Blog article
See all stories ยป

Fraud Jump Directly Connected to Data Breach Epidemic

Last week, Finextra carried a report from Cifas that UK fraud rose 16% in 2008. The recession was blamed for more Brits turning to crime. A big part of the increase was also attributed to a 207% jump in "facility takeover" fraud. I commented on that story directly, but decided this was a worthy item to begin my own Finextra community blog.

A major contributor to the growth in fraud related to "facility takeover", or account takeover, is the stunning rise in the number and severity of data breaches. Just in the past few weeks notifications of massive breaches have been sent by RBS Worldpay and Heartland Payment Systems in the US (the largest breach, by far, ever reported). These connections are examined in more detail on my personal Fraud Intel blog.

While preventive actions and greater risk awareness can slow this alarming trend, breaches can't ever be completely stopped. Nor can the rise in criminal activity due to a slowing economy. Fraud management requires a multi-point effort starting with improving front-end security and risk awareness, but also effective detection and prevention technologies and practices at the back-end.

However, to make significant inroads into reversing the growth in fraud, we need a 360 degree view of the fraudster -- something that can only be obtained by broad global collaboration by merchants, law enforcement, vendors, payment processors and card issuers. The clarion call's been sounded. How will we respond?

2629

Comments: (1)

A Finextra member
A Finextra member 05 February, 2009, 09:38Be the first to give this comment the thumbs up 0 likes

Hi Andre,

Would you believe that :

A system exists that PREVENTS fraudsters from taking over accounts (online banks, email, cards) even with knowledge of simple userid/password combinations?

I can not directly advertise the name of this system or the company, but the CEO of this company that offers these systems, I heard, will put out a press release soon.

I can only describe how it works since I already tried it.

With this system, fraudsters, even if they know my different userids and passwords, will not be able to access my accounts.

This system also alerts me each and everytime someone do try to access my different accounts with my valid userid/password combinations. The alert gives me other information concerning where the attempt came from, etc. I also do not need to respond to the alert notifications since whoever attempted to use my valid userid/password is denied access to begin with.

Unlike companies that advertise that their systems fight man-in-the-middle attacks, this particular system really does.

What this system showed me is that Fraud can be easily eradicated with the usage of effective systems.