8/8/2019 Desperate Times, Desperate Measures
http://slidepdf.com/reader/full/desperate-times-desperate-measures 1/5C a r d P r o c e s s i n g . P a y m e n t S o l u t i o n s . P r e p a i d C a r d s . C u s t o m i z e d S o l u t i o n s . C o n s u l t i n g S e r v i c e s
Desperate Times,Desperate Measures
Strategies or preventing and detecting economic-hardship
raud at your fnancial institution
By Karen Postma
TMG Card Risk Senior Manager
An overwhelming nancial problem
can push a normally law-abiding
person toward a criminal solution even
in the best o economic times. However,
during a down economy, the sheer
number o people experiencing these
burdens puts the risk o economic-
hardship raud aced by a nancial
institution at dangerous levels.
8/8/2019 Desperate Times, Desperate Measures
http://slidepdf.com/reader/full/desperate-times-desperate-measures 2/5
P A G E 2
The Members Group . 1500 NW 118th Street . Des Moines, Iowa 50325 . 800.268.1884 . www.TheMembersGroup.com
Amid one o the lowest employment rates in U.S. history, American nancial institutions
(FIs) today ace the threat o economic-hardship raud rom two potentially criminal groups:
cardholders and employees.
CArd-CArryinG MEMbErs of thE first-tiME CriMinAls Club
FIs invest a great deal o time and eort attempting to keep their cardholders sae rom
card raudsters, and rightly so. What many do not consider, however, is the possibility o a
cardholder and a raudster being one and the same.
Even cardholders in good standing can all victim to the temptations o today’s card-raud
schemes – particularly i their card-issuing FI is not properly set up to detect the scams.
Three popular orms o cardholder-initiated raud are payment kiting, alse account set-up
and riendly perpetrator raud.
Payment Kiting – The cardholder makes a large payment with insucient or alse unds
(typically a bad check). He then withdraws the unds rom an ATM beore the issuer detects
the raud.
False Account Set-Up – A raudster uses a alse or stolen identity to open a new account.
Or more sophisticated yet, an applicant uses a legitimate identity but opens the account
specically with the intent to commit raud.
Friendly Perpetrator Fraud – A cardholder reports his legitimate transactions as raud to
receive compensation. Or, he shares his card and/or PIN with a riend, who then acts as the
thie, “stealing” money on the cardholder’s behal. The cardholder reports this transaction asraudulent and is reimbursed – both by his riend and by the issuer – or the “raud.”
Fortunately, there are raud strategies an FI can establish to help guard against these
sneak attacks.
1) Place tighter restrictions on payment processes. For example,
set limits or the number or amounts o payments that can be
may be made within 30 days.
2) Set available unds limits allowing time or a payment to beveried beore a cardholder can request a cash advance.
Even cardholders
in good standing
can fall victim to the
temptations of today’s
card-fraud schemes.
8/8/2019 Desperate Times, Desperate Measures
http://slidepdf.com/reader/full/desperate-times-desperate-measures 3/5
P A G E 3
3) Congure your system to queue large payments originating rom accounts held
at other FIs.
4) Place tighter restrictions on account opening procedures, even or current
customers. Fully examine credit scores, veriy residency or at a minimum, a tie to
the community.
6) Watch or critical non-monetary transactions, such as the addition o authorized
users or a change o address ollowed by a request or new plastic.
The Members Group . 1500 NW 118th Street . Des Moines, Iowa 50325 . 800.268.1884 . www.TheMembersGroup.com
Even the most
well-managed
workforce can
hold a bad seed.
thE frAud’s CoMinG froM insidE thE brAnCh
Most FIs like to think the best o their employees. Credit union
and community bank executives work hard to keep their stas
satised, educated and rewarded or hard work. But even the most
well-managed workorce can hold a bad seed.
FI personnel orced to call the authorities on a longtime, once-loyal employee are oten
shocked by the circumstances. Regardless o the motivation behind his crime – perhaps he
grew disgruntled; maybe he simply succumbed to the siren call o easy money – a criminal
employee oten blindsides an FI, particularly one ocused on external threats.
Risks posed by outside raudsters require signicant time and nancial investment, which
when combined with an innate trust o one’s employees, leaves little drive or internal
control eorts. Ironically, however, raud committed by internal sources are oten much morecostly than that perpetrated by outside criminals.
Three common orms o insider raud are identity thet, stolen plastics and account crediting.
Identity Theft – Your employees, i given unlimited access to cardholder identity
inormation, are sitting on a virtual goldmine. Fraud rings are standing by to compensate
them well or stolen downloads o your cardholder data.
Stolen Plastics – This occurs even when plastic inventory is not kept at the branch.
Whether brought back by a cardholder or the postal service, a returned credit card is simple
or an employee to access, activate and use or his own purchases.
8/8/2019 Desperate Times, Desperate Measures
http://slidepdf.com/reader/full/desperate-times-desperate-measures 4/5
P A G E 4
Account Crediting – Customer service representatives raise limits, apply credits or make
adjustments to the transactions on their own accounts or those o riends, amily members
or even a persuasive acquaintance.
First and oremost, FI managers must understand that a happy employee is less apt to give
in to the temptations that surround him each day. Practicing good management skills that
ensure employees are treated airly is the rst in a series o steps FIs can take to minimize the
risk o employee raud.
Others include:
1) Tracking employee access. Know who is downloading cardholder data, when they
are accessing it and why they need it. In addition, limit the data to which your
service representatives have access. Rarely do they need an entire social security
number or CV2 number, or instance.
2) Create a diligent destroy process or excess, outdated or returned plastic, andbe sure to keep restrictions tight or an account’s rst 30 days to avoid raud
originating rom an intercepted card.
3) Track the number and amount o credits typically applied to your accounts on
a daily basis. Compare all uture activity to this base, conguring your system to
populate a report with any credits exceeding normal levels.
4) Continue with background checks or new employees.
5) Establish multiple layers o security. While you may have limited the identity
data available to service representatives, systems should be in place to continuemonitoring these employees’ behavior and work history.
While a turbulent economy certainly does not provide an excuse or cardholder- and
employee raud, it denitely gives us in the raud industry a red fag. When people are under
stress – particularly nancial in nature – they are oten pressured into uncharacteristic acts
that make them dicult to detect.
But with the right mixture o education and preventative measures, your FI can be ready or
these attacks, both in good times and in bad.
The Members Group . 1500 NW 118th Street . Des Moines, Iowa 50325 . 800.268.1884 . www.TheMembersGroup.com
8/8/2019 Desperate Times, Desperate Measures
http://slidepdf.com/reader/full/desperate-times-desperate-measures 5/5
P A G E 5
About KArEn PostMA
Kae has been involved in the payment card industry or more than 12 years and has been with TMG
since 2006. Her responsibilities include compromised accounts, raud detection and dispute management.
She has recently worked to bring TMG’s Fraud Detection department in-house, allowing increased fexibility
and customization or TMG’s clients. Karen is a member o the First Data Risk Council, which reviews raud
trends, new technologies and regulations related to raud and raud prevention rom a global perspective.
The Members Group . 1500 NW 118th Street . Des Moines, Iowa 50325 . 800.268.1884 . www.TheMembersGroup.com