Pub. 3 2024 Issue 3

THE LATEST FRAUD TRENDS Debit card fraud is on the rise. It accounts for about 40% of all card fraud. Here’s what our SHAZAM fraud specialists are noticing and what financial institutions can do to protect their cardholders. SOCIAL ENGINEERING SCAMS ARE STILL COMMON Bad actors continue to use social engineering schemes to trick cardholders into providing their sensitive information. In these schemes, bad actors often claim to be a trusted financial partner or a representative of a well-known merchant. In their calls, emails or text messages, they will allege there’s a problem with a person’s card or account. These false narratives are meant to play on cardholders’ emotions to trick them into giving up their sensitive data such as their card number, log-in credentials or a one-time password. Education is key in protecting cardholders from being caught up in these malicious attacks. Remind them to be skeptical of unsolicited calls or emails. Cardholders should avoid giving out sensitive information by phone or via email. Financial institutions may need to verify personal information if a cardholder calls them, but never the other way around. Financial institutions should also review their internal verification processes. Pay attention to customer behaviors and listen to their responses. Empower staff members to investigate further if a cardholder request is unusual behavior from previous interactions. If their gut is telling them something is off, odds are they are probably right. FRAUDSTERS LURKING TO ATTACK BINS Cybercriminals are constantly looking to stay in the shadows to get their hands on cardholder information. The industry continues to see this behavior by fraudsters through enumerative account testing to identify valid issued cards and solve card issuance strategies. To make it more difficult for fraudsters to predict patterns it’s our recommendation, and industry best practice, to randomize card issuance in your assigned BIN range. Think of it this way — randomization is the equivalent of finding a needle in a haystack. Who wants to go searching for that? Certainly not a criminal. Financial institutions can go even further with card blocks. This gives you the power to manage authorization blocking at the primary account number and bank identification number levels. You can implement blocks by combinations of criteria or just one, for a specific amount of time or indefinitely. The wide array of available blocking criteria allows you to create blocks easily based on cardholder requests and fraud trends identified by your institution. ACCOUNT TESTING: THE FIRST SIGN OF FRAUD Fraudsters often test the waters on any cardholder information they may have illegally obtained by making a small transaction, typically under $5. If a test authorization is approved, fraudsters use the information to commit more fraudulent transactions or sell the information on the dark web. The ability to detect these threats before they can cause damage is critically important. Review active cases and submit updates when you confirm the activity with your cardholder. If the cardholder can’t be reached or the activity can’t be verified, update the case status to unable to confirm. You can also adjust your financial institution’s daily limits. A daily limit on debit card withdrawals ensures the account associated with the debit card is safe and cannot be emptied in the event a person’s debit card is compromised. If your cardholders in general are not asking to raise limits, consider lowering them to better protect your cardholders and your financial institution. PROTECTING FINANCIAL INSTITUTIONS AND CARDHOLDERS Fraud investigations are a constant balance of risk versus convenience. It is important to remember even small fraudulent transactions can quickly become big problems for you and your cardholders if they go undetected. However, by investing time and resources into fraud mitigation strategies, you can reduce fraud losses for your financial institution and provide peace of mind for your cardholders. Ryan Dutton is an experienced fraud strategy manager with a 17-year history of working in the fraud detection industry, focusing on the management of payment card fraud. Ryan’s focus is managing payment card fraud. His work at SHAZAM gives him a front-row seat to the challenges facing community financial institutions. AND PREVENTION BEST PRACTICES By Ryan Dutton Senior Fraud Operations Manager, SHAZAM, ICBC Associate Member INDEPENDENT REPORT | 19

RkJQdWJsaXNoZXIy MTg3NDExNQ==