CNP Fraud Basics

A 2010 RSA Security report found that the black market price for stolen credit card numbers with the CVV number was from $1.50 to $3, SSNs and dates of birth went for the same price, Zeus Trojan kits sold for $3,000 to $4,000, and login credentials for online bank accounts sold for anywhere from $50 to $1,000 depending on the type of account and balance.

Everyone has their own vocabulary and language to talk about how they prevent fraud:
Rules, strategies, business processes, checklists, weights, techniques, tools, tests, modules, applets, policies, procedures, queries, lookups, investigations, reviews, requests, confirmations, qualifications, audits, compliance, verifications, quality assurance and quality control.

Fraud has been around long before eCommerce, but since the beginning of eCommerce in 1994 fraud has evolved at a much faster rate ranging from the use of famous names to fraud rings and organized attacks.

While a fraud manager's primary goal may be fraud prevention that is not the only goal for the business who strives to increase revenue, reduce costs and minimize losses. These goals can be in direct conflict, and as a fraud manager your job is to balance these goals to ensure maximum profitability.

There are certain characteristics for a transaction or buyer that can identify different categories of fraud. Only after a merchant spots the type of fraud attacks they are seeing can they know the best way to stop them.

Not all fraudsters are the same, they differ in their motivations, skills, techniques and potential activities.

According to the CyberSource annual Online Fraud Report total online fraud losses for U.S. retailers was $2.7 billion in 2010.

The Internet Crime Complaint Center publishes an annual Internet Crime Report each year giving the statistics and summaries for the many types of internet crimes that were reported to them. In 2010 they received over 300,000 complaints.

The Payment Card Industry maintains a set of Data Security Standards (PCI-DSS) which any organization that stores, processes, or transmits cardholder data must comply with. Some the requirements include encrypting transmission of cardholder data across open or public networks and maintaining a policy that addresses information security.