As I sat in the taxi in Jackson, Mississippi, waiting for the cab driver to “call in” my credit card because he had no credit card machine or app on his flip phone, I cringed. Just four days prior, I was teaching an ACFE webinar on travel fraud and here I was, hamstrung by an antiquated process that put my credit card at risk.Read More
ACFE Public Relations Specialist
At the beginning of a New Year, many people set goals to embark on a healthier lifestyle. But while you promise to exercise more, or eat less junk food, it is wise to take some time to think about how healthy you are in regards to fraud. All consumers are susceptible to fraud, but many don’t know simple steps they can take to protect themselves. Here are a few simple things you can do in 2016 to protect yourself:
Pay attention to the features of your credit card
On October 1, 2015 all major credit cards in the U.S. were supposed to be switched from using a magnetic strip for authentication to using an embedded EMV chip. In theory, this change is supposed to add an extra layer of security as the embedded EMV chip would create a unique code for each transaction as opposed to just imparting the full credit card data. However, according to a creditcard.com survey, more than 40 percent of consumers had yet to receive EMV cards by the October 1 deadline. In addition to card issuers not sending the new cards, many Americans mistook mail containing the new cards as junk mail and threw them out.
Since transactions using chip cards are harder to hack, fraudsters will no doubt focus much more heavily on stealing data from transactions using only magnetic strip technology. If you have not received an EMV chip card from your card issuer, or if you believe you might have accidentally disposed of the card, it is important to contact the card provider right away and request that a new copy be sent. Also, if possible, try and shop in stores that have working chip-readers integrated into their point-of-sale system. The technology is not fool-proof, but it will be more likely to protect against avoidable data theft.
Be more careful about what you post on social media
It seems like everyone is now using some form of social media on a daily basis, whether it be Facebook, Twitter or LinkedIn. While these can serve as good tools to keep abreast of the lives of friends and family, or to maintain professional connections, they can also help hackers who are trying to steal identities. Something as simple as putting your full birthdate on any social media can allow fraudsters to hack into your important financial accounts.
Some important rules to abide by include never posting your full birthdate, primary email address, hometown, driver’s license number or social security number on any public forum. It is also a good idea to have one constant answer to security questions that is not a logical answer (for example, answering “porcupine” to every question, regardless if it asks what city you were born in, mother’s maiden name etc.) Changing passwords frequently can help, as well as avoiding common password themes such as the names of pets, children or spouses. Another tip is to avoid installing or using applications made available through social media, as they often do not have the same level of security as the social media platform and create an easy back door for hackers to get through.
Protect your tax refund
Every year, hundreds of thousands of Americans request their tax refund and are told it has already been claimed. This is not a new scam, but unfortunately it continues to happen despite what controls are in place at the IRS. ACFE Guardian Award winner Brian Krebs suggests that tax payers file their taxes as early as possible in order to beat would-be thieves to the punch. Another way to prevent refund fraud is to closely monitor your credit score. Consumers can get a free credit report once every year from three different bureaus, so your best bet is to request your credit score from one bureau every four months to see if there is fraudulent activity.
If your tax refund is stolen, you can contact the IRS and fill out forms to officially alert them that the fraud has occurred. That alert can be crucial to helping law enforcement eventually catch the fraudsters responsible for the theft.
While these steps cannot guarantee total immunity from fraudsters, they are simple things that can help you make 2016 a year without fraud.
FROM THE PRESIDENT
James D. Ratley, CFE
ACFE President and CEO
Verifying a credit card purchase with a signature is less burdensome to a consumer than having to remember a four-digit personal identification number (PIN). Unfortunately, it is also considerably less secure. According to a recent CFO article, the Association for Finance Professionals found in its 2015 Payments Fraud and Control Survey that 61 percent of respondents believe chip and PIN will be the most effective authentication method for mitigating fraud, while only 7 percent saw chip and signature as most effective.
In the coming weeks and months, several major U.S. banks will roll out new credit cards with embedded computer chips for added security. Rather than combining this technology with a PIN, as implemented in countries in Europe, Latin America, the Asia-Pacific region and elsewhere, they have decided (for now) to use the more familiar and traditional verification method of a signature as a matter of convenience for customers.
U.S. credit cardholders must ask themselves which is more of a burden: completing their purchase using a PIN; or dealing with the fallout from a compromised account, stolen identity or damaged credit history? Most people would agree that the latter are frustrating and potentially life-changing burdens that far outweigh convenience.
Chip and PIN security measures combine to substantially decrease the risk of fraud. The technology is not new – European banks introduced it in 2002, and experts predicted then that it would become the global standard. Chip-and-signature authentication, by comparison, comes up short. Signatures can be copied or forged and do not offer the same level of security as a unique PIN known to the legitimate card holder.
Merchant groups agree. In a December 29th letter to the president and CEO of the Independent Community Bankers of America (ICBA), leaders of seven prominent U.S. merchant groups stated that “ignoring PIN technology leaves us all more vulnerable.” The letter goes on to explain: “’Chip-and-PIN’ has already shown success throughout the world and could reduce fraud losses in the U.S. by as much as 40 percent, according to the Federal Reserve Bank of Kansas City. The added security provided when each customer is given a unique personal identification number or PIN has already been shown to make debit card transactions 700 percent safer. Alternatives such as ‘chip-and-signature’ do not provide this level of security. Furthermore, PINs would also make ‘card-not-present’ transactions safer by adding another layer of authentication.”
The message to J.P. Morgan Chase, Discover, Bank of America Corp., Citigroup Inc. and other large banks is clear: consumer protection is paramount. After the massive data breaches involving Target Corp., Home Depot and other large retailers, Americans are looking for reassurance that their personal and financial information is secure. According to a Unysis Security Index, “the top three threats most worrisome in the United States in 2012 were identity theft, bankcard fraud and national security as it relates to terrorism.” More than half of Americans surveyed were seriously concerned about someone obtaining and using their credit or debit card information.
It is true that in today’s digital age, most individuals must remember a host of passwords and codes for various accounts and online activities, including existing PINs for any debit cards they might use. Having another PIN to remember certainly places a burden on the credit card holder. But it is not an undue burden when considering the added level of protection.
For its part, Target announced in the wake of its data breach that beginning early this year, all Target-branded credit cards and debit cards will include chip and PIN technology. If customers at nearly 1,800 Target stores across the U.S. can become accustomed to using a PIN to complete their credit card purchase, fellow Americans can follow suit. In fact, consumers will likely embrace the two-factor security as they have in Europe, knowing it is providing an increased level of protection from credit card fraud.
Certified Fraud Examiners (CFEs), the experts who investigate financial crimes around the globe, know the importance of preventing the next fraud before it occurs. In all frauds, including those involving credit cards, recovering the proceeds of the crime is often difficult or impossible. Whether it be the bank, merchant or customer, someone always loses. When a method such as PIN promises to decrease the incidence of fraud, it should be implemented.
Credit card fraud is a harrowing experience for the victim. Just ask those who spend months or years dealing with investigators, their bank, credit reporting agencies and others just to repair their credit history. The technology is here to better protect consumers from having to take such a journey. The sooner we collectively join our neighbors in other parts of the world in providing both chip and PIN technology, the better.