Avoiding fraud committed by large-scale criminal organizations using stolen credit cards and botnets or proxy servers can be particularly difficult.
A number of enterprise-level antifraud solutions are available, but none of them have been found to be flawless. Also, even highly reliable antifraud solutions, if their technology does not continue to develop to match or surpass high-tech fraud methods, can quickly become ineffective.
Another difficulty related to choosing an antifraud solution is that many such applications offer a single technology that can identify only one type of fraud attack or one element that comprises a fraud attack. This is like a scientist wanting to analyze all the radiation coming from a distant star but using a single telescope to accomplish the task. The telescope can detect only visible light, which makes up a small fraction of the total amount of radiation emitted by a star. The true solution is to employ a detection method that uses multiple devices together to gather the total amount of information the star generates.
Any effective antifraud application must either aggregate the solutions provided by multiple antifraud vendors or must offer, within a single platform, a suite of multiple technologies in order to provide a comprehensive service.
Besides the effectiveness of the antifraud platform, cost is a deciding factor when measured against losses and potential losses to fraud. This is a significant consideration for smaller online vendors who might not have the budget to implement antifraud tools.
Because the majority of department store credit card and gift card fraud is associated with acquiring card numbers and is related to either employees being duped by fraudsters or employees committing the fraud, there are two solutions to consider. It’s critical to train store employees in social engineering scams so they don’t reveal even partial customer account information and do not add unauthorized persons to a customer’s account.
Guarding gift card numbers is especially important. Some stores have taken steps to sell gift cards in sealed containers so that only the customers can access the number after the purchase. This also thwarts casual thieves who “shop” for gift card numbers displayed in publicly available racks. Others store gift cards behind the counter in a locked cabinet.
PayPal, for example, takes steps to inform customers of how to avoid fraud by offering advice on its website, but the advice is the same advice you’ve read elsewhere in this book regarding phishing, vishing, and other social engineering scams.
Also, frequent monitoring of banking and payment accounts can allow companies to quickly realize when fraud has taken place, allowing them to stop or revoke payments and to notify law enforcement agencies.
Stu Sjouwerman is founder and CEO of KnowBe4.