Be a Fraud Fighter for your Financial Institution
posted by Ryan Dutton on Wednesday, November 15, 2023 in SHAZAM Blog
As we wrap up International Fraud Awareness Week, fraud continues to be a major pain point for financial institutions. According to a 2022 survey, every $1 lost to fraud costs U.S. financial services firms $4.23, a 16.2% increase since 2020.
Here’s what our SHAZAM fraud specialists are noticing and what financial institutions can do to protect their cardholders.
Stay clear of social engineering scams
Social engineering is the act of tricking people to obtain their personal or confidential information. In these attempts, bad actors may call or text cardholders pretending to be a trusted financial partner or a representative of a well-known merchant. They will typically use fear tactics by alleging there’s a problem with a card, account, or recent purchase to trick cardholders into giving up their personal financial information. So far this year, we’ve taken over 3,000 calls where cardholders reported someone used those tactics to trick them into giving up their sensitive information, such as their login credentials or card info.
To help protect your cardholders, remind them to be skeptical of unsolicited calls or emails. Cardholders should also avoid giving out sensitive information over the phone or via email. Legitimate companies, like SHAZAM and your financial institution, don’t typically ask for sensitive information this way. In fact, it’s best to just hang up on vishing attempts.
Enumerative testing, aka BIN attacks
Cybercriminals are constantly trying to exploit big data and artificial intelligence to get their hands on cardholder information. We continue to see fraudsters conducting enumerative account testing to identify valued issued cards and figure out card issuance strategies.
To make it more difficult for fraudsters to make a brute force attack, it’s industry best practice to randomize card issuance in your assigned BIN range, including avoiding batch expiration data assignment. This decreases the odds of a successful attack and increases the likelihood of a bad actor moving on to find an easier target.
Small purchase now, big problems later
We continue to see fraudsters test the waters on any cardholder information they may have illegally obtained by making a small transaction, typically under $5. If a test authorization is approved, fraudsters then use the information to commit more fraudulent transactions or sell the information on the dark web.
The ability to detect these threats before they can cause damage is critically important. SHAZAM is always working on new fraud detection rules to stop account testing transactions before they become a hassle for cardholders. Our fraud escalation team constantly analyzes fraud cases and is always available to help explore custom research and rule strategy options to respond to issuer-specific fraud trends.
Your crime-fighting partner
SHAZAM never loses sight of what’s important when it comes to fighting fraud, and that’s the well-being of you, our clients and your cardholders.
SHAZAM’s Fraud Advisors™ helps your financial institution protect your cardholders and reduce fraud losses. This consultative and investigative service provides SHAZAM’s standard fraud offering but adds a structured and proactive solution, personalized just for you.
With Fraud Advisors, you’ll have a dedicated fraud consultant who analyzes, interprets, and recommends strategies based on your institution’s fraud performance. Plus, Fraud Advisor clients benefit from branded SMS alerts and access to a quarterly fraud user group forum.
Let a dedicated SHAZAM fraud consultant help your financial institution make smart decisions to fight fraud. Contact a specialist or your regional director to learn how to get started.
SHAZAM, Inc. and ITS, Inc. provide this blog for general informational purposes only. Our blog may be shared by a direct link wherein the content remains as originally presented and has not been altered. SHAZAM, Inc. and ITS, Inc. assume no responsibility for errors or omissions in the contents on the blog. By using this blog, reader agrees that the information published does not constitute nor is a substitute for legal advice which should only be sought from a qualified, licensed attorney.
comments powered by