POP Center Home Problems Check and Card Fraud 2nd Ed Page 3 Show
Responses to the Problem of Check and Card FraudYour analysis of your local problem should give you a better understanding of the factors contributing to it. Once you have analyzed your local problem and established a baseline for measuring effectiveness, you should consider possible responses to address the problem. This section reviews what is known about the effectiveness of various practices in dealing with check and card fraud. Unfortunately, most measures used against check and card fraud have been swiftly met with alternatives, particularly with the pace of technology. For example, ATMs were placed within office lobbies or other enclosed spaces to protect against robberies. However, these physical barriers did not prevent thefts, as fraudsters use skimmers and cameras to capture card information, or manipulate the magnetic strip of the card to increase withdrawal amounts. Regardless, the pace of these changes have rarely been evaluated for effectiveness, although institutions have reported lower rates of check or card fraud after implementation. The government has funded little research in this field, generally regarding it as the private sector's domain. The private sector has focused on this issue due to the frequency and amount of loss stemming from cyber-attacks and methods. The following response strategies provide a foundation of ideas for addressing your particular problem. It is critical that you tailor responses to local circumstances, and that you can justify each response based on reliable analysis. In most cases, an effective strategy will involve implementing several different responses. Do not limit yourself to considering what police can do: give careful consideration to others in your community who may share responsibility for the problem. It will be essential to work closely with local businesses and community groups. The most effective program to reduce check and card fraud reported to date involved banks, retailers, business associations, database administrators, and local, regional, and national police.[33] General Considerations for an Effective Response StrategyAs noted, local police can do little on their own to prevent check and card fraud. In many cases, you will have to persuade local bankers and merchants to act. You may have to explain why police can achieve little using traditional responses such as surveillance and arrest, and why heavier court sentences are of limited value. You may want to explain to merchants that the way they process check and card payments may be contributing to the problem. You may have to convince retailers and bankers that they cannot ignore the problem, because the costs to the community are too great and, in the long run, the stores and banks themselves suffer. Finally, you will need to advise them on preventive measures they can take to reduce the problem. It is important that responses be selective and based on a thorough understanding of the particular circumstances. For example, fraudsters often target high-priced electronic gadgets and appliances because they promise more cash.[34] Or, it might be better to concentrate on preventing check and card fraud by casual offenders, who are easier to deter, than to focus on the much smaller number of "professionals," who are harder to defeat. Again, such choices depend on your local circumstances. In framing advice, you must think carefully about the nature of the risk, which varies greatly depending on the kind of store and goods offered; the types of cards accepted; the store’s check-cashing policies; and the store’s or bank’s marketing practices. These factors determine the nature of the remedies. Department stores with huge turnovers of expensive goods can afford to spend much more on security than small retailers can, and their corporate headquarters often dictate security procedures.† In all cases, you must appreciate stores' need to make a profit. It cannot be emphasized enough that the success of your efforts will depend heavily on how well you can convince local retailers that improved security procedures can and do increase the bottom line. In making your case, you may need to
† Most large retail stores now have standard antishoplifting technology, such as item tagging, tracking, etc. However, such technology cannot prevent card fraud at checkout. People commonly do not notice their credit cards are missing until a day or more after their loss. Unlike shoplifters, card fraudsters are in no immediate risk of being detected or of setting off alarms. Thus it may be expected that, as technology makes shoplifting more and more difficult, thieves may turn more to card fraud. Working with Businesses1. Raising responsibility awareness. As noted, many card issuers and banks do not hold cardholders liable for losses if their card is lost or stolen. Nor, in many cases, do they hold the merchant who accepts the card liable. Similarly, although merchants and banks incur losses from bad checks, they are reluctant to implement the security procedures necessary to prevent these losses, because they believe customers (especially regular customers) are “turned off” by being asked for ID. Yet research has shown that simply requiring two forms of ID for check cashing can significantly reduce the rate of fraudulent checking (see response #3). You must convince card issuers, banks, and merchants that any monetary losses due to fraud are serious losses both to them and to customers (who, of course, eventually bear the ultimate loss through higher prices and higher card interest rates). Perhaps worse, though, is the harm done to the community when identity theft is part of the fraud, because of the loss of trust it causes.‡ All parties concerned must be convinced of their responsibility:
‡ The 2000 British Crime Survey (Home Office 2000) found that 50 percent of respondents reported being fairly worried or very worried about credit/bankcard fraud—more than for mugging/robbery or physical attack. 2. Increasing the reporting of fraud. You should try to persuade local retailers and bankers to report fraud so that you can get some estimate of both the extent and the pattern of the problem. Most financial institutions require consumers to file a police report of the incident for record; however, it is important for the police department to treat this as a crime, not just a courtesy or non-victim offense. Capturing specific details about the offenses (e.g., time(s) of offense, method detected, type of card, financial institution, quantity of loss, location of purchase) can assist in identifying specific preventive efforts for action, rather than merely adding information to police records. You must also consider a strategic communication plan to handle perceptions of merchant reputations and increased reporting of fraud. Unless there is an active and positive program linked to reporting fraud, negative publicity can easily ensue.[35] 3. Verifying checks, cards, and users. Check and card manufacturers have introduced an impressive array of technological features that make counterfeiting or alteration very difficult. However, two significant facts work against them:
