With consumers shifting more of their transactions online due to the Covid-19 pandemic, criminals continue to target card-not-present transactions and step up their efforts to deceive consumers into giving up their account information, says Feedzai Inc.’s latest quarterly Financial Crime Report.
The three leading factors contributing to the increase in fraud are card cloning, high-speed ordering/spending, and high-risk merchant-category codes, according to San Mateo, Calif.-based Feedzai, a risk-management firm. While these three scams were common paths of attack for fraudsters in recent years, their use has accelerated in 2020, says Jaime Ferreira, senior director of global data science.
“One of the reasons why high-speed spending is common is because fraudsters try to deplete the funds of the card as quickly as possible to minimize the probability of the consumer detecting unauthorized transactions, or simply to avoid being caught in the act (e.g., when withdrawing money from an ATM),” Ferreira says by email.
In addition, criminals, especially those that had previously demonstrated technical prowess, are adjusting their tactics to obtain consumers’ personal account information. Storytelling plays a key role in how criminals are hoodwinking consumers into turning over their personal and account data.
Criminals, for example, may contact consumers by phone pretending to be a representative of a technology or utility company, the government, or even a charity. The premise used by the criminal to validate the outreach is that there is a problem the targeted victim needs to resolve, such as a virus on her computer or smart phone. To help solve the problem, the criminal asks the victim verify her personal information.
The critical element in this type of fraud is the storytelling part, because it is how the criminal gains the victim’s trust, Ferreira says. The hook used by the criminal to persuade a consumer to part with her personal information is that potential legal actions or unwanted financial consequences may arise if she does not confirm her personal or account data.
“Fraudsters are refining their techniques and using these uncertain times to spark fear in consumers,” says Ferreira. “The ultimate goal is to collect personal or financial information to perpetrate the attacks afterward.”
Phone calls are a common contact method because they allow the fraudster to gain the person’s attention. Other methods include emails, text messages, and mobile apps.
“These techniques are not new, in fact, they’ve been around for many years. What has changed is the context and the stories that are told to consumers,” Ferreira says.With consumers expected to continue favoring online transactions until the pandemic can be brought under control, it’s not unreasonable to expect that fraud levels—and attacks on consumers to get them to give up personal and account data—will remain high, Ferreira says.