ZS
Uploaded byZachary Shaw
1,248 views

Holiday Season Fraud Forecast

The 2017 holiday season is forecasted to see a significant increase in fraud, partly exacerbated by the Equifax data breach that exposed sensitive information of over 145 million individuals. Retailers could lose up to $2.2 billion due to fraud, with card-not-present fraud rising sharply; consequently, both consumers and retailers need to adopt rigorous preventive measures to safeguard against burgeoning fraudulent activities. Recommendations include freezing credit, monitoring finances, securing online information, and being cautious of phishing and spoofing attempts.

Embed presentation

Download to read offline
2017 HOLIDAY SEASON FRAUD FORECAST AUTHENTICATION • CALL VERIFICATION www.nextcaller.com
2 HOLIDAY SEASON FRAUD FORECAST WELCOME TO OUR ANNUAL HOLIDAY SEASON FRAUD FORECAST While we may be a ways away from snowflakes and jingle bells, for fraudsters, the holiday season is well under way. Typically the most lucrative period of the year for nefarious parties, the addition of the recent Equifax hack -- possibly the worst cyber breach in his- tory -- means that the next couple of months may not be the most wonderful time of the year for consumers, retailers, and banking institutions alike. This report was developed by the team at Next Caller, in cooperation with AnglerPhish Security led by Brett Johnson, Former USA Most Wanted Cybercriminal, Identity Thief, and Hacker. This report was prepared in advance of the holiday season to inform businesses and consumers of criminal tactics and trends, assess the potential impact of fraud and identity theft, and suggest ways to protect against anyone who might not be making Santa’s “Nice” list this year.
3HOLIDAY SEASON FRAUD FORECAST TABLE OF CONTENTS 01 | Welcome Message from Next Caller 02 02 | Introduction 04 03 | Fraud During The Holidays 05 04 | The Equifax Effect 06 05 | The Equifax Effect: Why Age Matters 07 06 | Big Data Breaches: The Fallout 08 07 | Preventative Steps: For Retailers and Financial Institutions 09 08 | Preventative Steps: For Consumers 10 09 | Conclusion 12
4 HOLIDAY SEASON FRAUD FORECAST HOLIDAY FRAUD IS BIG BUSINESS Research by the National Retail Foundation found that retailers lose upwards of $2.2B due to fraud each holiday season. With the widespread adoption of EMV and the increase of online transac- tions criminals frequently turn to card-not-present (CNP) fraud. CNP fraud online increased by 31% for the 2016 holiday season, while the number of overall transactions only increased by 16%, as reported by ACI Worldwide. And while ACI also found that retail fraud attempt rates are highest around Christmas Eve and Shipment Cutoff day, many fraudsters have already started working on their 2017 holiday shopping lists. 2.2Bin annual fraud losses $
WHY EVERY FRAUDSTER IS READY TO JOIN THE PARTY 5HOLIDAY SEASON FRAUD FORECAST One of the most basic indicators of fraud is irregular behavior. This is a problem because during the holiday season shopping patterns naturally become more erratic and less predictable. During this period, which starts as early as October, consumers purchase high-priced items with greater frequency, ship items to addresses other than their billing address, request in-store pickups, use multiple forms of payment, open new accounts, and request increased lines of credit. Outside of the holiday season, these patterns would set off fraud indicators for retailers and financial institutions. However, the increase in this uncharacteristic behavior, combined with the sheer volume of activity, makes it nearly impossible for retailers and institutions to separate the good actors from the bad. And while these bad actors are hard to spot in the shadows, they’re surprisingly open when it comes to trading information, strategies, and tactics with each other over anonymous online forums. Recently, however, the sharing of this information has become a bit more decentral- ized with the FBI and Interpol shutting down two of the largest online cyber crime communities: Alphabay and Hansa Market.
6 HOLIDAY SEASON FRAUD FORECAST THE EQUIFAX EFFECT The severity of the Equifax breach is hard to understate. Essentially, it has provided fraudsters and hackers with the Holy Grail of stolen information. With access to the names, addresses, birth dates, Social Security numbers, driver’s licenses, credit card numbers, and dispute documents for more than 145 million individuals in the U.S., the type and scope of attacks is limitless. While the scale of the data breach is staggering, the false sense of security shown by consumers might be the most unsettling part of the Equifax fiasco. Referencing the Google Trends data below, the Equifax data breach caused rapid panic amongst U.S. residents. Internet searches for “fraud protection” skyrocketed to a yearlong high shortly after the breach in September: However, the fear factor quickly subsided with “fraud protection” searches returning to pre-Equifax breach levels. When we took a closer look by polling U.S. internet users to see if the Equifax breach has made them more con- cerned about becoming a victim of fraud this holiday season, over half (56%) said no. Additionally, 30% said that they are not taking any precautions to protect themselves from fraud and identity theft this holiday season. 56% 30%ARE NOT MORE CONCERNED WILL NOT TAKE MORE PRECAUTIONS AFTER THE EQUIFAX BREACH
AGE 18-34 33% AGE 55-64 57% AGE 18-44 34% AGE 45-64 54% 7HOLIDAY SEASON FRAUD FORECAST AGE MATTERS The data becomes even more interesting when considering the age of respondents. In fact, the level of concern with becoming a victim of fraud this holiday season after the Equifax Breach seems to be directly correlated to age. MORE CONCERNED WITH BEING A VICTIM OF FRAUD AFTER THE EQUIFAX BREACH However, this isn’t simply a case of stark differences between Generation Z and their Baby Boomer counterparts. The shift in concern appears to occur around those in their forties. While the differentiation in responses may in part be attributed to the younger demographic simply not having been directly impacted by fraud before, these digital natives are also used to sharing personal information online and have been witness to countless hacks and breaches over the years which could have a desensitization effect on their perceived threat levels. Many in this cohort may also believe that they don’t have the level of finances or credit to make them an attractive target. That rationale is particularly concerning as fraudsters are often looking to take advantage of lower credit score targets during the holidays when fraud standards are lowered. Furthermore, fraudsters today aren’t simply looking to steal money from bank accounts. They’re looking for any way to turn a consumer’s personal information into a large payoff.