Thus, while local police may not be able to get at the source of many counterfeit cards, they can do something about where counterfeit cards and checks are used (checkout), if they work with the merchants concerned. You can do much to inform merchants about modern verification procedures, particularly small businesses that, unlike large retail chains, may not have ready access to account and cardholder databases. Many police department websites offer lists of specific actions merchants can take to detect check and card fraud at checkout. In general, sales clerks must do the following:
Researchers have shown that adding simple security procedures can significantly reduce check and card fraud. In one U.S. study in a retail store,[37] a system that used picture IDs of customers who paid with credit cards reduced fraud by over 80 percent. Furthermore, retail stores (especially supermarkets) have found that customer databases that issue customers ID cards can also be used as an effective marketing tool to advertise special sales and promotions. A study in Norway[38] showed that legislation requiring people to show two forms of ID when cashing checks reduced check fraud by over 80 percent.§ § Since the late 1990s, U.S. retailers have increasingly required a customer thumbprint (using special invisible ink) to accept checks. Some police departments provide the ink for free to local retailers. However, unless police work closely with retailers, retailers may fear this requirement will have a negative effect on customers, who may consider it an invasion of their privacy (even though the print is used only if the check turns out to be fraudulent). While these simple measures seem obvious and commonsense, if you visit any retail store and observe the security procedures for verifying checks or cards, you will see that sales clerks rarely or only casually use the ones described here. As noted, merchants often do not implement such procedures because they fear the negative effect they may have on sales. There is, however, no research to justify this view—although there is research that suggests that checkout delays do reduce sales. Therefore, you must take these concerns into account if you try to get local merchants to change their security procedures. Simply informing them about security possibilities is not enough. To avoid the negative effects of checkout delays, a carefully planned system has to be developed. This may require the input not only of the merchants, but also of security experts. The recent implementation of EMV card technology within the United States may also impact the perceptions of merchants and consumers. It should be noted that will the transmission of the financial transaction is encrypted, this does not prevent against fraudulent use of cards. The EMV technology encrypts the transmission of the consumer’s information, merchants’ information and bank information, which is intended to protect against cyberattacks and data exfiltration attempts by hackers. While the replication of an EMV card is more difficult for fraudsters, the technology has been replicated in fraudulent cards and other alterations to the card technology has been used to allow sales or ATM withdrawals to occur.[39] Finally, an evaluation of the program’s effectiveness must be built in to show that the savings from frauds prevented more than offset the cost of implementing the program. Without this assurance, retailers are unlikely to adopt security procedures.† † A simple, inexpensive, and quick procedure that can be done without checkout delays is to use black light to check for counterfeit cards. All major cards (MasterCard, Visa, American Express, and Discover) contain images that are visible under black light. The Troy (N.Y.) Police Department has successfully implemented this procedure. 4. Training checkout staff. As noted in the previous response, introducing new technology and procedures to identify illegal credit card use or fraudulent check cashing will be of little help if the staff who are required to check IDs are not trained to do so effectively. Ideally, a combination of technology (e.g., biometric techniques) and procedures that make identity verification independent of sales clerks’ judgment would be the solution. Both the introduction of PINs and biometric techniques have shown initial impacts to point of sale fraud transactions; however, the endurance of these programs by merchants, or the consistency among checkout staff over time, varies and can allow fraud to occur.40] In the meantime, there are three important ways you can help businesses train staff:
As with other responses in this section, you will need to gain a considerable amount of trust from businesses—and, where appropriate, security professionals—to participate in staff training. You must make your role and goals very clear to businesses, so they know you are not out to find something amiss in their business practices.‡ ‡ Unfortunately, there are merchants who set up bogus companies to collude with co-offenders to process fraudulent purchases made with credit cards, or to defraud honest cardholders. Merchant-alert databases have been successfully used in the United Kingdom to identify fraudulent merchants and warn honest cardholders of possibly risky locations and businesses (Levi and Handley n.d.). 5. Reducing card application fraud. By far the biggest contributor to application fraud is the huge volume of invitations to apply for cards sent out in the mail every day, and available on the Internet. Fraudulent applications are very easy to complete using false personal information.[42] In general, local police cannot do much about this—it is a problem of national and international proportions. However, there are three types of local card application fraud:
6. Using information to fight online card fraud. Offenders make online or telephone card-not-present purchases from retail stores that are most likely out of state or even abroad, beyond local police jurisdiction. A significant amount of card application fraud also occurs when people apply for cards either online or by telephone. As distant as such frauds may seem to local police, the fact remains that they are committed by people who live in particular jurisdictions, and at the other end, fraud victims, whether merchants or individual cardholders, also live in particular jurisdictions. Depending on your department’s resources (some large departments have specialized fraud and electronic-crime squads), you can take some practical steps (limited though they might be) to counteract at least the effects of fraud, and perhaps prevent some of it from occurring. You can do this by using the most powerful tool available in the 21st century— information:
Useful Internet Sources
Most states have websites for their attorney general’s office, many of which provide updates and advice on current and past scams.
