opinion

Trying to Stop Web Fraud Before It Happens

Trying to Stop Web Fraud Before It Happens

You may have read or heard by now that one of the nation’s three major credit reporting agencies was the target of a malicious and illegal breach of security earlier this year.

Equifax has stated that the breach lasted from mid-May through July and the scope of information accessed includes Social Security numbers, birth dates, addresses, credit card numbers, and driver’s license numbers. It has been reported that individuals in Canada and the U.K. have also been affected by this breach.

The best advice we can offer when confronted with a spear-phishing scam is to assume the communication being received is suspect.

Equifax has created a website to help consumers protect their identity, but there’s a wait and the timeframe allotted to enroll is limited. Visit EquifaxSecurity2017.com to check if your personal information may be affected by the breach and be sure to visit soon because the enrollment period ends on Tuesday, Nov. 21.

In addition to placing a freeze and fraud alert on your credit report, there are a few other things you can do to be proactive in protecting your identity.

Placing a fraud alert and credit freeze on your credit profiles will make it more difficult, but not impossible, for someone to establish a credit account in your name without your knowledge or permission. Please note, you’ll need to repeat the process with each credit bureau as not all creditors and lenders use the same reporting agencies.

Check with the other major credit bureaus, Experian and TransUnion and monitor your credit report closely for unauthorized and unrecognized entries. You can check your credit reports at each reporting agency for free once per year at AnnualCreditReport.com. If you find accounts or activity you don’t recognize, visit IdentityTheft.com to take appropriate steps to report and rectify your situation.

Another tip is to file your taxes early, as soon as you have all the documents you need. A common practice of identity thieves is to use stolen Social Security numbers to gain employment, file tax returns fraudulently, and collect the refund owing to you from the federal government.

In the aftermath of the breach, several new trends have emerged within the criminal element, taking advantage of the breach. As if the breach itself isn’t bad enough on its own, this new practice dubbed, “spear-phishing,” is on the rise.

Most are familiar with the practice of phishing, when the intended victim is the recipient of an email from a well-established brand or bank claiming that access credentials have been compromised and a simple password reset will prevent any unauthorized access; all that needs to be done is click the link in the email and the recipient is directed to the password reset page.

Typically, the password reset page is a remarkably good facsimile of the legitimate business, bank, or brokerage and the user is prompted to enter their existing user name and password in order to confirm the new password — except what the user is likely unaware of is that they’ve just sent their perfectly valid and secure credentials to a criminal.

These types of phishing scams are easy to identify, usually due to poor grammar and poor formatting of the email but the new wave of spear-phishing is a little more sophisticated because it includes real and personal details illicitly acquired as a result of the most recent breach. Information such as your Social Security number may be included in the body of an email that has an attachment claiming to be from your bank or broker.

The email may prompt the recipient to click a link or download an attachment to confirm a transaction however, once that action is taken, the recipient of the email may be unknowingly downloading malicious software onto their computer, compromising the operating system, making it vulnerable to hijacking or recording keystrokes and sending them to unintended recipients.

“When you have a sophisticated criminal that has real information about you, it’s far more difficult to spot the fraud,” said Martin Walsh, a financial adviser with the Denver planning firm of Brown & Tedstrom.

The best advice we can offer when confronted with a spear-phishing scam is to assume the communication being received is suspect.

If an email is received from your bank, credit card issuer, or broker and you believe it to be legitimate, visit the company’s website directly or call the toll-free customer service number. Do not, under any circumstance, click the link or download the attachment.

Another, less-original practice of imposter scams, is seeing a resurgence owing to the Equifax data breach. The Federal Trade Commission has warned the public that it expects an increase of imposter scams, with individuals posing as representatives of Equifax “calling to verify your account information.”

Equifax is providing free credit monitoring and credit freezes as a result of the breach so the call may sound legitimate, but don’t ever provide confidential and private information over the phone to an inbound caller.

The purpose of this method is to get the recipient of the phone call, or sometimes e-mail, to disclose additional personal information to the imposter which they can either sell or use to establish new lines of credit fraudulently.

So, what should you do now that this has happened? First, check to see if you were affected by visiting the Equifax website listed earlier in this article. Secondly, take advantage of the free credit monitoring.

When you check to see if you were affected, you’ll be assigned an enrollment date — it’s important to set a calendar reminder for that date because Equifax will not send you a reminder — and you won’t be able to enroll until after your assigned date. Thirdly, freeze your credit, at all three bureaus.

The free credit monitoring is helpful, but it will not prevent identity theft. A credit freeze locks your credit profile to new inquiries and establishing new credit accounts, which can at least slow down, if not prevent, the theft of your identity.

Jonathan Corona has more than a decade of experience in the electronic payments processing industry. As Mobius Payments Inc.’s vice president of compliance, Corona is primarily responsible for day-to-day operations as well as reviewing and advising merchants on a multitude of compliance standards set forth by the card associations. Mobius Payments specializes in high-risk merchant accounts in the U.S., E.U. and Asia.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More