ADDED ACCOUNT INFORMATION Criminals can use the dis- pute process put in place by banks, financial institu- tions, and credit agencies to add information to a victim‘s credit report without their knowledge. Once the infor- mation is added, the criminal can use it to their advantage in subsequent schemes. If a criminal obtains a victim‘s “fullz,” they can intentionally start a dispute process me- ant only to add information the criminal chooses to the victim‘s report. For example they can add a drop address to a victim‘s account that they will ship to later. PERSONALLY IDENTIFIABLE INFO The vast amount of stolen information will be used by criminals for years to come. Access to a victim‘s “fullz” (credit report, mother‘s mai- den name, background check, and all other personal infor- mation) helps fraudsters skirt common security protocols. Stolen PII can also be used to: - Take over cards, bank accounts - Open new cards, bank accounts - Open business bank accounts - Steal Social Security benefits - Order new cell phones - Get W2s to file fake tax returns - Apply for business loans, credit - Apply for personal, student, or home equity loans CREDIT CARD NUMBERS Certainly, any criminal can use a credit card to purcha- se things. With the amount of credit card numbers that have been compromised from the long, and growing list of data breaches this year, expect carding to be on the rise during the 2017 holi- day season. Fraudsters will be able to use a victim‘s credit card infor- mation -- card number, CVV code, and expiration date -- plus PII in order to take over the victim‘s account (ATO). After gaining control of the account, a criminal can buy, withdraw, or transfer at will. 8 HOLIDAY SEASON FRAUD FORECAST BIG DATA BREACHES THE FALLOUT FROM EQUIFAX To understand what types of schemes are possible this holiday season as a result the Equifax breach, it is important to examine exactly what information was stolen, and how it can be used by criminals. A NEW WAVE: SYNTHETIC FRAUD One of the lesser reported uses for stolen information is Synthetic Fraud: when a criminal creates a new identity based on fake information and an unused social security number. The synthetic identity can be used to open accounts and make purchases. With this breach, fraudsters can also create synthetic business accounts using stolen information in conjunction with synthetic personal identities (that use the real victim’s actual name) to commit fraud where financial institutions are left to foot the bill. Also, the consumer experiences collateral damage like a ruined credit score and having to permanently face stricter authentication protocols from being flagged as “high risk.” Stolen information is also used for much more than financial crimes. A common mantra within fraud circles is “All Crime Begins With Identity Theft.” Once a victim’s information is exhausted for financial gain, criminals can simply use their iden- tity to commit common crimes. In the case of Equifax, things like creating driver’s licenses present a limitless goldmine for “new” identities and criminal opportunities.
9HOLIDAY SEASON FRAUD FORECAST Along with consumers, retailers and financial institutions also have a bullseye on their back this holiday season. These tips will help businesses protect themselves, and their customers. PREVENTATIVE STEPS FOR BUSINESSES AND INSTITUTIONS Brick and mortar retailers are often overwhelmed during the holi- day season, especially during Black Friday and other themed sales events. During these times, agents and cashiers are frequently tar- geted, and are the last line of defense. In stores, cashiers should be diligent about following card protocols, like checking driver’s licens- es or requiring EMV chips to be used. When a retailer allows a cus- tomer to swipe a card that is EMV enabled, liability shifts to the busi- ness. Holiday season is also prime time for card skimming at both the ATM and POS location. Increase your physical security wherever possible. Also consider establishing a gift card hotline for financial institutions to report fraudulent gift card or stored-value purchases. While the entire holiday season can provide fertile ground for fraud- sters, the time between Black Friday and Cyber Monday is an espe- cially precarious one. In fact, there was a 20% increase in online credit card fraud during the 2016 holiday shopping weekend when compared to the same period in 2015, and a 34% increase in online credit card fraud from Black Friday to Cyber Monday 2014 to 2016. The call center is often the weakest link in the fraud chain because it contains an extremely vulnerable component: humans. While net- work infrastructure continues to advance and evolve, the ability and/ or training of call center agents rarely keeps pace. To make matters worse, agents are typically turning over at 6-9 month rates, meaning that even with proper training and preparation, good work is hard to keep. Finally, agents are people, too! The requirements of effective knowledge-based authentication are high. Agents are bound to their own emotions, feelings, and unconscious biases, all of which are needed to detect social engineering, and are preyed upon by savvy fraudsters. It’s an extremely stressful environment to work in -- a thankless job with huge reprecussions for even the smallest mistake. 1 - FOLLOW PROTOCOLS One of the ways that retailers are targeted comes from fraudsters pur- chasing items, having them shipped to a legitimate customer address, but then diverting the shipment to a new address later in the process. Retailers should prevent changes to delivery address after shipment, and limit re-shipping options -- to avoid falling prey to this type of fraud. They should also require signatures on their deliveries to avoid “porch pirates.” Porch pirates engage in some of the most brazen type of fraud and theft -- they’ll order fraudulent purchases, have them shipped to the address of the victim, and steal them from the location of delivery. Requiring signatures and restricting the ability for items to be forwarded will prevent some of these common means of fraud. One way to hedge against call center vulnerability is to provide ongoing agent education. The easiest way for criminals to breach security and access confidential documents is by tricking employees, so keep agents in the know and monitor their workload to avoid fatigue. Also, expect fraudsters to have a lot of tricks up their sleeves. With all of the stolen information they’ll have access to this holiday season, it’s vital that call centers deploy multiple layers of security to detect even the tiniest red flag coming from any direction. Besides protecting and encrypting docu- ments, leverage solutions that keep fraudsters out all together. Most fraud, including fraud originating online, will involve call spoofing at some point in the process. Implementing telephone security technology to assess every call and identify threat levels is paramount. Some of the most surprising breaches have been caused by employ- ers unknowingly opening infected emails or attachments. With phishing scams taking place with more frequency, the likelihood of this is much higher during the holiday season. Retailers and financial institutions should have vigilant employee monitoring in place to prevent these types of breaches from happening within their organizations. 2 - LOCK DOWN SHIPPING 4 - MONITOR EMPLOYEES3 - BE AWARE OF IMPORTANT DATES 5 - SHORE UP THE WEAKEST LINK: THE PHONE CHANNEL