§ Visa claimed card fraud reductions of up to 20 percent after it introduced software that detected unusual spending patterns (Maremont 1995). The obvious difficulty with this response is that it does not focus as much on a specific crime as is usual in problem-oriented policing, but instead entails a more general approach of enhancing police-business relations. Thus, although it may help in implementing some of the other responses described in this section, it may be difficult to evaluate its specific effects on online credit card fraud. 7. Tracking products. Legitimate cardholders sometimes use the following techniques to commit online card fraud:
In the first case, local police can do very little. But in the second, they might work with delivery companies to locally track items bought online. Tracking technology is common for retail and other business, and it is certainly at the operational core of USPS, UPS, Federal Express, and other delivery companies. Small transmitters are rapidly replacing bar coding, the most pervasive tracking technology of the late 20th century. These transmitters can be placed on retail items (they have proved particularly effective in reducing shoplifting),[43] vehicles (including delivery vehicles),[ii] pets, livestock, and even people. They can be programmed to hold substantial information and to transmit location. Such devices make the recovery of stolen items much easier and can precisely track the delivery of products. Indeed, some companies already provide this service for stolen cars and trucks.[44] Because of the massive increase in online retailing, many more products are delivered to the home, creating opportunities for theft during shipping. The following are ways you can help businesses verify product delivery and detect possible card fraud:
The amount of card fraud committed through non-delivery claims is probably quite low, though there are no data to support this assumption. There may be high rates of product theft from delivery vehicles in some densely populated urban areas.[47] You may have to balance your delivery-monitoring efforts against competing demands on police time. But bear in mind that your responses to delivery theft may also work in reducing other crimes, such as selling stolen goods, returning stolen goods for refunds, and shoplifting. 8. Raising perceptions of wrongdoing and risk. Reminding would-be shoplifters that shoplifting is a crime and warning them that they will be prosecuted can help reduce shoplifting.[48] Stores commonly post signs to that effect. As noted above, making purchases via check or card fraud is a form of shoplifting, but with much less risk. A simple sign such as “WE REQUIRE ID FOR CHECKS AND CARDS” indicates that the business takes IDs seriously. Sign placement may depend on a store’s particular patterns of theft, procedures for processing check and card payments, and ways of dealing with customers. Putting up a sign costs very little, and monitoring its effectiveness is relatively straightforward. Of course, this presumes that stores keep records of check or card fraud incidents. Community Partnerships9. Educating cardholders. Although cardholders are not liable for losses if their credit cards are lost or stolen, they may be liable for many other card-related thefts. And if their entire identities are stolen, they may suffer considerable financial loss. Customer education concerning practical precautions to avoid identity theft, including credit card and bank account access, may contribute substantially to preventing fraud. These precautions may include:
Who should tell cardholders about these precautions? Local police do not have the ready access to customers that merchants and card issuers do: it is much easier for merchants and card issuers to provide crime prevention information along with customer bills and statements, or on ATM welcome screens. However, police have taken proactive steps to inform their residents through websites, social media (e.g., Twitter, NextDoor) or newsletters.[50] While past programs have focused on senior citizens, or youth/young adults, the majority of card fraud occurs among people ages 25 to 64 years of age (see Figure 2).[51] Here are some strategies for increasing awareness among groups within your community:
Of course, the effectiveness of these programs will be difficult to measure, since it requires a broad approach directed at affecting future behavior. Figure 2. Victims of at least one identity theft incident with financial loss in 2012 and 2014[52]10. Publicizing the costs of fraud. Perhaps the biggest challenge in dealing with fraud is changing attitudes toward it. Offenders typically view merchants and banks as rich and able to afford losses from fraud (one of their “excuses” for breaking the law).[53] Card issuers view fraud as a cost of doing business. Police must allocate scarce resources where they are most cost-effective. It seems reasonable, then, given merchants’ reluctance to report credit card fraud and banks’ reluctance to report check and debit card fraud, for police to give such crime a low priority. Yet don’t merchants—who pay taxes—have at least some right to expect the police to “do something” about fraud when it directly affects their businesses?[54] The problem here is one of perception: who does fraud harm, how much harm does it do, and who is responsible for preventing it? One response is to publicize what is known about fraud—emphasizing its financial and human costs, and spelling out the steps people can take to avoid becoming victims. Response #2 entailed working with businesses to increase the reporting of fraud, and response #1 suggested ways of raising responsibility awareness among merchants, card issuers, and customers. The most direct and—probably—effective way to reach all those affected by fraud is through the local media or social media outlets, which tend to be very interested in reporting on crime victims.