Article

Credit Unions Scramble to Detect Card Fraud

hand with card near swipe device on orange background

3 minutes

Use real-time insights to identify exposed card data rather than analytics based on drastically changing consumer behaviors.

Sponsored by Advanced Fraud Solutions

Credit and debit cards represent the most at-risk payment tool in the U.S. According to the Federal Trade Commission, card fraud has consistently topped the list as the most frequently reported identity fraud incident. And with some 115 million compromised cards for sale on the dark web and almost 90 million of those from the U.S., credit unions are scrambling to recognize true points of compromise.

In fact, Gemini Advisory, in a new report, identified breaches of 384 merchants with a combined 1,425 exposed locations across 48 states and 10 countries/territories.

What is more, consumers embracing e-commerce due to the pandemic has only inflamed these concerns, as more purchases (and thus fraudulent activities) are taking place online.

To highlight this shift, according to Gemini, the demand for card present records declined by 40% in 2020. Meanwhile, the demand for card-not-present records rose in 2020 with 40 million CNP cards exposed.

What Are the Card Fraud Threats?

CNP breaches in 2020 relied on sophisticated phishing methods and e-commerce scams, such as Magecart attacks—supply chain attacks that specifically target the Magento ecommerce platform—where malicious hacker groups target online shopping systems to steal customer payment card information.

Magecart attacks were becoming more prevalent before the pandemic. With remote work and online traffic on the rise, they became even more attractive as a means of attacking e-commerce sites. Gemini reported Magecart attacks affected 9,029 sites with 814 attacker domains, primarily affecting the United States, Germany and the Netherlands.

To conduct these card fraud scams, cybercriminals often create e-commerce shops to advertise and sell their goods. When consumers make a purchase, the shop collects their payment card data and personally identifiable information, which fraudsters sell on dark web marketplaces. E-commerce fraud adapted through fraudulent shops that originally advertised medical supplies, and later clothing and recreational deals, all to convince shoppers to input their sensitive card data. In-person dining restrictions also led cybercriminals to target restaurant websites offering online ordering, allowing criminals to compile additional CNP records.

Analysts also noticed hackers deploying new tactics, such as steganography, in which they append data skimming code to the end of image files such as scalable vector graphics, where fraudsters transform scripts into character codes and implant them on their marks’ sites. In addition, fraud operators circumvent certain payment systems to collect card information, utilizing evolving data exfiltration techniques, and target online shops running out-of-date e-commerce platforms.

How to Detect the Threats

Social distancing has drastically altered our lives, including how people interact and do business. For CUs, it made tracking potentially fraudulent activity through their customers’ spending habits near impossible.  

Tracking potentially fraudulent activity through customers’ behavioral analytics focused on their buying habits may be inadequate to thwart today’s card fraud tactics. Instead, CUs need to apply hard data to their fraud controls.

CUs can utilize a large, up-to-date fraud database that scrutinizes at-risk debit and credit cards encompassing dark and deep web-based sources. Preventing attacks at the common point of purchase can proactively prevent fraud operators from exploiting sensitive card data.

CUs should also take a proactive approach instead of the reactive method inherent in behavioral analytics. This includes access to real-time insights to identify exposed card data, the true point of the compromise and which card(s) within a financial institution’s portfolio are at risk. This model allows a CUs to act immediately.

Advanced Fraud Solutions, High Point, North Carolina, has been a trusted leader in providing fraud mitigation tools for banks and credit unions nationwide for over a decade. In 2007, a group of regional financial institutions in North Carolina, seeking a way to share counterfeit check information between one another, established the premise of Advanced Fraud Solutions. This idea of banks and credit unions contributing bad check data to work together in the fight against fraud was born and has grown exponentially over the years. Today, we have over 650 financial institutions nationwide utilizing a wide variety of fraud prevention tools, yet still subscribing to the idea that sharing high-risk information is the best approach to fighting fraud.

CUES Learning Portal