FOLLOW THESE TIPS... 10 HOLIDAY SEASON FRAUD FORECAST 1 - FREEZE YOUR CREDIT First and foremost, if they haven’t already done so, individuals must freeze their credit. And not just their own credit; if they have children they should freeze their children’s credit as well. Surprisingly, only 16% of respondents in our survey indicated they are taking this precaution to protect them- selves this holiday season. With nearly half of the country impacted by the Equifax breach, this highlights a frightening lack of concern and/or understanding of the severity of the situation. 3 - KEEP A WATCHFUL EYE ON YOUR FINANCES Thankfully, 40% of consumers noted that they were monitoring their credit & bank usage online to protect themselves from fraud and identity theft this holiday season. Ninety percent of women track day-to-day living expenses versus 79% of men, and women respondents (43%) were more likely than male respondents (36%) to note they would be monitoring for fraudulent activity this upcoming holiday period. Regularly pull credit reports to check for inconsistencies or irregularities, and remove old addresses and phone numbers. Set credit use alerts so that you are alerted before a fraudster attempts purchases. 4 - KNOW AND CONTROL YOUR INFORMATION ONLINE Limit the information you display everywhere online, especially social media. Then, test it: pretend you are a fraudster. Conduct an exhaustive Google search for yourself, and your children. See what information you can find, then secure it as needed. Change privacy settings to hide content (including photos) until you can vet the person asking for it. Review all of your privacy settings to understand them better. Never accept friend requests from people you don’t know personally; fraudsters often friend your friends to gain access to your information without your knowing. Consider sharing with first-party connections only. 2 - NEVER ASSUME YOU ARE NOT A TARGET There is a common myth that fraudsters only target individuals with good credit scores or big bank accounts. This is not always the case. Individuals with low income, little savings, or bad credit are regularly victimized. Don’t let your guard down by assuming that your circumstances will rule you out as a target. Fraudsters can set up bank accounts in a consumer’s name, or in the name of their children, take out loans, deliver to old addresses, or buy mobile phones from carriers with lower thresholds for new lines. And, it’s not always financial crime. Stolen identities provide cover for more serious schemes. There’s always a use for your information, it may just be a matter of time. While the reality is that many people will be affected by fraud no matter the precautions they take, there are things that consumers should be doing to protect themselves this holiday season, and beyond. PREVENTATIVE STEPS FOR CONSUMERS
...AND AVOID THE COMMON TRICKS 11HOLIDAY SEASON FRAUD FORECAST Phishing, Vishing, SMSishing, and Spoofing Be wary of any solicitation to collect or verify information, no matter the source. These attempts come in the form of emails and social media messages (“Phishing”), phone calls (“Vishing”), text messages (“SMSishing”), or fake websites that appear to be a legitimate source, but are in fact well-designed attempts to collect PII, passwords, or credit card numbers. You can expect these attempts around new gadgets and other in-demand products. It’s also important to realize that a criminal can change the phone number that appears on your caller ID. This tactic is called “Spoofing,” and it is a popular strategy amongst criminals because it gives the fraudster anonymity, and it is nearly untraceable. Criminals often use spoofing to display a phone number that you are more likely to answer, like the phone number of someone you know, or even just a familiar area code. Unfortunately, consumers seem unlikely to take precautions against these threats. Only 36% of those polled will not click on unknown emails or links this holiday season. Similarly, 34% noted that they would not answer calls from unknown numbers, making the potential impact of spoofing very worrisome. Even of the elderly respondants often targeted by frausters (those 55 years and older), only 44% will not answer calls from unknown numbers. The good news is that there are simple ways to avoid falling victim to these crimes. Never provide personal or ac- count information to incoming solicitations; always call the company back using the phone number on their website, your financial statements, or on the back of your credit card. A good rule of thumb to spot a fake website (often advertising sale items) is a missing “S” in the URL. Web addresses starting with “https” are more likely to be safe. Porch Pirates In 2016, roughly 11 million packages were stolen off of American doorsteps. As package deliveries surge during the peak holiday season, so too do the incidents of package theft. Less than 20% of respondents noted they would be closely watching their mailbox to protect themselves from this crime. To take the right precautions, require a signa- ture on the delivery, or route the package to a location where someone can actually accept it, rather than letting it languish on your “Welcome” mat. Mobile Takeover With the rise of mobile-based payment platforms and virtual currencies, mobile fraud is on the rise. With more per- sonal information available, fraudsters can gain access to major carrier phone accounts and carry out a variety of fraud, including stealing from crypto currency accounts tied to a specific phone number. This issue is compounded by two-factor authentication where no de facto standard is in place at the carrier level to ensure its reliability. Card Skimming As the busiest season of the year, ATMs, gas pumps, and retail Point of Sale (POS) systems are prime targets for fraud. Criminals plant nearly undetectable devices on top of these systems to steal information if a card is swiped. Credit card chips protect against this theft, and explain why consumers appear far less worried about card-present fraud this year. Only 8% noted they are not using a card for in-store as a precaution. But, cards can still be swiped manu- ally, negating the chip’s protection. Be suspicious of any request or requirement to swipe your card.
12 HOLIDAY SEASON FRAUD FORECAST CONCLUSION With card-not-present holiday fraud esca- lating in recent years, this holiday season should once again set new highs in CNP fraud attempts at both the consumer and enterprise level. The Equifax data breach, combined with the federal government’s ongoing battle to close dark web markets like AlphaBay, leads us into one of the most unpredictable and combustible fraud sea- sons in history. Our research found alarmingly low levels of concern and preparedness amongst a large percentage of Americans. The truth is, even if you follow all of the advice above, it doesn’t guarantee that fraud won’t happen to you. Unfortunately, fraudsters lay in wait to exploit every opportunity, and take ad- vantage of anything businesses do to make life easier for their customers. However, if you take the proper, and often proactive steps to prevent fraud, it’s sure to lower the likelihood that you or your business will become the next victim.
METHODOLOGY To supplement its own institutional knowledge and personal expertise in the fraud protection space, Next Caller commissioned a study administered to 500 U.S. respondents aged 18+ and weighted for the U.S. population by age, region, and gender. Survey conducted between September 21, 2017 and September 23, 2017. Margin of error is 5.7%" 13HOLIDAY SEASON FRAUD FORECAST
46 Lispenard street, Suite #1E New York, NY 10013 P: 1-844-698-2255 E: info@nextcaller.com W: www.nextcaller.com

