NEWS

Fraud buster Steve Tyas is warning online traders not to solely rely on new methods of card verification as the roll out of Chip and PIN forces fraudsters to the web.

All internet retailers in electrical, telecoms, gambling and other high value sectors are a particular target, according to Steve who is managing director and founder of fraud screening company, The 3rd Man.

Steve, who has been closely monitoring attempted fraud, looking for shifts in behaviour, said: “Over the past three months Card Not Present (CNP) fraud has increased markedly. This is directly as a result of the success of Chip and PIN in shops.

“However, processes designed to prevent on-line fraud are also now being compromised.”

The card security code, which is the three numbers on the back of credit and debit cards, is the latest development in online card protection.

The number helps to make sure the person attempting to make a purchase has the card in their hands, and is not just using information obtained from elsewhere.

However, Steve says it is being compromised in increasing numbers. He said: “These numbers have gone from being an effective security feature to one which cannot now be relied upon.

“What is worse is that many retailers treat the card security number as gospel. If checked they believe it safe to accept the transaction, therefore giving fraudsters a dangerous amount of access.

“Fraudsters are known to buy personal information which can be obtained simply by people who work in call centers and postal workers. Information is also available on the Internet.

“Fraudsters know that if they manage to compromise this number then they can buy virtually anything…so they are actively seeking to compromise this detail.

“It is not the miracle solution it has been billed as, and traders must use additional fraud screening to protect themselves.

“It is not just money they are losing but their reputation.”

Another method of security currently being heavily promoted is Verified by Visa, which allows the online shopper to use personal information to verify it is them making the transaction.

However Verified by Visa is not yet having the effect that was intended.

Steve said: “The majority of retailers are not using this service; it seems because of customer service concerns.

“There is a problem with credibility. The banks want these technologies adopted, yet they are not being entirely clear regarding the benefits.

“Verified by Visa provides a further check that the customer is who they say they are. There is a shift in liability away from the trader, but not always.

“For example if the goods are not received by the customer, then the retailer is still liable for a Chargeback.

“It appears this rather important piece of information is not being communicated to retailers.”

He added: “There is a lot of misinformation around about these systems. The important thing is not to rely on them alone. Use all available tools and above all remember that most of your customers are genuine. Fraudsters are the exception.

“Whilst they are good at verifying legitimate customers, fraudsters who have the key information can slip through with ease.”

Another key trend The 3rd Man has picked up on is the increasing use of third party delivery addresses.

Steve said: “More often than not fraudulent ‘purchases’ are sent to an address other than the one the card is registered at – this is a third party delivery address.

“Whilst the third party address allows genuine customers more flexibility, it is also a perfect vehicle for fraudsters.

“The system means they are less likely to get caught, and can make large purchases without arousing suspicion.

“On-line retailers obviously like to provide 3rd party deliveries to their customers. This is particularly popular when products are purchased as gifts, or where delivery to a workplace is required.

“Unfortunately fraudsters also make the most of this flexibility. They can use entirely genuine cardholder details and the only factor that is not genuine is the delivery address.

“This poses challenges in trying to provide a customer friendly service whilst also preventing frauds.

Steve added: “To mitigate risk retailers should check that the email address is a company one and not a web-based mail such as hotmail.

“Check that the company address is genuine and check the history of address - making sure it is not a mail forwarder.

“All of this should be provided by your fraud screening company.”

The 3rd Man, has detected a marked increase in fraudulent attempts using 3rd party delivery details over the past six months, and its experts are predicting it will only get worse with the roll out of Chip and PIN technology.

Steve added: “The 3rd Man service empowers retailers with the facts so that they may make the correct decision every time.

“Our specialists are also very aware that technology has moved on and fraudsters are getting increasingly ingenious at covering their real identity.

“We make numerous thorough checks, which take several minutes, before a potential customer is turned away, and a risk recommendation is made.

“The system differs from the old-style systems used by most fraud screening companies because it accepts every order – giving it more time to make an informed choice whether to send out the goods.

“Unlike the old-style systems which make an on-the-spot judgement, this way of working ensures genuine customers are not turned away, and the more wily fraudsters are weeded out with detailed checks.”

Research conducted by The 3rd Man has shown that all of its customers have quickly recouped the initial expense of using online fraud protection. In fact, usually there is an immediate net benefit in month one.

The 3rd Man uses risk level signals based on data collected daily, including credit card misuse and possible fraudulent practices such as the use of multiple addresses for the dispatch of goods, or the use of a particular telephone number for multiple orders.

Armed with detailed information and risk levels, retailers’ fraud detection teams or The 3rd Man analysts can then decide for themselves whether to send out the goods.

The technology is also highly effective at catching first-time fraudsters and is already saving companies a total of between £4 and £5 million annually.

CNP fraud amounted to £117 million in 2004, but a significant increase is expected as a direct result of the Chip and PIN rollout as fraudsters turn their focus to other channels such as the Internet.