What You Need To Know About Financial Fraud

With the growing trend toward online and mobile banking, e-commerce, and online share trading, cybercriminals have found numerous opportunities to perpetrate many scams which increasingly are being driven by a desire for financial gain. The targets of these fraud can involve financial institutions or even individuals.

Here are some of the more common financial crimes.

Identity Theft


This is a serious crime in which a cybercriminal can make use of your personal information to commit fraud in your name. The process of creating a digital copy of your information for this purpose is known as Personal Identification Information dump (PII dump) and involves gaining access to such information as your name, date of birth, and address. With this information, it is easy to find your Social Security Number (SSN), which is one of the main vulnerable points that makes identity theft possible, as it is tied to bank accounts, loans, credit cards, taxes, and much more.

Another vulnerable point is the use of your mother’s maiden name as the answer to common security questions on many websites. Cybercriminals who obtain such personal information may be able to use it to access these sites in your name.

Credit Card/ Debit Card Fraud


In this type of fraud, a digital copy is made of the information found in the magnetic strip on your payment cards, which includes the card number and expiration date. This information can be obtained using an illegal card reader which copies that data, or other means such as hacking into a retailer’s network or introducing malware into a Point of Sale (PoS) device.

Your card includes information that can be valuable to cybercriminals, including:

• Your credit card verification number(CVV) is the unique 3-digit code found on the back and is the number you are asked for when making online purchases. It can be difficult to obtain since it is never stored by e-commerce and online technologies, but hacker-installed skimmers on PoS terminals and ATM machines can steal it.

Skimmers are devices that can be attached to a card-reading device to read information from the card. Some of the more sophisticated skimmers will transmit the data they collect via text messages.

• Track 1 and Track 2 data. The magnetic strip on your payment cards can have up to three tracks of data. While track three mostly goes unused, PoS readers will read track one and/ or track two. These tracks contain data such as your PIN number, account number, your Bank Identification Number (BIN), and more. The cardholder name appears on track one as it is the only one that can hold alphabetic text.

Once cybercriminals have access to this sort of data, they can clone your card for their fraudulent use. It can take time to realize that transactions are being conducted, as your card remains in your possession.

Internet Banking/ Mobile Banking Fraud

Internet banking and mobile banking fraud often involves phishing, which is an attempt to have victims divulge their personal information. This can occur when the victim receives what appears to be an email from their bank, asking them to confirm certain details. The victim may then enter the requested information, believing they are dealing with their bank when they are providing personal details to fraudsters.

In addition to the well-known phishing attempts via email, victims may be tricked into downloading malware that they believe to be a legitimate banking app. This phony app will mimic a real banking app and will request login information or credit card details. Once entered, they will typically display a thank you or an error message and cease to function.

Another type of fraud involves tricking the victim into believing they have won a prize or cash payment in a lottery and must pay certain charges to obtain it.

Payment Gateway Attacks

Payment gateways are a service provided to e-commerce merchants which allows them to accept credit card payments by capturing and transferring payment data from the customer to the acquirer. ATM skimmers, mentioned above, are one example of a means of stealing data, but the same effect can be had on a payment page online if it has been compromised.

Magecart is a cybercrime syndicate which specializes in cyberattacks that involve digital credit card theft through skimming online payment forms. They are a significant threat to e-commerce sites and have targeted e-commerce platforms such as Magento to obtain client information.

PoS terminals have also had vulnerabilities exploited, such as the ones found in terminals made by Verifone and Ingenico, allowing for the insertion of malware.

Protecting Yourself Against Financial Fraud

With the number of threats that are constantly seeking to steal information, it is vital that you do all that you can to protect yourself. Some ways to guard against financial fraud include:

• Requiring two-factor authentication
• Limiting the number of certificates used on the production server as well as restricting access to those certificates
• Securing all links to payment system engines by using a certificate-based mechanism such as mutual transport layer security. This applies to all external or internal traffic to the organization
• Verifying that perimeter security controls prevent Internet hosts from accessing the private network infrastructure servicing your payment switch application server
• Ensuring that perimeter security controls prevent access to your system by all hosts outside of the authorized endpoints.
• Validating your third parties to ensure that they possess the necessary level of cybersecurity and financial stability necessary to provide your organization with the services or products that you require

To protect your personal information and stop financial fraud, contact Safe Harbour.

You can access my Free Ebook
WHAT’S AT STAKE FOR YOUR BUSINESS?

Every business should assume they have either been attacked, are being attacked, or will be