments originating rom accounts held

at other FIs.

4) Place tighter restrictions on account opening procedures, even or current

customers. Fully examine credit scores, veriy residency or at a minimum, a tie to

the community.

6) Watch or critical non-monetary transactions, such as the addition o authorized

users or a change o address ollowed by a request or new plastic.


Even the most

well-managed

workforce can

hold a bad seed.

thE frAud’s CoMinG froM insidE thE brAnCh

Most FIs like to think the best o their employees. Credit union

and community bank executives work hard to keep their stas

satised, educated and rewarded or hard work. But even the most

well-managed workorce can hold a bad seed.

FI personnel orced to call the authorities on a longtime, once-loyal employee are oten

shocked by the circumstances. Regardless o the motivation behind his crime – perhaps he

grew disgruntled; maybe he simply succumbed to the siren call o easy money – a criminal

employee oten blindsides an FI, particularly one ocused on external threats.

Risks posed by outside raudsters require signicant time and nancial investment, which

when combined with an innate trust o one’s employees, leaves little drive or internal

control eorts. Ironically, however, raud committed by internal sources are oten much morecostly than that perpetrated by outside criminals.

Three common orms o insider raud are identity thet, stolen plastics and account crediting.

Identity Theft – Your employees, i given unlimited access to cardholder identity

inormation, are sitting on a virtual goldmine. Fraud rings are standing by to compensate

them well or stolen downloads o your cardholder data.

Stolen Plastics – This occurs even when plastic inventory is not kept at the branch.

Whether brought back by a cardholder or the postal service, a returned credit card is simple

or an employee to access, activate and use or his own purchases.



P A G E 4

Account Crediting – Customer service representatives raise limits, apply credits or make

adjustments to the transactions on their own accounts or those o riends, amily members

or even a persuasive acquaintance.

First and oremost, FI managers must understand that a happy employee is less apt to give

in to the temptations that surround him each day. Practicing good management skills that

ensure employees are treated airly is the rst in a series o steps FIs can take to minimize the

risk o employee raud.

Others include:

1) Tracking employee access. Know who is downloading cardholder data, when they

are accessing it and why they need it. In addition, limit the data to which your

service representatives have access. Rarely do they need an entire social security

number or CV2 number, or instance.

2) Create a diligent destroy process or excess, outdated or returned plastic, andbe sure to keep restrictions tight or an account’s rst 30 days to avoid raud

originating rom an intercepted card.

3) Track the number and amount o credits typically applied to your accounts on

a daily basis. Compare all uture activity to this base, conguring your system to

populate a report with any credits exceeding normal levels.

4) Continue with background checks or new employees.

5) Establish multiple layers o security. While you may have limited the identity

data available to service representatives, systems should be in place to continuemonitoring these employees’ behavior and work history.

While a turbulent economy certainly does not provide an excuse or cardholder- and

employee raud, it denitely gives us in the raud industry a red fag. When people are under

stress – particularly nancial in nature – they are oten pressured into uncharacteristic acts

that make them dicult to detect.

But with the right mixture o education and preventative measures, your FI can be ready or

these attacks, both in good times and in bad.




P A G E 5

About KArEn PostMA

Kae has been involved in the payment card industry or more than 12 years and has been with TMG

since 2006. Her responsibilities include compromised accounts, raud detection and dispute management.

She has recently worked to bring TMG’s Fraud Detection department in-house, allowing increased fexibility

and customization or TMG’s clients. Karen is a member o the First Data Risk Council, which reviews raud

trends, new technologies and regulations related to raud and raud prevention rom a global perspective.