More Related Content

PDF
Child Identity Theft
by- Mark - Fullbright
 
PPTX
Big data analytical driven fraud detection for finance; banks and insurance
bySyed Danish Ali
 
PPT
How to Prevent ID Theft
byhewie
 
PDF
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
byElizabeth Dimit
 
PDF
Internet Threats and Risk Mitigation
byBrandProtect
 
PDF
Databreach forecast
bySuresh Kesavan
 
PDF
Fraud and risk communication
byRosetta
 
PPT
The Phishing Ecosystem
byamiable_indian
 
Child Identity Theft
by- Mark - Fullbright
 
Big data analytical driven fraud detection for finance; banks and insurance
bySyed Danish Ali
 
How to Prevent ID Theft
byhewie
 
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
byElizabeth Dimit
 
Internet Threats and Risk Mitigation
byBrandProtect
 
Databreach forecast
bySuresh Kesavan
 
Fraud and risk communication
byRosetta
 
The Phishing Ecosystem
byamiable_indian
 

What's hot

PDF
Phishing website method
byarelyf_7
 
PDF
You Have the Power to Stop Identity Theft
by- Mark - Fullbright
 
PPT
Fraud Presentation
bymbachnak
 
PDF
IC3 2019 Internet Crime Report
by- Mark - Fullbright
 
PDF
Fraud An International Perspective
bySteve Mitchinson
 
PPTX
Internet fraud #scichallenge2017
byN F
 
PDF
Unlocking New Doorways to Multi-channel Scams
byCTM360
 
PPTX
What are the negative and lasting effects of identity theft
bycFirst
 
PPT
Internet Fraud
byElijah Ezendu
 
PDF
How to Protect Yourself From Identity Theft
byExperian_US
 
PPTX
ASIS Phoenix February Presentation
byJohn Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
PDF
How Cyber-Secure is your Family Enterprise? A special report for clients of P...
byDeclan Winston Ramsaran
 
PDF
RSA Monthly Online Fraud Report -- May 2013
byEMC
 
PDF
You Can Fight Identity Theft
by- Mark - Fullbright
 
PPT
Id theft-phishing-research
byJustin Saunders
 
PDF
Phishing
by- Mark - Fullbright
 
PDF
Year of the Data Breach 2014
byRobert Lundahl
 
PPTX
5 scams you can avoid
byTracey Krska
 
PDF
Trafficking fraudulent accounts : the role of the underground market in twitt...
byRomain Fonnier
 
PDF
Botnets used for ad fraud spam ddos attacks
byDr. Augustine Fou - Independent Ad Fraud Researcher
 
Phishing website method
byarelyf_7
 
You Have the Power to Stop Identity Theft
by- Mark - Fullbright
 
Fraud Presentation
bymbachnak
 
IC3 2019 Internet Crime Report
by- Mark - Fullbright
 
Fraud An International Perspective
bySteve Mitchinson
 
Internet fraud #scichallenge2017
byN F
 
Unlocking New Doorways to Multi-channel Scams
byCTM360
 
What are the negative and lasting effects of identity theft
bycFirst
 
Internet Fraud
byElijah Ezendu
 
How to Protect Yourself From Identity Theft
byExperian_US
 
ASIS Phoenix February Presentation
byJohn Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
How Cyber-Secure is your Family Enterprise? A special report for clients of P...
byDeclan Winston Ramsaran
 
RSA Monthly Online Fraud Report -- May 2013
byEMC
 
You Can Fight Identity Theft
by- Mark - Fullbright
 
Id theft-phishing-research
byJustin Saunders
 
Phishing
by- Mark - Fullbright
 
Year of the Data Breach 2014
byRobert Lundahl
 
5 scams you can avoid
byTracey Krska
 
Trafficking fraudulent accounts : the role of the underground market in twitt...
byRomain Fonnier
 
Botnets used for ad fraud spam ddos attacks
byDr. Augustine Fou - Independent Ad Fraud Researcher
 

Similar to Holiday Season Fraud Forecast

PDF
Identity theft godwin oyedokun
byGodwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
PDF
Common Consumer Frauds & How to Avoid Them
bymilfamln
 
PDF
The Equifax Data Breach - How to Tell if You've Been Impacted
byCBIZ, Inc.
 
