Page 16 - GS240902
P. 16
Insights and Expertise
StreetSmarts SM
Repel fraud with grit, due diligence
By Allen Kopelman End bust-out attacks
Nationwide Payment Systems Inc. Fraudsters are launching sophisticated attacks, including
bust-out attacks, which occur when fraudsters key-enter
hat types of fraudulent merchant applica- stolen card data from the Dark Web to create fraudulent
tions have crossed your desk recently, and transactions. Unless stopped by a bank or ISO, funds land
how did you figure out that they were in a bank account and are quickly swept by fraudsters
W fraudulent? As merchant level salespeople who leave a trail of chargebacks and frustrated merchants
(MLSs), we need to fully vet prospective merchants and and customers in their wake.
avoid contributing to a growing number of fraudulent
applications submitted every day to ISOs, processors and Sometimes a business owner, caught in the middle of a
technology service providers. bust-out attack, ends up on the MATCH list. Other times,
an unsuspecting person who does not even own a business
Unlike the old days, when MLSs mailed or overnighted suddenly has $50,000 in chargebacks from signed leases
paper applications with Polaroid site photos to processors, and ruined credit.
today's merchant applications are mostly processed online.
It's also easier to establish a home-based ecommerce, SaaS This is why security analysts recommend freezing
or drop-shipping business these days. accounts with all three credit reporting bureaus: Equifax,
Experian and TransUnion. When we spot a fake identity,
In this new digital frontier, we must stop fraud by the first thing we need to do is find the real person and
authenticating applicants who apply for services on our make them aware of what's going on so that they can take
websites, and vet their identities, business locations, appropriate steps and freeze their credit.
documents and financial accounts.
Fight deep fakes Fast-moving processors tend to approve deals quickly,
heightening risk of bust-out attacks. Bust-outs happen
What is causing the spike in fraudulent merchant when scammers use stolen identities to get merchant
applications? To begin with, most of our information has accounts, ruining victims' credit and causing permanent
already been compromised by any number of high-profile damage to ISOs, processors, merchants and customers.
data breaches in recent years. Criminals on the Dark
Web are selling our data to fraudsters for pennies on the We must get ahead of this trend by reviewing all
dollar to fund attacks that threaten payment processing applications before we submit them. It's also a good idea to
integrity. change our systems to prevent auto-submissions. We did
this and no longer allow any apps to go to underwriting
Scammers are piecing together bits of data, using off- until we totally vet them, because eight out of 10 are
the-shelf software, to create fake IDs, Social Security usually fake!
numbers, checks, bank statements and merchant account
statements. Many of these assets look convincingly real.
16
