DES MOINES, Iowa-Criminals are nothing if not innovative and imaginative.
For that reason, Credit Union Journal queried card processors to identify the latest card fraud trends. Among the responses:
• Karen Postma, cards risk senior manager for The Members Group, said she has seen a rise in criminals creating phony credit cards and intentionally making the mag stripe unreadable to get a transaction approved via keyed-in data entry, without a mag stripe swipe.
Postma said not only does the fraudster now get the transaction approved without cloning mag stripe data, but also more easily slips past standard card fraud detection rules that pay less attention to keyed-in transactions. "This is throwing fraud prevention for a loop right now and we are trying to figure out how to stop that," Postma said. "Fraudsters can take compromised card information received from the Internet and use that to make a card for an in-store purchase."
TMG saw this trend in the last half of 2011, coinciding with Visa merchant rule changes on chargebacks. Postma explained Visa changed its rules so the payments network now accepts responsibility for a keyed-in transaction, instead of the merchant, as long as the merchant gets the CV2 code. Before the change, merchants were responsible for the transaction and for making a copy of the person's card, which typically led vendors to just decline the card if the mag stripe did not work.
Postma advised CUs to have their fraud detection strategies pay close attention to keyed-in credit card transactions where the card is present.
Phony Merchant Accounts
• More cases of fraudsters using phony merchant accounts to probe for secure financial data are occurring, reported Steve Ruwe, chief risk officer for PSCU, St. Petersburg, Fla. "We used to see most of the probing coming from gas pumps or from unattended merchant terminals. It got to the point that when we saw an authorization come through for a high dollar from some unattended terminal, that was a high indicator fraud was occurring."
Now, Ruwe explained, these same types of probes are coming from crooks who set up bogus merchant accounts with an acquirer, and unbeknownst to the acquirer the thieves use that inlet to the system to initiate probes. "Or they literally conduct transactions through these invalid merchants and take off."
Ruwe said this type of threat is picking in South America, Brazil and Peru, as it moves around the globe. "Those are the hot spots. But we are also seeing this occur in Canada, which we have not seen before-mainly from liquor stores, grocery stores, and pharmacies. All of these types of merchants sell gift cards and that's what these thieves like to buy-use them just like cash."
Ruwe also cautioned CUs not to be caught off guard by fraudsters attempting to cash-in immediately on ATM skimming. He explained that PSCU recently witnessed a small ring of criminals skimming ATMs and immediately creating their own plastic to pull money out of ATMs.
"That was unusual. These guys were amateurs, because a lot of times you see the results of ATM skimming show up overseas, after the thieves sell the information," he said. "Usually on ATM skimming you see the fraud turn up sporadically, maybe after two weeks. These guys moved right away."
