Fraud is my business. There will always be bad actors looking to take advantage of any and every opportunity to get something for nothing. And their techniques and tools are constantly changing. That keeps me busy.
Here are some of the fraud trends I’m tracking closely right now:
Sophisticated phishing attacks. It’s getting easier than ever to talk people out of their money or credentials because we have never been so connected, and we’re sharing information like never before. We’re seeing this trend in the growing world of peer-to-peer (P2P) payments. Over the past couple of years, the rise in both online shopping and P2P transactions has meant strong growth for platforms like Cash App, Venmo, and Zelle, as well as a rise in the willingness to make payments to unknown or barely-known recipients. And what’s worse, because so much information we once considered privileged can be found with social media searching, it’s easier than ever to masquerade as a legitimate seller. We encourage financial institutions to remind their members to keep their networks tight and be very skeptical about using these platforms to pay anyone outside a known circle of family and friends. Criminals are also being more aggressive about pretending to be a member’s credit union and sending text messages phishing for credentials. Be sure you clearly communicate with your members and help them recognize a legitimate text from a fraud attempt.
Card-not-present fraud is skyrocketing. Financial institutions across the country continue to experience card-not-present (CNP) fraud at an alarming rate and it is not stopping. Currently in the top fraud spot, this type of fraud occurs online and involves both credit and debit card numbers. The CNP fraud starts with either the cardholder’s information being shared by the cardholder, being phished, or found on the dark web, or through a data breach. The bad actors have moved to online card fraud since most financial institutions have implemented chips to help prevent and mitigate card present fraud.
Card-present fallback fraud continues. Bad actors know that point-of-sale devices will allow a “fallback” (magnetic strip or manual entry) transaction if a chip read fails and continue to use this as a level to push through fraudulent transactions with a card in hand. We suggest that it’s time to block fallback at the point-of-sale. In the meantime, conduct daily audits of exception reports including fallback transactions to look for spikes, patterns, and other suspicious behavior.
Brute-force ATM/ITM attacks. This is a crime as old as crime itself. We’ve noticed that physical forced entry and forcible removal of ATM/ITMs is on the rise again. Drive-up locations remain the most vulnerable to attack, so we recommend that all institutions do what they can to build up the physical defenses around their free-standing remote tellers. This includes building concrete barriers around the units, which can defeat or slow the usual approach of wrapping a chain around the ITM and pulling it with a heavy-duty vehicle. Reinforced anchoring systems, anti-ramming barriers, and strobe lights with audible alarms triggered by tampering can also help. There’s also ongoing interest in using these machines as a vector for fraud. We recommend that all machines be upgraded to support and require chip access. Magnetic strip cards remain much easier to counterfeit, and with chip technology being so common we see little reason to still support magnetic strip access. There’s always something new to discuss in fraud and prevention. Reach out and start a conversation with Allied Solutions at nafcu.org/allied.