One of the cyberthief's favorite tactics these days is transaction laundering, where the bad guy takes their bad transactions-usually for drugs, gambling, counterfeit goods or human trafficking-and runs them through seemingly good web sites, ones ostensibly trying to sell innocuous products.
There are things that a payment facilitator can do to thwart such efforts and that is the focus of this week's podcast, a re-run from March 30, featuring Deana Rich, president of Rich Consulting.
One of the less-commonly-used but quite effective tactics, Rich said, is do some secret shopping, both on the PF's own customer sites as well as suspected fraudulent sites. That is literally making purchases from both kinds of sites and seeing what then happens.
Rich said she was recently talking “with a banker who told me that she had done that on a site she suspected to be bad and then she made the purchase and it never came through her own system. She never saw it because the purchase didn't really occur. They weren't really selling anything on that site. They were really selling stuff on the bad site. It was that secret shopping, using your own payment card to purchase things, that let her know what went wrong.”
Another thought to consider when performing security sweeps: Thieves rarely work alone nor do they only strike once.
“When you find one bad guy in your system, you can guarantee you have more. They tend to open accounts in groups or packs. So what you then need to do is search on phone numbers, on owners, on addresses, and see if you have other accounts in your system that match,” said Rich. “You might even use a third-party tool to look up the owners on the sites you found that were bad, see who they're linked …
No comments:
Post a Comment