Three Fraud Trends

And how your community bank can stop them

It took only a week for the staff at First State Bank in Barboursville, W.Va., to discover that a local restaurant’s employees were skimming credit and debit cards. “Several customers had a rash of counterfeit transactions right after dining at this restaurant,” says Sam Vallandingham, the community bank’s vice president and chief information officer.

When a thief initiates card fraud against a customer at your community bank, several parties along the path of the payment can detect the fraud. They include the merchant, the merchant’s bank, your community bank and your customer. Lately, I am hearing increased reports of fraud resulting from card skimming, check counterfeiting and corporate account takeovers.

Let’s look at strategies and controls your bank should have in place to mitigate the risk related to each type of fraud.

1. Card skimming

Card skimming happens when someone uses a small electronic device (a skimmer) to swipe and store victims’ credit card numbers. The card information is resold to counterfeiters, who produce replica cards and use them until the fraud is discovered or the customers’ accounts are drained.

Like those in Barboursville, restaurants can be the ideal place for this type of fraud, because the thief usually processes the victim’s credit card out of view. Skimming kits are sold to would-be thieves online, where there is a thriving market for the sale of card information. The devices are easy to use and require no technological savvy.

Best strategies

* Monitor for fraud and identify patterns. While many core providers offer robust fraud/suspicious item reporting, smaller community banks do not need automation to determine patterns as long as all fraud cases are routed to one, centralized location within the bank. In such a case, one person should be assigned to look for common patterns or similar behavior. That process worked successfully for the First State Bank.

* Invest in neural networking. Neural networks, while costly, allow banks to design customized antifraud strategies to detect and avoid fraudulent activity. These systems score fraud risk and can capture patterns often missed by traditional fraud detection methods. One example is Falcon Fraud Detection, offered by ICBA Bancard, ICBA’s payments services corporation for community banks.

* Notify authorities promptly. Sometimes fraud can be halted by alerting the card network and local law enforcement immediately.

* Educate customers. In many cases, vigilant consumers and employers can recognize and report suspicious activity in time to catch a skimmer. Merchant acquirers and consumers should be made aware of skimming and the need to report suspicious activity to your community bank.

2. Check counterfeiting

While check writing is declining, most community banks are noticing a sharp increase in check counterfeiting due to more advanced scanners, high-grade printers and easy availability of high-grade paper and magnetic ink. While 20 years ago check counterfeiters used costly printing presses, now the same fraud can be committed on a home PC using Photoshop and a laser printer.

Magnetic toner makes detecting counterfeits much more challenging, as does the fact that if the item has been imaged, your bank will not have the original. While many counterfeits are low-grade scans, reliance on technology such as check readers and scanners means that even a sloppy counterfeit might get through.

Best strategies

* Consider positive pay. A company can issue checks in its normal way and also submit to the bank an electronic file of the issued check data. The checks are received for clearing, your bank compares them to the positive pay file, and payment occurs only when there is a match. If there is not an exact match, your bank alerts the company of a possible fraudulent check.

* Educate check-handling personnel to identify possible counterfeits. Human detection is still the first line of defense. Tellers and merchants who receive checks should be trained to recognize potential counterfeits.

3. Corporate account takeovers

Though this fraud is still infrequent, its loss potential is huge. A fraudster can steal your business customer’s online banking credentials via malware and use them to access bank accounts and engage in fraudulent banking activity. This malware, usually called Zeus or SpyEye, is highly advanced and can detect-and breach-any online authentication.

Once thieves have access to online banking credentials, they can conduct fund transfers by either ACH or wire to the bank accounts of their associates, often internationally. Because business accounts tend to have high balances, losses can be huge. While several banks have gone as far as suing their business customers to recover the losses, taking such a step could damage your bank’s reputation with other business customers.

Best strategies

* Assess the risk. Don’t assume that your bank’s cash management or business banking service is always completely secure, or that the preventing fraud is only your vendor’s responsibility; it also is a shared responsibility of you and your customer. While vendors may offer security features with their business banking systems, it’s your duty to research them to determine if the protection is sufficient enough to thwart an attack by Zeus or SpyEye.

* Use multiple layers. While tokens and IP-location recognition can help eliminate some of this fraud, Zeus and SpyEye can detect all online activity. So the best defense is to have a non-Internet, out-of-band layer-of-authentication process. That process can be as simple as having the customer call your bank to verify initiating a funds transfer or using a customer code that is given to the customer by mail, over the phone or in person. Dual control is another effective way to thwart an attack.

* Again, educate customers. This fraud happens through malware-infected computers, so businesses need to understand best practices. Computers used for business banking should not double for personal use. The Internet Security Alliance offers robust best practices that can help businesses prevent online fraud, and the Better Business Bureau offers an excellent handbook called “Data Security Made Simple.”

Prevention 101

New tools such as neural networking, advanced authentication and pattern recognition can certainly be useful in combating card fraud. But even if your community bank implements advanced fraud detection solutions, it shouldn’t neglect the old reliable methods: visual identification, phone authentication and a central department to investigate fraud claims. For these three fraud types, payment fraud insurance can help mitigate the associated losses.

The challenge and mantra for any fraud prevention is threefold: Monitor and recognize fraud patterns, educate your customers, and use robust tools and methods to recognize and prevent losses.

Help Safeguard Your Bank’s Bottom Line

ICBA Bancard’s exclusive Fraud Loss Protection Plan limits your bank’s liability from fraudulent card use. This program protects your bank from the top industry fraud categories and provides reimbursement in the event of catastrophic card losses.

To learn more, call (800) 242-4770 or visit www.icbabancard.org/protectme.

Cary Whaley (cary.whaley@icba. org) is ICBA vice president for payments and technology policy.