PDF
Equifax Flyer Aug 2017
byDaniel Michels
 
PDF
Identity Theft: The Other You
by- Mark - Fullbright
 
PPTX
Identity Theft Presentation
bycharlesgarrett
 
PPT
Avoiding Fraud and Identity Theft - October 2008
byFinancialCenter
 
PPT
Identity theft power_point
byefandeye
 
PPT
Ira Wilsker's January 2014 Identity Theft Presentation
byGreater Cleveland PC Users Group
 
PPTX
Credit Card Fraud
byUmangThakkar26
 
DOCX
2015 CEB Tower Group Mar2015
byAjay Alex
 
PDF
Identity theft godwin oyedokun
byGodwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
PPT
Identity Fraud and How to Protect Yourself
byBarry Caplin
 
PDF
Ftc identity theft kit
byupsettinginfo
 
PPT
ID Theft
byWillhack
 
PPTX
Protect against id fraud workshop 2 of 2
byManagement Insights LLC
 
PDF
databreach whitepaper
byPaige Schaffer
 
PPT
Id Theft Seminar 6
bykrupp
 
PPT
Identity Theft Lake Placid 2012
byMark Kotzin
 
PDF
Holiday Fraud Tips #creditchat
byBarbara O'Neill
 
Identity theft godwin oyedokun
byGodwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
Common Consumer Frauds & How to Avoid Them
bymilfamln
 
The Equifax Data Breach - How to Tell if You've Been Impacted
byCBIZ, Inc.
 
Equifax Flyer Aug 2017
byDaniel Michels
 
Identity Theft: The Other You
by- Mark - Fullbright
 
Identity Theft Presentation
bycharlesgarrett
 
Avoiding Fraud and Identity Theft - October 2008
byFinancialCenter
 
Identity theft power_point
byefandeye
 
Ira Wilsker's January 2014 Identity Theft Presentation
byGreater Cleveland PC Users Group
 
Credit Card Fraud
byUmangThakkar26
 
2015 CEB Tower Group Mar2015
byAjay Alex
 
Identity theft godwin oyedokun
byGodwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
Identity Fraud and How to Protect Yourself
byBarry Caplin
 
Ftc identity theft kit
byupsettinginfo
 
ID Theft
byWillhack
 
Protect against id fraud workshop 2 of 2
byManagement Insights LLC
 
databreach whitepaper
byPaige Schaffer
 
Id Theft Seminar 6
bykrupp
 
Identity Theft Lake Placid 2012
byMark Kotzin
 
Holiday Fraud Tips #creditchat
byBarbara O'Neill
 

Recently uploaded

PPTX
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
PDF
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
PPTX
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
PPTX
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 
PPTX
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
PPTX
Cyber Security Overview-breif note .pptx
byxbitindiacom
 
DOCX
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
PDF
Artificial Intelligence and Barbarism - Conceptual Map
byalfadix
 
PDF
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
PPTX
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
PPTX
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
PDF
IAI-Unit1-notes useful.............................
bydinesh620610
 
PDF
Video Infrastructure_ Streaming Architecture and Delivery Systems.pdf
byTenbyte Limited
 
PPTX
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
PDF
How Azure DevOps Consultants Dubai Reduce Release Delays.pdf
byLogicEra
 
PDF
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
PPT
Information and Communication Technologies and Power
byJeffrey Hart
 
PPTX
Salesforce Spring 26 Release Key .pptx
byMehediHasan939830
 
PDF
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
PDF
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
Cyber Security Overview-breif note .pptx
byxbitindiacom
 
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
Artificial Intelligence and Barbarism - Conceptual Map
byalfadix
 
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
IAI-Unit1-notes useful.............................
bydinesh620610
 
Video Infrastructure_ Streaming Architecture and Delivery Systems.pdf
byTenbyte Limited
 
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
How Azure DevOps Consultants Dubai Reduce Release Delays.pdf
byLogicEra
 
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
Information and Communication Technologies and Power
byJeffrey Hart
 
