Combating Transaction Fraud
We have all heard the news that data breaches and the subsequent identity theft of all types is the fastest growing crime in the US today. More people and businesses are being impacted for larger dollar amounts − witness the impact of the Target and Home Depot breaches. Unfortunately, there is no such thing as a 100% solution to prevent fraud that doesn’t require so much scrutiny that it also stops business and thus becomes counterproductive.
Neither consumers nor companies can afford to be crippled when confronted with all the vectors which crooks can use to perpetrate fraud. Commerce will continue to grow and devices to complete the commerce will also continue to take on different forms. In order to combat the threats the solutions must be taken on by both sides of the transaction. Most people think of a transaction as using their credit or debit card to make a purchase. However, the definition of transaction goes beyond that to include interactions with business like cable companies, utilities, and banks. Transactions can be monetary or non-monetary and both need to be secured more effectively by both the consumer and the entity on the other end of the transaction.
Securing a transaction comes down to one simple question – is the person attempting the transaction who they claim to be. If that question can be answered with a ‘yes’ then continue with the transaction. Obviously the flipside would be to stop the attempt and either add scrutiny or terminate. So, we have a simple question to answer, the hard part is how to answer it.
The FFIEC provided guidance in 2011 and is expected to either amend the 2011 version or provide new guidance shortly. In 2011, the FFIEC referenced a multi-layered security program as being essential to combat the threats that existed at that point. That suggestion is more relevant now than ever due to the growing capabilities of those perpetrating fraud. Malware continues to evolve as quickly as defenses are built. Man in the Middle and Man in the Browser attacks are also more sophisticated with each passing day.
For businesses it is increasingly important to have a strategically layered approach to fraud prevention. The foundation for the strategy lays in the policies that are set at the business level. In addition to that the layering includes device monitoring, account monitoring, and transaction limits or thresholds. Each of these three can be changed on a periodic basis which makes it more difficult for the crooks to hone in on threshold limits.
One of the premises of multi-factor authentication is using at least two of these options:
- Something you have – ATM card or phone
- Something you know – password or PIN
- Something you are – fingerprint or voice
Multi-factor authentication has been in practice for quite some time with debit cards and PIN as well as in other forms. As technology adapts and improves, additional forms of multi-factor authentication will become more the norm. Using something you are will be more commonplace as that information becomes consumable.
In addition there is a greater push to standardize authentication processes. This poses both risk and reward. The reward being that consumers will have a greater comfort level with a more universal standard. The risk is that, unless the standards can be adaptable, the target becomes static and the crooks will figure out a way to beat them.
Securing the transaction, in whatever form the transaction comes in, will be an ongoing battle as long as there are transactions taking place. Utilize a strategy that is based in company policy that is flexible, strong and thorough and you will stay ahead of the fraudsters.
Recommended For You
A Two-step Authentication Approach Consumers are always on the go, using digital devices to make purchases, check account balances and […]
The CERCA Spring Conference, held on May 16, capped a broadly successful 2018 filing season that saw tax identity theft reduced by […]
The growth of identity fraud shows few signs of slowing and technology has enabled easier access to consumer data that […]
Fraudulent account activity and identity fraud are both significant drains to today’s business resources. In the era of online and mobile commerce, […]