Jul 08 2011

How to protect ourselves from Payment Fraud

Category: Cyber Threats,Cybercrime,pci dssDISC @ 11:26 pm

Some basic advice has been issued by Apacs, and includes:

    * Don’t let your cards or your card details out of your sight when making a transaction
    * Do not keep your passwords, login details or Pins written down
    * Do not disclose Pins, login details or passwords in response to unsolicited emails
    * Only divulge card details over the phone when you have made the call or when you are familiar with the company
    * Access internet banking or shopping sites by typing the address into your browser. Never enter your personal details on a website you have accessed via a link from an e-mail
    * Shop at secure websites by checking that the security icon is showing in your browser window (a locked padlock or an unbroken key)
    * Always log out after shopping and save the confirmation e-mail as a record of your purchase

      For more advice you can visit:

      Spotting and avoid common scams, fraud and schemes online and offline

      How the scam works and what you need to do about it.

      and

      Online payment Security and Fraud Prevention

      Tags: Australia, Business, Credit card, Financial services, fraud, Internet fraud, Online banking


      Oct 20 2010

      Incidence Of Cybertheft Surpasses Incidence Of Physical Theft

      Category: cyber securityDISC @ 1:17 pm
      私は No Click!
      Image by mie_journal via Flickr

      Fraud-related losses rose 20 percent to $1.7 billion in the past year, Kroll study says

      Incidence of theft of information and electronic data at global companies has overtaken physical theft for the first time, according to a study released yesterday.

      According to the latest edition of the Kroll Annual Global Fraud Report, the amount lost by businesses to fraud rose from $1.4 million to $1.7 million per $1 billion of sales in the past 12 months — an increase of more than 20 percent.

      The findings are the result of a study commissioned by Kroll and conducted by the Economist Intelligence Unit, which surveyed more than 800 senior executives worldwide.

      To read more: Incidence Of Cybertheft Surpasses Incidence Of Physical Theft

      Tags: Computer crime, crime, Economist Intelligence Unit, fraud, Identity Theft, Security, Theft, United States


      Jul 10 2010

      FTC Says Scammers Stole Millions, Using Virtual Companies

      Category: CybercrimeDISC @ 11:23 pm
      Seal of the United States Federal Trade Commis...
      Image via Wikipedia

      100% Internet Credit Card Fraud Protected

      by Robert McMillan
      The U.S. Federal Trade Commission has disrupted a long-running online scam that allowed offshore fraudsters to steal millions of dollars from U.S. consumers — often by taking just pennies at a time.

      The scam, which had been run for about four years, according to the FTC, provides a case lesson in how many of the online services used to lubricate business in the 21st century can equally be misused for fraud.

      “It was a very patient scam,” said Steve Wernikoff, a staff attorney with the FTC who is prosecuting the case. “The people who are behind this are very meticulous.”

      The FTC has not identified those responsible for the fraud, but in March, it quietly filed a civil lawsuit in U.S. District Court in Illinois. This has frozen the gang’s U.S. assets and also allowed the FTC to shut down merchant accounts and 14 “money mules” — U.S. residents recruited by the criminals to move money offshore to countries such as Bulgaria, Cyprus, and Estonia.

      “We’re going to aggressively seek to identify the ultimate masterminds behind this scheme,” Wernikoff said. According to him, the scammers found loopholes in the credit card processing system that allowed them to set up fake U.S. companies that then ran more than a million phony credit card transactions through legitimate credit card processing companies.

      Wernikoff doesn’t know where the scammers obtained the credit card numbers they charged, but they could have been purchased from online carder forums, black market Web sites where criminal buy and sell stolen information.

      Small Thefts Overlooked

      The scammers stayed under the radar by charging very small amounts — typically between $0.25 and $9 per card — and by setting up more than 100 bogus companies to process the transactions.

      U.S. consumers footed most of the bill for the scam because, amazingly, about 94 percent of all charges went uncontested by the victims. According to the FTC, the fraudsters charged 1.35 million credit cards a total of $9.5 million, but only 78,724 of these fake charges were ever noticed. Typically they floated just one charge per card number, billing on behalf of made-up business names such as Adele Services or Bartelca LLC.

