A post relating to this item from Finextra:
10 October 2011 | 6793 views | 1
New York authorities have indicted 111 people - including bank tellers - accused of participating in an identity theft scam that saw counterfeit credit cards used to steal more than $13 million.
News that 111 people were arrested last week in New York in a US$13 million card fraud scam was a useful reminder of just how easy it still is to skim credit card details in the US. NYPD Commissioner Raymond Kelly was quoted as saying: “Thieves have an amazing
knowledge of how to use technology . . . The schemes and the imagination that is developing these days are days are really mind-boggling.'
In fact there was nothing sophisticated about this crime, just “traditional” skimming of customers’ credit card details which could be used either to manufacture false credit cards or for online purchases. This is a lot easier in the US where credit card
companies don’t use the microchips common in European cards, but those chips don’t prevent, for example, the use of stolen credit card details for online purchases.
As I have argued before, the financial industry’s main focus should be on preventing fraudsters from using stolen data. Technology can already show that an individual (in fact his/her mobile phone) is not in the US when his/her credit card is being used
at a POS in New York. Technology can do so in total respect of privacy laws, through anonymous correlation, and in a way that is totally invisible to the customer before such withdrawals and purchases are authorised. Technology can also support additional
strong transaction authentication and verification methods, namely through an automated call to that phone can immediately confirm that fact, and – if the card holder rejects the transaction – alert the issuing bank to block the card.
And if the fraudsters have gone to the lengths of swapping the sim card or automatically forwarding calls to the customer’s mobile number on to a number of their own, that can also be detected. The level of authentication can be tailored to the transaction
type and size, and can even include voice biometrics for added security if the card issuer wants to use it.
The key lies in real-time detection, prevention and immediate resolution enabled by the empowered customer. The security technology industry has a job to do in encouraging customers to question just how it is possible in 2011 for a skimming scam like the
one uncovered in New York to be so profitable on such a scale. That really is a mind-boggling thought.