Counterfeit Fraud: how it works and how to prevent it

How does it start?

Fraud begins when a card has become compromised as a result of hacking or when cyber criminals are interfering with transactions online. Card skimming is the more classical form of fraud; a criminal can use a skimming device to obtain card information directly at a terminal using a card scanner that pulls information from any given card, which can be uploaded to any card with a magnetic strip and vuala! Your debit/credit card has been duplicated. With this data criminals have only a certain amount of time to utilize it before it is flagged. However, in Europe for example where EMV has been implemented there are only two options for a thief.

The first is to attempt card-not-present fraud which is usually accomplished online. However, because EMV has decreased fraud by 80% in regions that it has been adopted, it has been made clear that this option is being phased out. Card-not-present, or CNP has doubled in the last 10 years while card counterfeit and fraud has been cut in half. In the U.L. alone counterfeit card fraud has fallen by 75% since its peak in 2008, a direct reflection of EMV migration.

As an alternative, criminals may ship the card details to countries that do not have EMV implemented.  For instance, a good chunk of EMV fraud is taking place in the U.S. which is one of the l few countries left to adopt EMV.

Verifying and Executing:

The next stop for a criminal to carry out counterfeit fraud is to initiate a small test transaction. This may be equivalent to a couple of dollars so as to avoid any red flags. Next, the real fraud occurs. Once the criminal has verified the data is indeed usable, they start executing transactions at a significantly higher value.  Criminals can obtain a collection of these fraudulent cards and use them until the accounts linked to them are closed or frozen, at which point they simply move on to the next one.


At what point can fraud be stopped?

Fraud can be stopped at multiple stages.  Quite often, consumers take measures into their own hands to protect themselves such as, protecting their PIN and not letting their card get into the wrong hands at any point, which will prevent their card from being compromised in the first place.

As for financial institutions, their tasks for fraud prevention begin when any of the above details becomes compromised. Intelligent fraud systems can analyze relationship between compromised cards and where these were used prior to fraudulent transactions being attempted. This can help providers build up a library of information to pinpoint merchant locations where card details may become compromised, improving the chances of spotting when a fraud occurs in other potentially vulnerable cards.

The payment industry has the task of actually preventing fraud from occurring in the first place, which can be difficult to do without the fraudulent activity occurring in the first place and having to act before any losses are incurred. The key here is to establish as quickly as possible once a card has been compromised. The opportunity to do so is the test transaction that criminals offer before engaging in high value transactions, which boils down to the way intelligent fraud systems work by identifying unusual spending patterns, this is where red flags need to be raised.

If a card is used at a location that is known to be used to conduct fraudulent activity, a red flag should go up. Next, look for any unusually small transactions that may be used to avoid detection.  Fraud preventions systems should them be alerted to the possibility of fraud. And finally, when the small transaction is followed by a large transaction, providers have grounds to block the attempt.

However, in the real world these tips will not stop all fraudulent activity, as criminals generally mix things up to avoid detection the expression “you snooze, you lose” generally applies to them and they are in the business of making money. But with the right technology banks can keep them from getting away with your money.


Leave your comment