Backpacks, Binders—and Fraud?

A new school year means it’s time for new school supplies, clothes and other essentials to help students prepare for the year ahead. It's a busy shopping season, and fraudsters are keenly aware of the increased swiping, tapping and clicking going on—and will attempt to trick shoppers into revealing their confidential card information.

Both financial institutions (FIs) and cardholders must remain vigilant to prevent unauthorized access to card details.

How Can FIs Help Their Cardholders?

Cardholders look to their FIs as trusted sources to ensure their card use is protected. Therefore, FIs must stay up to speed on advanced monitoring technologies to detect any unusual patterns or activities that may indicate fraud.

FIs can also implement systems such as tokenization and encryption to reduce the risk of fraud. Regular security audits can help identify potential vulnerabilities in a financial institution’s systems and processes, allowing them to address issues proactively and effectively.

In addition, maintain active communication with cardholders to inform them about the best practices for shopping safely as well as current fraud trends.

Share online shopping best practices

Cardholders should be aware that fraudsters are skilled at creating legitimate-looking advertisements, spoof emails and even fake websites to lure them into entering their card information to secure a good deal. To stay safe online, cardholders should:

• Look for "https://" at the beginning of the website's URL, rather than "http://". The "s" signifies a secure connection.
• Ensure a closed padlock icon is next to a URL, as this indicates the website uses SSL/TLS encryption to protect data during transmission. Clicking on the padlock icon may also reveal details about the website's SSL certificate.
• Watch for typos in URLs. Scammers often purchase domains that resemble legitimate brand names but are just one letter off, so people are unlikely to notice.
• Note whether the website is professionally designed with no typos in the copy. Images should also be clear (not blurred or pixelated). If they aren’t, this may indicate that they have been stolen.
• Look for contact information, such as customer service phone numbers and email addresses. Verify that they work.
• Ensure websites have clearly stated privacy policies and terms of service outlining how they handle user data. This is an indicator of a legitimate website.
• Search for unfamiliar brands on Google and look for reviews. People who have been victimized by scam companies often post reviews about them.

Inform them about current fraud trends

Card Not Present (CNP) Fraud

When a fraudster obtains stolen card information, including the card numbers and the cardholder's address, they can make purchases without having the physical card. This fraud often takes place through online transactions.

Account Takeover Fraud

Fraudsters employ various methods to gain access to a cardholder's online accounts, including phishing and malware. They can also obtain stolen credentials such as usernames and passwords through data breaches. Once inside an account, they can change account settings, passwords, make unauthorized transactions or open new accounts in the victim's name.

P2P (Peer-to-Peer) Payment Fraud

Apps such as Venmo, PayPal and CashApp may seem safe, but fraudsters can use these services to trick victims into sending money through them. These are often used in phishing scams and fake business transactions, directing victims to send money through P2P methods.

Skimming

Card readers that allow visitors to insert their cards are everywhere, including at ATMs, gas stations, self-checkout kiosks, and more. Fraudsters take advantage of this and attach fake readers to the outside of legitimate readers to capture data from a card’s magnetic stripe. The data collected is often used to create a clone of a card and make unauthorized transactions.

Shimming

Shimming is the use of a thin card reader that is illegally attached inside a legitimate card reader. This device is designed to capture data from the magnetic stripe on a card when it’s swiped. The stolen data can be used to create cloned cards and make unauthorized transactions.

Both devices used in Skimming and Shimming are often coupled with hidden cameras to capture PIN numbers. To combat this, cardholders should ensure they cover their fingers while entering PINs. Additionally, using the tap-to-pay option instead of inserting or swiping a card is more secure. Tapping uses Near Field Communications (NFC), also known as "contactless payment," which utilizes encrypted data that cannot be captured in the way the magnetic stripe relays it. However, it may only be a matter of time before fraudsters find a way to intercept that information as well.

Pickpocketing and stolen purses

Fraudsters aren't only relying on technology to steal cards; there is still the old-fashioned pickpocket and purse thief to be aware of. Cardholders hitting crowded back-to-school sales should be mindful of their surroundings and avoid distractions such as checking their phones or engaging in lengthy and unexpected conversations in public. Purses and wallets should not be left unattended on a table, the back of a chair or in a car.

Share These Best Practices and Trends with Your Cardholders

FIs can inform their cardholders about these best practices and trends through email campaigns, within statements, on in-branch flyers, posters and through other communication channels available to them. As fraud evolves, FIs should keep their cardholders informed about the latest trends.

How can TransFund Help FIs Manage a Fraud Situation?

TransFund encourages FIs to anticipate fraud attacks before they happen. If you’re a current client, proactively reach out to your Relationship Manager and inquire about a fraud risk review, analysis of the controls you have in place, as well as options that could enhance your—and your clients’—security.

Not a TransFund client? Contact us to learn more about our fraud services.