17 July 2018
Andre Edelbrock

AndreEdelbrock

Andre Edelbrock - Ethoca

8Posts 34,646Views 1Comments
Finextra community

Transaction Fraud Systems and Analysis

A community for discussion of Transaction Fraud systems and anlaytical techniques for bank card and financial services organisations.

Shining Light on a Shadowy Dark Underworld of Online Fraud

23 June 2009  |  4627 views  |  0
Elliot Castro is a born-again fraudster, who now acts as an independent fraud consultant. It's fascinating to watch and listen to him speak on this recent Finextra video clip , because although he's precisely the kind of guy that my company works round the clock to stop, his keen understanding of social vulnerabilities that trump the best security systems is scary riveting and underscores the complexity of ecommerce fraud, and the difficulty that banks, merchants and consumers have in protecting themselves. The simplicity of the schemes used to perpetrate these crimes, the fraudsters' brazenness and the organization of the underground criminal networks kept me on the edge of my seat.   

Castro notes that once the fraudster has real personal information, merchants are nearly defenseless, virtually unable to distinguish between a real and fraudulent transaction.  This information is easier to obtain than it may seem.  For example, a fraudster might call a hotel front desk and ask to speak to a guest with a common name such as “Mr. Smith.” Put through to Mr. Smith, the fraudster explains that his credit card was turned down at check-in and they need to provide a new number, confirming the name as spelled on that card and the CVV2 code.  It's that simple.

As simple as Castro found it to swipe personal data, it's even harder for businesses to protect against that data being used in a fraudulent manner.  Without a crystal ball, the task is nearly impossible. And, like any criminal, fraudsters only need to be successful occasionally, whereas those defending against fraud need to be successful all the time.

How tough is that? Castro asserts that the number of fraudsters outweighs those fighting fraud by 10 to 1, begging the question, would you pick a solo fight with a Roman legion? Nonetheless, merchants walk into that fray everyday, Outnumbered, outgunned, and working alone.

Far from working alone, the criminals have become highly organized and collaborative. They share schemes, botnets, and scripts. They have social networking sites and communities where they buy and sell data and discuss merchant vulnerabilities openly, and how to defeat the technologies used against fraud. One such community, DarkMarket, was recently shut down by the FBI. But we know that within hours, multiple new sites had sprung up like mushrooms to replace it.

The lesson in this? The good guys need to take a page from the fraudsters. It's high time we stopped acting like lone wolves. Against big business-like efficiency, sophisticated organization, single-minded determination and a community effort by the criminals, banks, issuers, police and online merchants stand no chance. But by collaborating, sharing what they know about crime to create a 360-degree view of online behaviors, they can more than level the playing field and turn the tables on fraudsters.

It's that simple -- and it's that hard.

TagsPaymentsRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Andre

Payments Fraud Hurts All of Us

02 July 2009  |  3935 views  |  0 comments | recomends Recommends 0 TagsPaymentsRisk & regulationGroupTransaction Fraud Systems and Analysis

CardSystems Case Signals Accountability and Liability Shift

26 June 2009  |  6246 views  |  0 comments | recomends Recommends 1 TagsCardsSecurityGroupTransaction Fraud Systems and Analysis

Cybercrime Czar? Government bailout for cybercrime?

01 June 2009  |  4732 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulationGroupInformation Security

Thinking and Awareness Needed to Stop Crime, Not Just Tech

27 May 2009  |  4657 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulationGroupInformation Security

Andre's profile

job title CEO
location Toronto
member since 2009
Summary profile See full profile »
As CEO and co-founder of Ethoca I drive the strategic direction of the business and business development.

Andre's expertise

Member since 2009
8 posts1 comments
Andre's blog archive
2009 (8)

Who's commenting on Andre's posts