Salesforce Spring 26 Release Key .pptx
byMehediHasan939830
 
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 

Holiday Season Fraud Forecast

  • 1.
    2017 HOLIDAY SEASON FRAUD FORECAST AUTHENTICATION• CALL VERIFICATION www.nextcaller.com
  • 2.
    2 HOLIDAY SEASONFRAUD FORECAST WELCOME TO OUR ANNUAL HOLIDAY SEASON FRAUD FORECAST While we may be a ways away from snowflakes and jingle bells, for fraudsters, the holiday season is well under way. Typically the most lucrative period of the year for nefarious parties, the addition of the recent Equifax hack -- possibly the worst cyber breach in his- tory -- means that the next couple of months may not be the most wonderful time of the year for consumers, retailers, and banking institutions alike. This report was developed by the team at Next Caller, in cooperation with AnglerPhish Security led by Brett Johnson, Former USA Most Wanted Cybercriminal, Identity Thief, and Hacker. This report was prepared in advance of the holiday season to inform businesses and consumers of criminal tactics and trends, assess the potential impact of fraud and identity theft, and suggest ways to protect against anyone who might not be making Santa’s “Nice” list this year.
  • 3.
    3HOLIDAY SEASON FRAUDFORECAST TABLE OF CONTENTS 01 | Welcome Message from Next Caller 02 02 | Introduction 04 03 | Fraud During The Holidays 05 04 | The Equifax Effect 06 05 | The Equifax Effect: Why Age Matters 07 06 | Big Data Breaches: The Fallout 08 07 | Preventative Steps: For Retailers and Financial Institutions 09 08 | Preventative Steps: For Consumers 10 09 | Conclusion 12
  • 4.
    4 HOLIDAY SEASONFRAUD FORECAST HOLIDAY FRAUD IS BIG BUSINESS Research by the National Retail Foundation found that retailers lose upwards of $2.2B due to fraud each holiday season. With the widespread adoption of EMV and the increase of online transac- tions criminals frequently turn to card-not-present (CNP) fraud. CNP fraud online increased by 31% for the 2016 holiday season, while the number of overall transactions only increased by 16%, as reported by ACI Worldwide. And while ACI also found that retail fraud attempt rates are highest around Christmas Eve and Shipment Cutoff day, many fraudsters have already started working on their 2017 holiday shopping lists. 2.2Bin annual fraud losses $
  • 5.
    WHY EVERY FRAUDSTER ISREADY TO JOIN THE PARTY 5HOLIDAY SEASON FRAUD FORECAST One of the most basic indicators of fraud is irregular behavior. This is a problem because during the holiday season shopping patterns naturally become more erratic and less predictable. During this period, which starts as early as October, consumers purchase high-priced items with greater frequency, ship items to addresses other than their billing address, request in-store pickups, use multiple forms of payment, open new accounts, and request increased lines of credit. Outside of the holiday season, these patterns would set off fraud indicators for retailers and financial institutions. However, the increase in this uncharacteristic behavior, combined with the sheer volume of activity, makes it nearly impossible for retailers and institutions to separate the good actors from the bad. And while these bad actors are hard to spot in the shadows, they’re surprisingly open when it comes to trading information, strategies, and tactics with each other over anonymous online forums. Recently, however, the sharing of this information has become a bit more decentral- ized with the FBI and Interpol shutting down two of the largest online cyber crime communities: Alphabay and Hansa Market.
  • 6.
    6 HOLIDAY SEASONFRAUD FORECAST THE EQUIFAX EFFECT The severity of the Equifax breach is hard to understate. Essentially, it has provided fraudsters and hackers with the Holy Grail of stolen information. With access to the names, addresses, birth dates, Social Security numbers, driver’s licenses, credit card numbers, and dispute documents for more than 145 million individuals in the U.S., the type and scope of attacks is limitless. While the scale of the data breach is staggering, the false sense of security shown by consumers might be the most unsettling part of the Equifax fiasco. Referencing the Google Trends data below, the Equifax data breach caused rapid panic amongst U.S. residents. Internet searches for “fraud protection” skyrocketed to a yearlong high shortly after the breach in September: However, the fear factor quickly subsided with “fraud protection” searches returning to pre-Equifax breach levels. When we took a closer look by polling U.S. internet users to see if the Equifax breach has made them more con- cerned about becoming a victim of fraud this holiday season, over half (56%) said no. Additionally, 30% said that they are not taking any precautions to protect themselves from fraud and identity theft this holiday season. 56% 30%ARE NOT MORE CONCERNED WILL NOT TAKE MORE PRECAUTIONS AFTER THE EQUIFAX BREACH
  • 7.
    AGE 18-34 33% AGE55-64 57% AGE 18-44 34% AGE 45-64 54% 7HOLIDAY SEASON FRAUD FORECAST AGE MATTERS The data becomes even more interesting when considering the age of respondents. In fact, the level of concern with becoming a victim of fraud this holiday season after the Equifax Breach seems to be directly correlated to age. MORE CONCERNED WITH BEING A VICTIM OF FRAUD AFTER THE EQUIFAX BREACH However, this isn’t simply a case of stark differences between Generation Z and their Baby Boomer counterparts. The shift in concern appears to occur around those in their forties. While the differentiation in responses may in part be attributed to the younger demographic simply not having been directly impacted by fraud before, these digital natives are also used to sharing personal information online and have been witness to countless hacks and breaches over the years which could have a desensitization effect on their perceived threat levels. Many in this cohort may also believe that they don’t have the level of finances or credit to make them an attractive target. That rationale is particularly concerning as fraudsters are often looking to take advantage of lower credit score targets during the holidays when fraud standards are lowered. Furthermore, fraudsters today aren’t simply looking to steal money from bank accounts. They’re looking for any way to turn a consumer’s personal information into a large payoff.
  • 8.
