Point-of-sale (POS) security breaches, like those at Home Depot and Target, are a major concern for financial institutions. Banks must protect their customers from fraud, knowing that many have had identifying information stolen during these breaches. Experts are now predicting that financial institutions can expect an even greater number of attacks in the coming months.
In an attempt to stop these breaches, the US is slowly migrating to the global Europay, MasterCard, Visa card standard (EMV), which processes transactions with a microchip and pin number (“Chip and Pin”) instead of the easy to counterfeit magnetic strip in use today. But, according to Bob Russo of the PCI Council, this transition will mean a significant rise in fraud in the short term. Hackers see their window of opportunity shrinking, and will increase the scale and frequency of their attacks to get as much information as possible before the new chip and pin technology goes into effect.
“These hackers [will] take advantage of, at least in the face-to-face environment, getting this credit card data,” said Russo. “As we saw in other, mature EMV markets, typically the fraud is going to go up before EMV becomes embedded here in the United States. So, get prepared, for fraud is coming, and it’s coming very, very strongly.”
We discussed in an earlier post how fraudsters are using stolen POS information to launch fraud attacks over the phone channel. These breaches often provide enough information for a fraudster to launch account takeover attacks against banks that rely on Knowledge-Based Authentication (KBA) questions. As more stolen data becomes available in the coming months, banks should expect phone fraud attempts to increase.
Pindrop co-founder and CEO, Vijay Balasubramaniyan, recently moderated a panel discussion of cross channel and cross enterprise fraud at the Financial Services Information Sharing and Analysis Center (FS-ISAC) Fall Summit in Washington, DC. There, security leaders from Bank of America, E*TRADE, Citi, and TD Ameritrade discussed the technical and organizational changes required to stem these attacks. As one speaker put it, “We used to ask: what if one of out customers is breached? Now we have to ask: what if all of our customers are breached?”
Pindrop continues to help banks and financial institutions fight phone fraud. Pindrop’s Fraud Detection System (FDS) is used by call centers, automated systems, fraud investigation and incident response teams to quickly evaluate callers as part of their anti-fraud and transaction approval processes. FDS allows financial institutions to reduce the burden of proving identity on their customers while improving their prevention of fraud through identification of deception techniques such as call spoofing.
Fraud attempts may increase before the EMV Chip and Pin rollout completes, but the technology to defeat these fraudsters in the phone channel is now available.