Battling Payment Card Fraud in the COVID-19 EraGord Jamieson of Visa on How to Mitigate New Fraud Risks
The shift to online shopping - and card-not-present transactions - during the COVID-19 pandemic has driven fraudsters to shift their strategies, including ramping up efforts to open fraudulent accounts, says Gord Jamieson of Visa, who offers advice on mitigating the risks.
See Also: Top 50 Security Threats
From his view as the senior director of Canada risk services for Visa, Jamieson got a first-hand look at how fraudsters and cybercriminals quickly adjusted their tactics.
Jamieson shared his observations about how fraud has changed during Information Security Media Group's recent Virtual Cybersecurity & Fraud Summit: Toronto.
In addition to Jamieson, attendees got a chance to hear from other fraud-fighting experts, including Jeff Dant, managing director, fraud operations and intelligence - financial crimes unit at BMO Financial Group, who addressed how fraud fusion centers have changed over the last five years and why banks and financial institutions need to invest in technologies such as machine learning and artificial intelligence to keep their operations up-to-date (see: Analyzing the Role of Fraud Fusion Centers).
Social Engineering Tactics
Fraudsters are using social engineering tactics aimed at remote workers designed to gather as much personal information as possible to open up fake accounts or take over real ones, Jamieson noted.
"They are creating spoofed networks and sites related to the emails they are sending out and trying to phish people with emails," Jamieson said. "And what they are trying to do is get personal information from remote workers. So issuers and merchants and businesses alike need to pay particular attention."
Almost from the start of the pandemic, Jamieson said, Visa saw a spike in the number of phishing emails that fraudsters were sending that latched onto some of the fears and doubts surrounding COVID-19. Jamieson noted that these malicious messages not only targeted Visa's customer base, but also online merchants.
"We are see phishing emails going directly to financial institutions, businesses, merchants and consumers," Jamieson said. "The fraudsters are looking at ways that will make you click on that link to download malware or spyware onto your infected device. We also saw a change in methodologies and tactics where the criminal operations are now focused much more on this global health crisis."
Fraudsters are creating bogus merchant websites "just strictly for the purpose of obtaining information from the card holder for personal account information," he said.
To help mitigate fraud risks, Jamieson recommended conducting real-time velocity monitoring, which can help check for suspicious patterns, such as when fraudsters attempt to test stolen payment card numbers to ensure that they are still valid.
Jamieson also said employees, especially those working remotely, need additional training to spot phishing attempts.
Jamieson expects the surge in ecommerce to continue in the months to come.
"The sudden increase over the past few months is going to serve as a powerful catalyst," he said. "We see these consumers who have not shopped online before making their first payments online during COVID."
The continuing shift "is going to have a huge impact on the way our issuers manage fraud going forward," Jamieson said.
For online transactions, Jamieson suggested merchants require the use of the CVV number, deploy address verification services and use technologies such as the 3D Secure - a messaging protocol that enables consumers to authenticate themselves with their card issuer when making card-not-present e-commerce purchases.