    ADDED ACCOUNT INFORMATION Criminals canuse the dis- pute process put in place by banks, financial institu- tions, and credit agencies to add information to a victim‘s credit report without their knowledge. Once the infor- mation is added, the criminal can use it to their advantage in subsequent schemes. If a criminal obtains a victim‘s “fullz,” they can intentionally start a dispute process me- ant only to add information the criminal chooses to the victim‘s report. For example they can add a drop address to a victim‘s account that they will ship to later. PERSONALLY IDENTIFIABLE INFO The vast amount of stolen information will be used by criminals for years to come. Access to a victim‘s “fullz” (credit report, mother‘s mai- den name, background check, and all other personal infor- mation) helps fraudsters skirt common security protocols. Stolen PII can also be used to: - Take over cards, bank accounts - Open new cards, bank accounts - Open business bank accounts - Steal Social Security benefits - Order new cell phones - Get W2s to file fake tax returns - Apply for business loans, credit - Apply for personal, student, or home equity loans CREDIT CARD NUMBERS Certainly, any criminal can use a credit card to purcha- se things. With the amount of credit card numbers that have been compromised from the long, and growing list of data breaches this year, expect carding to be on the rise during the 2017 holi- day season. Fraudsters will be able to use a victim‘s credit card infor- mation -- card number, CVV code, and expiration date -- plus PII in order to take over the victim‘s account (ATO). After gaining control of the account, a criminal can buy, withdraw, or transfer at will. 8 HOLIDAY SEASON FRAUD FORECAST BIG DATA BREACHES THE FALLOUT FROM EQUIFAX To understand what types of schemes are possible this holiday season as a result the Equifax breach, it is important to examine exactly what information was stolen, and how it can be used by criminals. A NEW WAVE: SYNTHETIC FRAUD One of the lesser reported uses for stolen information is Synthetic Fraud: when a criminal creates a new identity based on fake information and an unused social security number. The synthetic identity can be used to open accounts and make purchases. With this breach, fraudsters can also create synthetic business accounts using stolen information in conjunction with synthetic personal identities (that use the real victim’s actual name) to commit fraud where financial institutions are left to foot the bill. Also, the consumer experiences collateral damage like a ruined credit score and having to permanently face stricter authentication protocols from being flagged as “high risk.” Stolen information is also used for much more than financial crimes. A common mantra within fraud circles is “All Crime Begins With Identity Theft.” Once a victim’s information is exhausted for financial gain, criminals can simply use their iden- tity to commit common crimes. In the case of Equifax, things like creating driver’s licenses present a limitless goldmine for “new” identities and criminal opportunities.
  • 9.
    9HOLIDAY SEASON FRAUDFORECAST Along with consumers, retailers and financial institutions also have a bullseye on their back this holiday season. These tips will help businesses protect themselves, and their customers. PREVENTATIVE STEPS FOR BUSINESSES AND INSTITUTIONS Brick and mortar retailers are often overwhelmed during the holi- day season, especially during Black Friday and other themed sales events. During these times, agents and cashiers are frequently tar- geted, and are the last line of defense. In stores, cashiers should be diligent about following card protocols, like checking driver’s licens- es or requiring EMV chips to be used. When a retailer allows a cus- tomer to swipe a card that is EMV enabled, liability shifts to the busi- ness. Holiday season is also prime time for card skimming at both the ATM and POS location. Increase your physical security wherever possible. Also consider establishing a gift card hotline for financial institutions to report fraudulent gift card or stored-value purchases. While the entire holiday season can provide fertile ground for fraud- sters, the time between Black Friday and Cyber Monday is an espe- cially precarious one. In fact, there was a 20% increase in online credit card fraud during the 2016 holiday shopping weekend when compared to the same period in 2015, and a 34% increase in online credit card fraud from Black Friday to Cyber Monday 2014 to 2016. The call center is often the weakest link in the fraud chain because it contains an extremely vulnerable component: humans. While net- work infrastructure continues to advance and evolve, the ability and/ or training of call center agents rarely keeps pace. To make matters worse, agents are typically turning over at 6-9 month rates, meaning that even with proper training and preparation, good work is hard to keep. Finally, agents are people, too! The requirements of effective knowledge-based authentication are high. Agents are bound to their own emotions, feelings, and unconscious biases, all of which are needed to detect social engineering, and are preyed upon by savvy fraudsters. It’s an extremely stressful environment to work in -- a thankless job with huge reprecussions for even the smallest mistake. 1 - FOLLOW PROTOCOLS One of the ways that retailers are targeted comes from fraudsters pur- chasing items, having them shipped to a legitimate customer address, but then diverting the shipment to a new address later in the process. Retailers should prevent changes to delivery address after shipment, and limit re-shipping options -- to avoid falling prey to this type of fraud. They should also require signatures on their deliveries to avoid “porch pirates.” Porch pirates engage in some of the most brazen type of fraud and theft -- they’ll order fraudulent purchases, have them shipped to the address of the victim, and steal them from the location of delivery. Requiring signatures and restricting the ability for items to be forwarded will prevent some of these common means of fraud. One way to hedge against call center vulnerability is to provide ongoing agent education. The easiest way for criminals to breach security and access confidential documents is by tricking employees, so keep agents in the know and monitor their workload to avoid fatigue. Also, expect fraudsters to have a lot of tricks up their sleeves. With all of the stolen information they’ll have access to this holiday season, it’s vital that call centers deploy multiple layers of security to detect even the tiniest red flag coming from any direction. Besides protecting and encrypting docu- ments, leverage solutions that keep fraudsters out all together. Most fraud, including fraud originating online, will involve call spoofing at some point in the process. Implementing telephone security technology to assess every call and identify threat levels is paramount. Some of the most surprising breaches have been caused by employ- ers unknowingly opening infected emails or attachments. With phishing scams taking place with more frequency, the likelihood of this is much higher during the holiday season. Retailers and financial institutions should have vigilant employee monitoring in place to prevent these types of breaches from happening within their organizations. 2 - LOCK DOWN SHIPPING 4 - MONITOR EMPLOYEES3 - BE AWARE OF IMPORTANT DATES 5 - SHORE UP THE WEAKEST LINK: THE PHONE CHANNEL
  • 10.