[55] Police could write a piece outlining the costs to both victims and police: for example, it can take victims up to three months to straighten out credit problems caused by stolen identity, and may cost police up to $20,000 to investigate a case of identity theft.[56] As usual, you must take care to ensure that any publicity is linked to a planned prevention program agreed to by local business associations and merchants. 11. Collaborating with colleges. College students using campus computers have committed some of the major hacking offenses.[57] Offenders have committed other crimes, such as stalking and pornography-related offenses, using Internet cafes and public libraries. As part of your overall strategy, you might work with college computer departments, to make sure that they have established a clear and publicized policy on campus computer use, outlining users’ rights and responsibilities, and that they can track computer use if a hacking incident is traced to the campus. In addition, colleges are increasingly adopting “smart” cards that students use to charge meals and buy items from campus stores. You should work with colleges to make sure they have taken precautions to prevent fraudulent use of such cards and, if possible, work with campus security to educate students about fraud prevention. There is some indication that a fraud prevention program may work best if combined with programs to prevent other common campus crimes,[58] such as shoplifting and mobile phone theft. Bear in mind, though, that different colleges have different traditions and policies regarding local police participation in crime prevention. They also carefully guard information about crimes occurring on or near campus, for fear that publicity may adversely affect college applications. You should be sensitive to this issue and be aware that collecting the necessary information or data to measure the effectiveness of crime prevention programs may be difficult. Enforcement12. Monitoring fencing outlets, pawnshops, and online auctions. A major problem for check and card fraudsters is converting goods into cash. At the local level, you can be sure that the existence of fencing outlets may substantially contribute to fraud and to retail theft, in general.[59] Thus you should monitor any known outlets, as well as monitor the flow of new items into pawnshops and the sale of goods through online auctions. Local regulations for pawnshops and their collection of transaction data can assist investigations in identifying organized rings of fraudsters; however, the common use of pawn shop data bases (e.g., LeadsOnline, PawnMaster) in legitimate pawn shops may deter fraudsters. The majority of auction websites now list the sellers’ locations—though these tend to be broad regions. However, since research has shown that card fraudsters tend to operate some distance from home,[viii] the broad regional information is probably accurate enough. To make monitoring the sale of stolen goods of use in preventing fraud, you will need to have a close working relationship with retailers, so that you can track the items. Phishing, corporate account takeover and other email scams are a large entry point for fraudsters. In 2015, an Omaha, Nebraska commodity company lost $17 million as a result of an email scam among employees.[61] In 2016, the FBI reported multiple businesses fell victim to the “CEO Fraud” scam, resulting in a $2.3 billion-dollar loss across several businesses.[62] These scams change often, in order to further collect private information on individuals and businesses. Here are a few websites that track latest scams and inform consumers quickly with techniques and preventative measures:
Again, unless you have help from an ISP or a computer crime expert, you may have difficulty determining the location of the people operating the scams. As suggested in response #6, you should keep in close contact with nearby police departments that have specialized computer crime departments, local bank Financial Intelligence Units, and the relevant state and federal agencies that monitor Internet fraud. You can also check with the Better Business Bureau or other local consumer-reporting agencies to find out if there have been scams in your area. 14. Targeting high-risk merchants. Rates of check and card fraud vary enormously, both between different chains and between stores in the same chain. One study reported that recoveries per fraudulent check ranged from approximately one in 268 for one large chain, to one in 24 for another in a similar line of business.[63] You must develop a systematic way of collecting fraud information, so that you can identify high-risk merchants in your area. If collecting incident data is initially impossible (and it probably will be), you should try other avenues such as working with business associations to get a rough idea of which businesses are victimized most. It is likely that offenders target particular types of stores (such as large electronics stores, or higher end stores for card fraud, and supermarkets for check fraud). Or they may target particular stores because they are considered “easy.” Using crime mapping,[64] perhaps with assistance from specialized task forces in the region or from larger police departments nearby (see next response), may also help in identifying high-risk merchants. Once you have identified them, you should try to build a working relationship with management to implement fraud-prevention measures.
