All Top Banking

Phone Crime More Worrisome Than Computer Fraud

Posted by John B. Frank Friday, April 24, 2009

Source: CIO
Complete item: http://www.cio.com/article/490565/Phone_Crime_Worries_Banks_More_Than_Computer_Fraud

Description:
Computer fraud may be a big problem for banks today, but the telephone is becoming a critical tool for fraudsters, bank executives say.

In addition to calling customers about suspicious transactions, banks use SMS (Short Message Service) to request that customers contact them. So, fraudsters have begun using a variety of techniques to try to trick the banks into thinking they're communicating with legitimate customers via the telephone. "Call-center authentication is, to me, the biggest pain point right now," said Stan Szwalbenest, remote channel risk director with JP Morgan Chase, speaking at the RSA conference in San Francisco this week.

Malware, phishing and cyberattacks may get talked about, but "we should never fool ourselves into thinking that's the only place [crime is happening]," he said. "The biggest risks I see are social engineering, and that's exactly how the crooks are getting in."

Social-engineering attacks occur when fraudsters trick bank customers or employees into divulging sensitive information, usually by pretending to be someone they are not.

Sometimes fraudsters will hack into a bank account and change the customer's contact phone number. Then, when a suspicious transaction posts to the account, the bank will call the fraudster instead of the customer.

In cybercrime forums there's even a job title for people who do this: confirmer. "There are companies that specialize in it," said David Shroyer, senior vice president for online security and enrollment with Bank of America. Fraudsters will sell the services of people who have the language skills to mimic legitimate customers, offering, for example, four males and six females who speak English, one with a Spanish accent. "They say, 'We can match the phone number where your real customer is calling from,' " he said.

In another scam, criminals activate automatic call-forwarding features to essentially take over their victim's telephone lines for a period of time.

"They're adapting to our adoption of different technology and different authentication methods," Shroyer said.

Large banks like JP Morgan have been working with telecommunication companies to be able to identify spoofed calls, and with a recent rash of so-called swatting attacks, where hackers call 911 from spoofed numbers to trick police into sending out emergency response teams, the U.S. Federal Communicaions Commission has recently taken a greater interest in call spoofing, Szwalbenest said.

Criminals are also using low-cost, corporate-grade telephone systems to run their automated call centers. They will call, e-mail and send SMSes to victims telling them to call phoney numbers in hopes that victims will think they're calling a real bank and provide account numbers and passwords.

E-Secure-IT
https://www.e-secure-it.com

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio