COMMENT
“One of the key themes
that stood out for us
is the level of ‘social
engineering’ criminals
are now using. Aggressive
and manipulative phone
calls to victims to reveal
PIN numbers is just one
example of this.”
hotels. Offers that appear too good to be true
often are. Act with caution if using a travel agent
you have not previously used; this is a common
scam for fraudsters.
5. Check your statements carefully. Check your
bank statements carefully for irregular purchases
– even those that appear in a nearby location
and for small amounts. Alert the bank if you
suspect fraudulent activity.
Digital Shadows offers the following five tips
for merchants:
1. Learn about latest techniques. Criminals will do
what they can to avoid friction. If certain banks
have better anti-fraud measures, the instructors
recommend avoiding them. Understand what
makes carding difficult. 3D Secure, for example is
an additional layer of security deployed by Visa
and Mastercard, is proven to be a real obstacle
for criminals.
2. Make security as important as user experience.
There must always be a balance between
security and user experience, but online
merchants should be aware that criminals are
turning to mobile apps to commit payment card
fraud as it provides them with fewer obstacles.
www.intelligentcio.com
3. Monitor for mentions of cardable sites. Criminals share
lists of cardable sites; if your company name crops up,
it’s a good indication that you are experiencing fraud.
Companies can search with the help of Google Alerts or
open-source web crawlers like Scrapy to look for mentions
of their brands.
4. Train your staff and your customers. Remember that the
most advanced methods all involved social engineering.
5. Don’t be part of the problem. Cashing out is only one
small part of the fraud; the harvesting of credit card
information is required first. Protect your customers’ credit
card information by storing the information securely and
ensuring payment software is patched.
Digital Shadows offers the following five tips for
card providers:
1. Detect phishing with DNS Twist. Proactively monitor for
permutations on your domain name, which could help you
to detect any criminal seeking to harvest information from
your customers.
2. Understand threats against your customers. Monitor the
activity of banking trojans, such as Trickbot, to identify
patterns in their targeting and techniques used to gain
access to your customers’ computers.
3. Monitor for AVC shops for BINs and IINs. Monitor for Bank
Identification Numbers (BINs) and Issuer Identification
Numbers (IINs) that are offered for sale. In many cases, it
is possible to free text search and filter by BIN numbers.
4. Monitor IRC checking channels. Monitor IRC checking
channels for BINs and IINs that are indicative of a criminal
testing an individual’s card.
5. Benchmark yourself against peers. Understand which card
providers fraudsters recommend not using, and use this to
understand where your company stacks up. n
INTELLIGENTCIO
25