Responses with Limited Effectiveness16. Conducting crackdowns. There are some difficulties with crackdowns. If, by “crackdowns,” we mean intensive campaigns to publicly catch and arrest perpetrators of check and card fraud,† then we face a serious problem in police-business relations. This is because retailers, and even bankers, have a longstanding belief that a strong police presence on or near their premises, especially when arrests are likely, contributes considerably to negative customer attitudes that translate into decreased business. The reluctance of merchants to use thumbprints to verify ID, even when strongly pressured to do so by police, illustrates this problem. † If crackdowns are to work—and they do in some cases, for some crimes—they should be carefully tailored to work with the other responses described in this guide. See the POP Guide on The Benefits and Consequences of Police Crackdowns. 17. Implementing business watch. The popularity of Neighborhood Watch has spawned some attempts to use that approach for businesses. However, unless business watch is clearly oriented toward solving a specific problem (e.g., the reduction or prevention of check fraud at supermarkets), in contrast to reducing business crimes in general, it is likely to fail for want of focus, enthusiasm, and participation. Business owners must have specific crime-prevention goals if they are to devote the time and effort needed to make the program work.[68] 18. Handling offenders through means other than the criminal justice system. Check and card fraud offenders who are reported to the criminal justice system tend to receive a low priority in processing, resulting in extensive case backlogs.[69] Rather than formally report people who commit crimes against businesses (e.g., shoplifting, drug- and alcohol-related misdemeanors, vandalism), many jurisdictions opt for informal procedures, issuing warnings to offenders, requiring that they compensate their victims, and/or requiring that they get counseling. These alternatives to the regular criminal justice system are usually reserved for juveniles and depend heavily on community—and, in the case of shoplifting, business and shopping mall security—involvement. No research exists on whether these alternatives would work for check and card fraud, nor has research established the extent to which juveniles are involved in such fraud. What data are available suggest that check and card fraud offenders tend to be adults, with an occasional preponderance of drug users and college students. However, without research that examines the entire range of behaviors that make up check and card fraud, it is difficult to predict whether any criminal justice or quasi-criminal justice procedures that effectively address shoplifting could also be applied to fraud. 19. Conducting publicity campaigns. We have recommended establishing educational programs to help people avoid being fraud victims (response #9), and publicizing the economic and human costs of fraud (response #10). These responses must be part of a broader business and community initiative, not solely a police initiative (as with “lock your car” campaigns). In fact, a study of a Stockholm, Sweden campaign failed to demonstrate any measurable effect on the rate of theft from cars. The campaign looked more promising, however, when combined with security measures such as environmental changes to enhance natural surveillance.[70] What uses software to enable a physical server to emulate the hardware and computing capabilities of one or more servers?Virtualization uses software that simulates hardware functionality to create a virtual system, enabling organizations to run multiple operating systems and applications on a single server.
What is data that a computer accepts and processes is called?Data Input- the collected data is converted into machine-readable form by an input device, and send into the machine. Processing is the transformation of the input data to a more meaningful form (information) in the CPU.
Is an abusive or insulting message in online communication?Internet harassment, also referred to as “cyberbullying”, is the term used to describe the use of the Internet to bully, harass, threaten, or maliciously embarrass. It can involve behaviours such as: Sending unsolicited and/or threatening e-mail.
What is the process of initiating contact between two Bluetooth devices?Pairing is the process when two devices initiating communications. During this process, each device authenticates with the other by entering a common pass-phrase. Once devices successfully pair with each other, they encrypt the payload of their packet transfers using 128-bit encryption.
|