Rippleshot Blog

Solving ATM fraud has become a 2 billion-dollar question. (The impact of ATM skimming on a global scale). Getting to the bottom of ATM fraud means having a better understanding of how fraudsters think, how quickly they act and what payment channels they are targeting most.

In a recent webinar hosted by the ABA and Rippleshot's Chief Data Scientist Randal Cox, we discussed case studies of actual fraudster behavior and explored patterns of ATM misuse that help financial institutions fully understand the scope of this problem — and why it’s getting worse. [Catch the full webinar here].

October is cybersecurity awareness month — a prime time for banks and credit unions to re-think how they are managing their card fraud detection strategies. Then again, companies should be doing this the other 11 months of the year, too.

Financial institution leaders need to be constantly thinking about how to evolve their card fraud detection management and update their cybersecurity measures - or risk making their organizations increasingly vulnerable. Today, fraud management is more than just reacting to industry alerts. Being reactive, instead of proactive, about cybersecurity, will leave an organization always playing catchup.

Globally, ATM skimming fraud is a $2 billion problem. This is a rapidly-growing issue that’s become a major pain point for banks and credit unions already faced with increased challenges on how to manage their fraud-fighting measures.

Another problem? ATM skimmers are easy to buy online. What used to be something that was only accessible on the dark web can just as easily be bought on a marketplace today. Bottom line? If fraudsters want a skimmer, they can get their hands on one. 

ATM fraud continues to rise at alarming rates. Compromises from ATMs and POS devices rose 21 percent in the first half of 2017, when compared to 2016’s same figures, according to FICO. Compromised cards rose by 39 percent. Keep in mind these figures don’t account for holiday card fraud — a time which banks and credit unions should expect to see a spike.

The Equifax breach that continues to make headlines is a game-changer for the financial services space. The biggest fear, of course, remains the unknown cost impact for banks and credit unions.

Inevetiably, in a breach affecting roughly half the U.S. population, the scope of this incident will be long-lasting. The end results won’t be known for some time since the real threat ahead lies in fraudsters’ ability to create false identities (AKA: synthetic fraud). 

To help combat the fallout from this breach, we've gathered four tips that banks and credit unions should keep in mind as they devise their strategies for keeping up with the spread of fraud (and fraudulent accounts).

The Equifax data breach has created a ripple effect in the financial services ecosystem that’s causing consumers, banks and credit unions to prepare for the storm of fraud likely to occur as a result of the massive breach that’s estimated to impact 143 million consumers and more than 200,000 credit cards.

And that’s just one of the breaches. Equifax confirmed earlier this week that the company suffered another hack in March. It has since been reported that the company said there was no connection between the March incident with the breach that’s been making headlines the past couple weeks.

The massive Equifax data breach that’s making national headlines is estimated to impact nearly half of the U.S. population — or roughly 143 million people. While most of the news centers on the consumer identity theft impact, the real story in the financial services ecosystem is what this hack will cost banks, credit unions and issuers.

Let’s start with the basics. From what’s been publicly reported, there’s been 209,000 credit card numbers and 182,000 documents with personal information breached. These cyber thieves also got away with social security numbers, and a slew of other vital personal information that’s used to open up fraudulent accounts and commit identity theft. Limited personal data was also stolen from some UK and Canada residents.

For banks and credit unions, the real threat lies in the hackers’ ability to open fraudulent accounts, new credit cards and even entire lines of credit. This creates an endless trail of credit card fraud that can exponentially impact the rate of which synthetic fraud (accounts created with a fictitious identity) can spread.

As if issuers didn’t have enough to worry about as they combat rising card fraud rates, the dark web market continues to be a haven for hackers to scoop up droves of credit card data — which is then used to commit even more fraud.

From advanced techniques, bots that make online fraudulent purchases to hacking payment systems, the packaging and auctioning of compromised cards across the dark web to commit and monetize card fraud occurs faster than a bank can detect a compromise, identify compromise cards, reissue the cards and call the cardholders. This has created endless troubles for banks and credit unions looking to stop fraud in its tracks.

