20 Apr
According to an article in Scotlands Herald another string of card skimming devices has been discovered, this time in Scotland.
The Herald is reporting a direct tie to terrorism although they did not say how officials made that connection. The article mentions Osama bin Laden devotee Imam Samudra, but provides no connection between him and the card skimming devices that were discovered.
According to this report, 5000 credit cards were compromised, a potential street value of £1M.
16 Apr
The Australian press is currently reporting the ongoing trial of numerous terrorist suspects in a credit card fraud ring. According to the testimony of one of the suspects, Izzydeen Atik, the stolen credit card information was used to fund terrorist activities; primarily cell phone SIM cards and airline tickets.
This is nothing new, of course. Bob Sullivan of MSNBC wrote about it in his book Your Evil Twin back in 2004 and others have too. I mention it only to alert my readers that the trend continues. Credit card fraud does more than buy the local misfit’s television and computer games. It’s International in scope, frequently run by organized crime, and funding activities that we can only imagine.
The 2008 CyberSource Online Fraud Report tells us that $3.6 Billion was lost to online fraud alone. I have to wonder how much of that will fund the next suicide bomber in Iraq, or worse, the next September 11.
Make no mistake, credit card fraud is big business and the credit card industry is out of control. It’s up to us as merchants and cardholders to do whatever we can to prevent credit card fraud. That includes putting pressure on the issuing banks, the payment industry, and yes, even the government. Nobody is immune to the fraud.
14 Apr
This afternoon, one of our Merchant911 members filed a fraud report that once again shows us that banks just don’t have a clue about fraud prevention - or maybe they just don’t care. We’re not talking about a little bank here, folks. We’re talking about Washington Mutual - WaMu - one of the largest credit card issuers in the country. It shows, once again, that AVS is just about as useless to a merchant as a bicycle is to a fish.
The scenario
It went like this:
Merchant got two transaction notice - AVS approved and shipment requested to the Billing Address
Merchant ran manual checks and found discrepancies between GeoLocation and telephone number locations.
Merchant called the phone numbers and heard accents that didn’t sound right for the names.
Merchant called WaMu and got verbal verification of billing address but phone numbers were wrong
Merchant insisted that WaMu contact the cardholders.
Cardholders denied transactions and said they had not changed their addresses.
WaMu confirmed that someone other than the cardholder had changed the billing address of record.
Kudos to the member for doing the manual fraud checks recommended at Merchant911 and in the online course, Preventing E-Commerce Chargebacks. If the merchant had not done the manual checks, she would have been nailed with two large chargebacks. The transactions passed AVS but the merchant caught the fact that GeoLocation and the telephone number cross reference didn’t seem right.
Analysis
It looks like the bad guys were able to change the billing address for the WaMu credit cards undetected. This resulted in transactions passing AVS which could have meant that expensive merchandise was sent to the bad guys door. Had the bad guys changed the telephone number on the account, the fraud would have gone undetected until the cardholder disputed the charge and the merchant got the chargeback. Of course, in this case, there might be good news for the merchant - the billing address was changed so the real cardholder may never get a bill to dispute.
I have to wonder how many times this has happened. I suspect it happens a lot. It certainly explains the reports we get from merchants telling us about chargebacks on shipments to AVS approved addresses. Of course, banking officials will tell you it can’t happen and blame it all on the merchant so they can pass the loss to them and collect a chargeback fee on top of it.
