CNP Fraud Basics
Common Online Fraud Schemes
A 2010 RSA Security report found that the black market price for stolen credit card numbers with the CVV number was from $1.50 to $3, SSNs and dates of birth went for the same price, Zeus Trojan kits sold for $3,000 to $4,000, and login credentials for online bank accounts sold for anywhere from $50 to $1,000 depending on the type of account and balance.
Fraud Prevention: Strategies & Techniques
Everyone has their own vocabulary and language to talk about how they prevent fraud:
Rules, strategies, business processes, checklists, weights, techniques, tools, tests, modules, applets, policies, procedures, queries, lookups, investigations, reviews, requests, confirmations, qualifications, audits, compliance, verifications, quality assurance and quality control.
History of Fraud Online
Fraud has been around long before eCommerce, but since the beginning of eCommerce in 1994 fraud has evolved at a much faster rate ranging from the use of famous names to fraud rings and organized attacks.
How Do Merchants Get Paid In CNP?
While a fraud manager's primary goal may be fraud prevention that is not the only goal for the business who strives to increase revenue, reduce costs and minimize losses. These goals can be in direct conflict, and as a fraud manager your job is to balance these goals to ensure maximum profitability.
How Fraudsters Steal from Merchants
There are certain characteristics for a transaction or buyer that can identify different categories of fraud. Only after a merchant spots the type of fraud attacks they are seeing can they know the best way to stop them.
The Internet Crime Complaint Center publishes an annual Internet Crime Report each year giving the statistics and summaries for the many types of internet crimes that were reported to them. In 2010 they received over 300,000 complaints.
Understanding the Law & Fraud Prevention
The Payment Card Industry maintains a set of Data Security Standards (PCI-DSS) which any organization that stores, processes, or transmits cardholder data must comply with. Some the requirements include encrypting transmission of cardholder data across open or public networks and maintaining a policy that addresses information security.