      As credit cards are increasingly being used for inexpensive purchases — they’re now accepted by soda machines and parking meters — criminals have cashed in on the trend by running this type of unauthorized charging scam.

      “They know that most of the fraud detection systems won’t detect anything under $10 and they know that consumers won’t complain about a 20 cent fee,” said Avivah Litan, an analyst with the Gartner research firm who follows bank fraud. “What’s different here is the scale, and that they got away with it for so many years,” she said.

      Similar Cases Show Trend

      In March Alexsandr Bernik of Roseville, California, was sentenced to 70 months in prison for running a similar scam. He put tens of thousands of charges on Amex accounts, each ranging from $9 to $15. Neither federal authorities nor American Express would explain how Bernik obtained his card numbers.

      Bernik made his charges on behalf of a fictional corporation called Lexbay Ltd., but in the FTC case, the scammers would mimic legitimate companies — taking real federal tax I.D. numbers and then setting up fake businesses with nearly identical names that appeared to be located nearby. In a move that apparently tricked credit card processors into granting it a merchant account, Adele Services, for example, was set up to mimic a legitimate Bronx, New York group called Adele Organization.

      When the scammers tried to register merchant accounts with credit card processors, the processors would do some investigating, but using tricks like these, the scammers were always one step ahead.

      In fact, the FTC’s description of their operation reads like a textbook on how to set up a fake virtual corporation in the Internet age.

      The criminals used a range of legitimate business services to make it appear to credit card processors as though they were legitimate U.S. companies, even though the scammers may have never set foot in the U.S.

      For example, using a company called Regus, they were able to give their fictional companies addresses that were very close to the companies whose tax IDs they were stealing. Regus lets companies operate “virtual offices” out of a number of prestigious addresses throughout the U.S. — the Chrysler Building in New York for example — forwarding mail for as little as US$59 per month.

      Mail sent to Regus locations was then forwarded to another company, called Earth Class Mail, which scans correspondence and uses the Internet to deliver it to customers in pdf format.

      They used another legitimate virtual business service — United World Telecom’s CallMe800 — to have phone calls forwarded overseas. To further make it seem as though their companies were legitimate, the scammers would set up fake retail Web sites. And when credit card processors asked them to provide information about company executives, they handed over legitimate names and social security numbers, stolen from ID theft victims.

      When they had to log into payment processor Web sites, they would do this from IP addresses that were located near their virtual offices, again evading payment processor fraud detection services.

      One of the largest payment processors in the U.S., First Data, was a favorite of the scammers. Of the 116 fake merchant accounts the FTC uncovered, 110 were with First Data. The scammers also set up bogus accounts with Elavon and BBVA Compass.

      First Data would not comment on the measures it had taken to improve its merchant vetting process, but the company did confirm that it cooperated with the FTC investigation.

      Aided by ‘Mules’

      To get the money out of the U.S., the scammers had to recruit money mules. These were U.S. residents who were recruited online, often with spam e-mail messages. Under the impression that they were helping offshore businesses, the money mules set up bank accounts and helped the fraudsters move money offshore.

      In a letter to the judge presiding over the case, one of the mules, James P. Smith of Brownwood, Texas, says he worked for one of the scammers for four years without realizing that anything illegal was going on. Smith now says he is “ashamed” to be named in the FTC action, and offers to help catch his former boss, who used the name Alex Moore.

      The FTC’s Wernikoff believes that whoever is responsible for this crime lives outside of the U.S., but with the money-cashing operation now busted up, the scammers will have to start again from scratch, if they want to keep bilking consumers. And criminal investigators now have a trail to follow.

      “Does it prevent the people from ultimately responsible from building up again from scratch?” he asked. “No. But we do hope that this serously disrupts them.”.

      Tags: American Express, Business, Credit card, Federal Trade Commission, First Data, fraud, FTC, United States