Last Saturday, the penultimate weekend of regular-season NFL football started off with a bang. The San Diego Chargers had a great overtime win , keeping their playoff hopes alive. (Go Chargers!) But during Sunday’s NFL games, as the Dallas Cowboys clinched their playoff berth, the local news featured the tragic story of a house fire that left one firefighter injured and a 90 year-old owner without a home. One dog had died in the fire and another dog was injured –– all right before the holidays.
But this very sad news story had a hopeful ending. A website had already been set up at which people could donate money to this elderly person, and dog lover, in need.
A Grinch moment
And so I did. Right there from my couch. I went to the secure donation site, entered my information and sent an anonymous donation, grateful to be able to help someone who really needs it.
But as I pushed the “send” button I felt, for a fleeting moment, like the Grinch who stole Christmas: I had a wonderful, awful idea. I wondered, “What if the site is fake? If I were a fraudster, I would now have in my hand the keys to TJ’s kingdom.”
The opportunity of convenience
My dismal little vignette captures what I believe will be the next big trend in fraud: exploiting consumers’ love of convenience to gather personal information that can be used to commit financial crime.
The fact is, consumers love the convenience that digital transactions provide. So do fraudsters. Whether we are shopping online, donating to a good cause, using BillPay, or sending funds from the comfort of our mobile device or computer, we are sending information into the great unknown that is the Internet.
The vast majority of the time, everything is fine and the mechanisms to catch fraud work as they should. But fraudsters are increasingly innovative, thinking of incredibly clever new ways to capture personal information to carry out financial fraud. How safe is that information, really?
Domino’s delivers – fraud
For example, this article in the New York Times recently caught my eye. It’s about how fraudsters in Brooklyn used third parties and the Domino’s Pizza mobile app to test out stolen credit card numbers. If a stolen card number worked to make an indirect pizza purchase, it could also be used to make bigger-ticket fraudulent buys. Seeding the stolen card numbers out to multiple testers blurred the pizza trail back to the fraudsters.
Once again, consumers’ love of convenience (using an app to order pizza) is the conduit for fraud. Sadly, it’s really a brilliant scheme that left Domino’s liable for “a record spike in [fraudulent] sales,” according to the Times article, which reported the arrests of several pizza orderers but not the fraudsters who provided the stolen card numbers.
Fighting fraud with protection
The Domino’s incident captures the intensity of “fraud innovation,” which is always on the move. In just one year we’ve gone from a clever hack of an HVAC vendor’s network (the entry point for the Target data breach), to the creative use of mobile apps to test stolen numbers. The social media recruitment of testers in the Domino’s case is an extra fillip.
I wonder where we’ll be a year from now? What kinds of schemes will fraudsters come up with in 2015? And what can be done about it?
As consumers and businesses, our best defense is vigilance and protection. At the most fundamental level, changing passwords to our personal banking and other financial accounts frequently is a pain, but really necessary.
That’s because, when you read about the breaches that unfortunately take place, it’s not just financial information that is breached. The “long tail” of danger lies in the theft of personal information like email addresses, birth dates and other nuggets that are gold in a fraudster’s hands. Data breaches are merely a breeding ground of opportunities for misuse of that data.
A holistic view into customers’ financial lives
At FICO, 2014 saw many innovations in the FICO® Falcon® platform, including the launch of holistic fraud protection for every aspect of consumers’ financial lives, from payment card transactions, to online and mobile banking and payments, as well as new card-backed e-payment mechanisms like ApplePay. These capabilities allow fraud to be correlated better across a customer’s entire relationship with a financial institution, and thus detected faster. This can make a significant difference in stopping new types of fraud as they emerge.
As we enter the New Year, I wish you joy, peace and peace of mind. Your comments and social shares are welcome.