11/21/2011

‘Tis the Season to be Vigilant

The holiday season should be a time of joy and goodwill. Unfortunately, for many (especially in difficult economic times) it becomes a time of desperation and deceit. Historically, the holiday season has been prime season for theft, credit card fraud, and data security breaches. We don’t want your holiday cheer to be ruined by a fraudster or a thief, which is why we’re committed to providing you with vital security information and helpful hints.
In addition to the Detecting a Security Breach and Voice Authorization Refresher articles we’ve published this month, we also want to bring your attention to a few other items that may help you avoid fraudulent transactions this season.

First, know that the methods of credit card fraud are numerous. A review of many of the most common varieties can be found on our Credit Card 101 Fraud page. In addition to the methods covered on that page, we have already seen an increase this year in reports of social engineering.

For those unfamiliar with the term, social engineering is defined as “the art of manipulating people into performing actions or divulging confidential information.” We recently had a client fall prey to one of these scams when a member of their staff received a call from a man claiming to represent one of the card brands. He asked the employee for both card numbers and security codes for all of that day’s transactions. Be wary of anyone who seems to be requesting excessive information. And please be certain that every member of your staff is trained not to provide cardholder data to anyone, no matter how official their request (phone, e-mail, or in person) may seem.

Another thing to be aware of this time of year is the increase of “trusted-employee” fraud that stems from hiring temporary, seasonal staff. These are not employees that you have known and trusted for years, and while the vast majority of them are excellent, there are always a few rotten apples that can ruin it for everyone. To counter this, please be sure that temporary employees are only given the access they need to successfully complete their assignments. Also, be sure your Fraud Sentry® settings are up-to-date. (This includes verifying that the alerts are being sent to an account that will be checked during the holidays. All too often, we find that Fraud Sentry alerts are being sent to accounts that are rarely checked, or even being routed to employees that are no longer with the organization.)

While you’re configuring your Fraud Sentry settings, you should also take a moment to review your DOLLARS ON THE NET® account security settings. Are there any users that no longer require access? Even more crucial, do former employees still have an account? Do any users have excessive privileges? Are you being too lenient with your password policy settings or the number of attempts you have to enter the correct password? All of these things can lead to trouble.

Ultimately, common sense is your greatest ally in the fight against credit card fraud. If something doesn’t seem right, double check it. If a card won’t swipe, call for a voice authorization. If you see someone accessing something they shouldn’t, question them. If your swipe devices are easily tampered with, secure them. Criminals are smart, but with some effort on your part, you can stay one step ahead of them.

We wish you a safe, secure, and prosperous holiday season.