Intelligent CIO Middle East Issue 22 | Page 25

COMMENT “One of the key themes that stood out for us is the level of ‘social engineering’ criminals are now using. Aggressive and manipulative phone calls to victims to reveal PIN numbers is just one example of this.” hotels. Offers that appear too good to be true often are. Act with caution if using a travel agent you have not previously used; this is a common scam for fraudsters. 5. Check your statements carefully. Check your bank statements carefully for irregular purchases – even those that appear in a nearby location and for small amounts. Alert the bank if you suspect fraudulent activity. Digital Shadows offers the following five tips for merchants: 1. Learn about latest techniques. Criminals will do what they can to avoid friction. If certain banks have better anti-fraud measures, the instructors recommend avoiding them. Understand what makes carding difficult. 3D Secure, for example is an additional layer of security deployed by Visa and Mastercard, is proven to be a real obstacle for criminals. 2. Make security as important as user experience. There must always be a balance between security and user experience, but online merchants should be aware that criminals are turning to mobile apps to commit payment card fraud as it provides them with fewer obstacles. www.intelligentcio.com 3. Monitor for mentions of cardable sites. Criminals share lists of cardable sites; if your company name crops up, it’s a good indication that you are experiencing fraud. Companies can search with the help of Google Alerts or open-source web crawlers like Scrapy to look for mentions of their brands. 4. Train your staff and your customers. Remember that the most advanced methods all involved social engineering. 5. Don’t be part of the problem. Cashing out is only one small part of the fraud; the harvesting of credit card information is required first. Protect your customers’ credit card information by storing the information securely and ensuring payment software is patched. Digital Shadows offers the following five tips for card providers: 1. Detect phishing with DNS Twist. Proactively monitor for permutations on your domain name, which could help you to detect any criminal seeking to harvest information from your customers. 2. Understand threats against your customers. Monitor the activity of banking trojans, such as Trickbot, to identify patterns in their targeting and techniques used to gain access to your customers’ computers. 3. Monitor for AVC shops for BINs and IINs. Monitor for Bank Identification Numbers (BINs) and Issuer Identification Numbers (IINs) that are offered for sale. In many cases, it is possible to free text search and filter by BIN numbers. 4. Monitor IRC checking channels. Monitor IRC checking channels for BINs and IINs that are indicative of a criminal testing an individual’s card. 5. Benchmark yourself against peers. Understand which card providers fraudsters recommend not using, and use this to understand where your company stacks up. n INTELLIGENTCIO 25