NEW YORK–Yelp ratings for online fraudsters? Essentially, yes, that’s how much of a “business model” for online fraud has developed, increasing the risks to credit unions and consumers substantially.
What is being done, and what are credit unions’ options. Those questions and others were at the heart of a panel discussion during CO-OP Financial Services’ THINK Conference here.
Participating in the panel discussion were Paul Love, chief information security officer, CO-OP Financial Services; John Buzzard, account executive and fraud specialist, CO-OP Financial Services; Chris Sibila, executive vice president, payments and technology, Elements Financial FCU, and Pedro Bizarro, co-founder and chief science officer, Feedzai. The discussion was moderated by moderated by Tracy Kitten, executive editor, BankInformationSecurity.com.
Here is a look at some of what was discussed:
Kitten: We have heard a lot about the digital underground and the dark web? What does that have to do with credit unions?
Buzzard: The dark web is something that hackers use in the same way we use this conference, to sharpen their own skills and to buy and sell stolen data. We have kind of moved from the monetization of just a card to other data, and it’s gotten so much faster. The fraudsters have transformed themselves in a digital fashion, too, and fraud can be done in hours and minutes. That marketplace is troubling, but there are plenty of companies that are really great that are out there that can help, let you know if your cards are being bartered or your brand impugned.
Love: They are getting faster and even have tech support in some cases for malicious software. It’s much more of a business model. Making sure you are monitoring this and are using software and other services to help you is the only way to keep up.
Bizarro: It’s not just tech support, they also have star ratings. Sellers allow you to identify the bank you want to buy (data) from, buy by expiration dates. You can even buy insurance if it doesn’t work. And you can write reviews.
Kitten: In an EMV environment, how much longer are we going to have to be concerned about these underground markets?
Sabila: I don’t know when it ends. Everyone is seeing the shift with EMV to card not present. I don’t know the underground will ever go away. It will shift. And it’s going to be up to us to adjust.
Bizarro: It’s an arms race. There was a big gap between what the fraudsters were able to do and where the defenses were. Years ago AI and machine learning was only available for the very large corporations, but now the big difference is that everybody can use them, and that’s what we’re working on with CO-OP.
Buzzard: We feel very threatened today. We know payment card data has value. But think about the things that 10 years ago didn’t have much value, such as personally identifiable data and maiden names and passwords. Today, that’s a big deal.
Kitten: There is all this data that’s out there; lots of PII out there, and will it be used to open new accounts and even get EMV cards. With that in mind, how do you encourage members to be more responsible for their transactional behavior?
Sabila: In the last seven months we’ve hired a dedicated fraud manager, and when I hired him I said you’ve got to pay for yourself. We’re not that big in terms of number of employees, but even with that we had different departments looking at fraud in silos. One piece for us has been education, where we have participated in on-site events (at SEG companies). On the other side, the real win is we continue to roll out the other alerts and tools to the members. They like to be informed, they like the warm fuzzy feeling of an alert. It’s awesome to hear when they get that alert they will call us even quicker than the (fraud company).
Bizarro: We heard of a situation where the fraudster took over a cellphone first, and then took over the account. I think the key word is relentless. On our side, we need to be looking at all sorts of ways of improving the ecosystem. On the other side, they will try everything. They will try all points of attack and will eventually find a weak spot. So we need to always be improving.
Buzzard: What has struck me over the last few days (at CO-OP THINK Conference) is that consumers are constantly comparing their digital experience overall with the digital experience we give them. Fraud has become this competitive issue to a certain extent. People are evaluating all the time. Meeting the expectations of the consumer is really important. They like to be in the driver’s seat and to be empowered. If they want to see every transaction over a penny, then that’s their preference. And if you can’t make them feel secure, there are five other people on the corner who can.