    FOLLOW THESE TIPS... 10HOLIDAY SEASON FRAUD FORECAST 1 - FREEZE YOUR CREDIT First and foremost, if they haven’t already done so, individuals must freeze their credit. And not just their own credit; if they have children they should freeze their children’s credit as well. Surprisingly, only 16% of respondents in our survey indicated they are taking this precaution to protect them- selves this holiday season. With nearly half of the country impacted by the Equifax breach, this highlights a frightening lack of concern and/or understanding of the severity of the situation. 3 - KEEP A WATCHFUL EYE ON YOUR FINANCES Thankfully, 40% of consumers noted that they were monitoring their credit & bank usage online to protect themselves from fraud and identity theft this holiday season. Ninety percent of women track day-to-day living expenses versus 79% of men, and women respondents (43%) were more likely than male respondents (36%) to note they would be monitoring for fraudulent activity this upcoming holiday period. Regularly pull credit reports to check for inconsistencies or irregularities, and remove old addresses and phone numbers. Set credit use alerts so that you are alerted before a fraudster attempts purchases. 4 - KNOW AND CONTROL YOUR INFORMATION ONLINE Limit the information you display everywhere online, especially social media. Then, test it: pretend you are a fraudster. Conduct an exhaustive Google search for yourself, and your children. See what information you can find, then secure it as needed. Change privacy settings to hide content (including photos) until you can vet the person asking for it. Review all of your privacy settings to understand them better. Never accept friend requests from people you don’t know personally; fraudsters often friend your friends to gain access to your information without your knowing. Consider sharing with first-party connections only. 2 - NEVER ASSUME YOU ARE NOT A TARGET There is a common myth that fraudsters only target individuals with good credit scores or big bank accounts. This is not always the case. Individuals with low income, little savings, or bad credit are regularly victimized. Don’t let your guard down by assuming that your circumstances will rule you out as a target. Fraudsters can set up bank accounts in a consumer’s name, or in the name of their children, take out loans, deliver to old addresses, or buy mobile phones from carriers with lower thresholds for new lines. And, it’s not always financial crime. Stolen identities provide cover for more serious schemes. There’s always a use for your information, it may just be a matter of time. While the reality is that many people will be affected by fraud no matter the precautions they take, there are things that consumers should be doing to protect themselves this holiday season, and beyond. PREVENTATIVE STEPS FOR CONSUMERS
  • 11.
    ...AND AVOID THECOMMON TRICKS 11HOLIDAY SEASON FRAUD FORECAST Phishing, Vishing, SMSishing, and Spoofing Be wary of any solicitation to collect or verify information, no matter the source. These attempts come in the form of emails and social media messages (“Phishing”), phone calls (“Vishing”), text messages (“SMSishing”), or fake websites that appear to be a legitimate source, but are in fact well-designed attempts to collect PII, passwords, or credit card numbers. You can expect these attempts around new gadgets and other in-demand products. It’s also important to realize that a criminal can change the phone number that appears on your caller ID. This tactic is called “Spoofing,” and it is a popular strategy amongst criminals because it gives the fraudster anonymity, and it is nearly untraceable. Criminals often use spoofing to display a phone number that you are more likely to answer, like the phone number of someone you know, or even just a familiar area code. Unfortunately, consumers seem unlikely to take precautions against these threats. Only 36% of those polled will not click on unknown emails or links this holiday season. Similarly, 34% noted that they would not answer calls from unknown numbers, making the potential impact of spoofing very worrisome. Even of the elderly respondants often targeted by frausters (those 55 years and older), only 44% will not answer calls from unknown numbers. The good news is that there are simple ways to avoid falling victim to these crimes. Never provide personal or ac- count information to incoming solicitations; always call the company back using the phone number on their website, your financial statements, or on the back of your credit card. A good rule of thumb to spot a fake website (often advertising sale items) is a missing “S” in the URL. Web addresses starting with “https” are more likely to be safe. Porch Pirates In 2016, roughly 11 million packages were stolen off of American doorsteps. As package deliveries surge during the peak holiday season, so too do the incidents of package theft. Less than 20% of respondents noted they would be closely watching their mailbox to protect themselves from this crime. To take the right precautions, require a signa- ture on the delivery, or route the package to a location where someone can actually accept it, rather than letting it languish on your “Welcome” mat. Mobile Takeover With the rise of mobile-based payment platforms and virtual currencies, mobile fraud is on the rise. With more per- sonal information available, fraudsters can gain access to major carrier phone accounts and carry out a variety of fraud, including stealing from crypto currency accounts tied to a specific phone number. This issue is compounded by two-factor authentication where no de facto standard is in place at the carrier level to ensure its reliability. Card Skimming As the busiest season of the year, ATMs, gas pumps, and retail Point of Sale (POS) systems are prime targets for fraud. Criminals plant nearly undetectable devices on top of these systems to steal information if a card is swiped. Credit card chips protect against this theft, and explain why consumers appear far less worried about card-present fraud this year. Only 8% noted they are not using a card for in-store as a precaution. But, cards can still be swiped manu- ally, negating the chip’s protection. Be suspicious of any request or requirement to swipe your card.
  • 12.
    12 HOLIDAY SEASONFRAUD FORECAST CONCLUSION With card-not-present holiday fraud esca- lating in recent years, this holiday season should once again set new highs in CNP fraud attempts at both the consumer and enterprise level. The Equifax data breach, combined with the federal government’s ongoing battle to close dark web markets like AlphaBay, leads us into one of the most unpredictable and combustible fraud sea- sons in history. Our research found alarmingly low levels of concern and preparedness amongst a large percentage of Americans. The truth is, even if you follow all of the advice above, it doesn’t guarantee that fraud won’t happen to you. Unfortunately, fraudsters lay in wait to exploit every opportunity, and take ad- vantage of anything businesses do to make life easier for their customers. However, if you take the proper, and often proactive steps to prevent fraud, it’s sure to lower the likelihood that you or your business will become the next victim.
  • 13.
    METHODOLOGY To supplement itsown institutional knowledge and personal expertise in the fraud protection space, Next Caller commissioned a study administered to 500 U.S. respondents aged 18+ and weighted for the U.S. population by age, region, and gender. Survey conducted between September 21, 2017 and September 23, 2017. Margin of error is 5.7%" 13HOLIDAY SEASON FRAUD FORECAST
  • 14.
    46 Lispenard street,Suite #1E New York, NY 10013 P: 1-844-698-2255 E: info@nextcaller.com W: www.nextcaller.com