Know Your EnemyFebruary 14, 2019
Author: Erik Ploof
Statistics show that data breach and stolen personally identifiable information (PII) are increasing at alarming rates. According to a recent article in Payments Journal – Know Thy Fraudster, the amount of compromised PII increased 72% between the first half of 2017 to the same period of 2018. Compromised PII often results in the criminal obtaining access to additional financial records including bank accounts, PINs and credit card accounts. This type of fraud is known as account takeover (ATO).
Fraudsters specializing in ATOs gain access to their victims’ accounts, then make non-monetary changes that include modifying personal information, requesting a new card or PIN or adding an authorized user. Once this routine account modification is complete, the thief is then empowered to carry out undetected illegal transactions. ATO fraud doesn’t discriminate - everything from government and employee benefits, wireless phone contracts, checking, savings, credit card, and e-commerce accounts are at risk.
Although the bulk of fraudulent purchases are made online, the supply of stolen credit card numbers and PII often originates from data breaches involving card-present POS systems. Compromised access to payment transactions and loyalty program data can pave the path for obtaining credit card or other financial details used to steal PII and purchase goods online.
Investing in basic network fraud protection is not enough to combat the devious fraudster who makes his living on ATO scams. As detailed in the Know Thy Fraudster article, you need to know the thief you are trying to thwart and then build security measures throughout your establishment. In actuality, you are not dealing with a single thief; you’re attempting to battle a ring of sophisticated ATO specialists. They are an efficient team of experts working together so they can maximize the number of attempts, share vulnerabilities and utilize individual team specialties. One section of the fraud ring may focus on acquiring data, another in selling the data and another in automation. Collectively they share the profits. To counter this den of thieves, you need to build a secure system throughout your establishment to minimize access to data, including at the point of payment.
At TableSafe we believe that minimizing the threat of data breach begins with a secure payment process that follows the strictest security standards including PCI and EMV. We protect individuals’ PII through point-to-point encryption and eliminating the need for PII to reside on the POS system. Hackers can’t steal what was never there, to begin with.
In the end, you need to realize that fraud is literally a full-time occupation for some people. If your venue doesn’t take fraud seriously, your defenses are down against people who are ready and willing to take advantage of you. Sadly, the fraudster community will always find the path of least resistance. Don’t let that be your ATO exposure to the fraudster community.