|Copyright:||(c) 2011 Independent Community Bankers of America|
And how your community bank can stop them
It took only a week for the staff at
When a thief initiates card fraud against a customer at your community bank, several parties along the path of the payment can detect the fraud. They include the merchant, the merchant’s bank, your community bank and your customer. Lately, I am hearing increased reports of fraud resulting from card skimming, check counterfeiting and corporate account takeovers.
Let’s look at strategies and controls your bank should have in place to mitigate the risk related to each type of fraud.
1. Card skimming
Card skimming happens when someone uses a small electronic device (a skimmer) to swipe and store victims’ credit card numbers. The card information is resold to counterfeiters, who produce replica cards and use them until the fraud is discovered or the customers’ accounts are drained.
Like those in
* Monitor for fraud and identify patterns. While many core providers offer robust fraud/suspicious item reporting, smaller community banks do not need automation to determine patterns as long as all fraud cases are routed to one, centralized location within the bank. In such a case, one person should be assigned to look for common patterns or similar behavior. That process worked successfully for the
* Invest in neural networking. Neural networks, while costly, allow banks to design customized antifraud strategies to detect and avoid fraudulent activity. These systems score fraud risk and can capture patterns often missed by traditional fraud detection methods. One example is Falcon Fraud Detection, offered by
* Notify authorities promptly. Sometimes fraud can be halted by alerting the card network and local law enforcement immediately.
* Educate customers. In many cases, vigilant consumers and employers can recognize and report suspicious activity in time to catch a skimmer. Merchant acquirers and consumers should be made aware of skimming and the need to report suspicious activity to your community bank.
2. Check counterfeiting
While check writing is declining, most community banks are noticing a sharp increase in check counterfeiting due to more advanced scanners, high-grade printers and easy availability of high-grade paper and magnetic ink. While 20 years ago check counterfeiters used costly printing presses, now the same fraud can be committed on a home PC using Photoshop and a laser printer.
Magnetic toner makes detecting counterfeits much more challenging, as does the fact that if the item has been imaged, your bank will not have the original. While many counterfeits are low-grade scans, reliance on technology such as check readers and scanners means that even a sloppy counterfeit might get through.
* Consider positive pay. A company can issue checks in its normal way and also submit to the bank an electronic file of the issued check data. The checks are received for clearing, your bank compares them to the positive pay file, and payment occurs only when there is a match. If there is not an exact match, your bank alerts the company of a possible fraudulent check.
* Educate check-handling personnel to identify possible counterfeits. Human detection is still the first line of defense. Tellers and merchants who receive checks should be trained to recognize potential counterfeits.
3. Corporate account takeovers
Though this fraud is still infrequent, its loss potential is huge. A fraudster can steal your business customer’s online banking credentials via malware and use them to access bank accounts and engage in fraudulent banking activity. This malware, usually called Zeus or SpyEye, is highly advanced and can detect-and breach-any online authentication.
Once thieves have access to online banking credentials, they can conduct fund transfers by either ACH or wire to the bank accounts of their associates, often internationally. Because business accounts tend to have high balances, losses can be huge. While several banks have gone as far as suing their business customers to recover the losses, taking such a step could damage your bank’s reputation with other business customers.
* Assess the risk. Don’t assume that your bank’s cash management or business banking service is always completely secure, or that the preventing fraud is only your vendor’s responsibility; it also is a shared responsibility of you and your customer. While vendors may offer security features with their business banking systems, it’s your duty to research them to determine if the protection is sufficient enough to thwart an attack by Zeus or SpyEye.
* Use multiple layers. While tokens and IP-location recognition can help eliminate some of this fraud, Zeus and SpyEye can detect all online activity. So the best defense is to have a non-Internet, out-of-band layer-of-authentication process. That process can be as simple as having the customer call your bank to verify initiating a funds transfer or using a customer code that is given to the customer by mail, over the phone or in person. Dual control is another effective way to thwart an attack.
* Again, educate customers. This fraud happens through malware-infected computers, so businesses need to understand best practices. Computers used for business banking should not double for personal use.
New tools such as neural networking, advanced authentication and pattern recognition can certainly be useful in combating card fraud. But even if your community bank implements advanced fraud detection solutions, it shouldn’t neglect the old reliable methods: visual identification, phone authentication and a central department to investigate fraud claims. For these three fraud types, payment fraud insurance can help mitigate the associated losses.
The challenge and mantra for any fraud prevention is threefold: Monitor and recognize fraud patterns, educate your customers, and use robust tools and methods to recognize and prevent losses.
To learn more, call (800) 242-4770 or visit www.icbabancard.org/protectme.