Financial institutions are continuing down their digitization transformation by investing in innovative technology. The problem? This opens the floodgates for more touch points for hackers to breach. Another problem? Those fraudsters are more sophisticated than ever. Banks are using new tools to fight fraud— machine learning, automation, cloud technology, etc. —  but so are the fraudsters.

It's a bit of a Catch 22 that exists within the card fraud ecosystem.

“Technology begets technology.”

That’s one of the key takeaways from the 2017 Tech Trend Report from Future Today Institute. As newer technologies emerge into the marketplace, it creates space for more innovation (AKA: more technological advancements).

As the report highlights, there is a seismic shift in how automated technology solutions are changing the face of virtually every industry — payments and financial services included. With concepts like artificial intelligence (AI), machine learning, bots, Internet of Things (IoT) and big data carving a path for the next wave of innovation, the year 2017 and beyond is ripe for the adoption of new fraud fighting technologies.

There’s a new trend in the ATM fraud space. Not only is ATM fraud skyrocketing in recent years, fraudsters are getting smarter, faster and more effective. Today, fraudsters are targeting high balance accounts and withdrawing large sums in a short time span.

The latest data from FICO showed card skimming losses rose 70% between 2015 and 2016. That’s on top of the 546% increase seen in 2015. As for how 2017’s figures will shape up? We’ll have to wait and see. But based on the attention both in the mainstream media and within the financial services ecosystem on this subject, the problem appears as though it will get worse before it gets better.

There’s no silver-bullet solution to tackling the rise of ATM fraud, but there are technologies that can help mitigate the spread of fraud to lessen its impact. 

When it comes to data breaches, not everyone learns from their mistakes. This is the case for some retailers who’ve found out the hard way how easy it is for their systems to be breached not just once, but multiple times.

A new study, “2017 Thales Data Threat Report, Retail Edition,” from Thales e-Security and analyst firm 451 Research, indicates that (of those surveyed), 52 percent experienced a data breach, with 19 percent experiencing a breach in the past year; 11 percent saw more than one breach.

“These distressing breach rates serve as stark proof that data on any system can be attacked and compromised,” said Garrett Bekker, principal analyst for information security at 451 Research. “Unfortunately, organizations keep spending on the same security solutions that worked for them in the past, but aren’t necessarily the most effective at stopping modern breaches.”

Globally and within the U.S., data breaches are a rapidly-growing concern across many industries. A new study indicates 2017’s figures (just halfway through the year) are trending above the total number of breaches seen in all of 2016.

The study, conducted by cyber analytics firm Risk Based Security, reviewed data breaches on a global scale and indicated that between Jan. 1 and June 30 of this year, there have been at least 2,227 breaches. That figure is only including breaches that were publicly disclosed — suggesting the actual data breach figure is far above what this study recorded.

“It is stunning to see the steady increase in the number of breaches impacting one million or more records. In the first six months of 2013, 2014 and 2015, the number of these large breaches hovered in the mid-teens. Last year we saw that number jump to 28, and now, for the first six months of this year, we’re tracking 50 such incidents,” said Risk Based Security Executive Vice President Inga Goddijn.

Based on the number of data breach reports in the news, it should be no surprise breaches in the U.S is on the rise. What is noteworthy, however, is the rate of which these breaches are occurring.

New data from the Identity Theft Resource Center (ITRC) and CyberScout indicates as of June 30, 2017, the U.S. has seen a record high of 791 breaches — a 29 percent increase from 2016’s same timeframe. Based on this pace, the ITRC projects breaches to hit 1,500 this year alone. Overall, that’s a 37 percent annual increase from 2016’s figure of 1,093 breaches (another all-time high).

"Because breaches have become ubiquitous, it is incumbent upon organizations that suffer a compromise to be candid and provide as much information as possible, so that consumers will have the best opportunity to mitigate their personal consequences,” said Adam Levin, Chairman of CyberScout.

As explored in a post last month, we detailed the fallout suffered by companies that experienced data breaches. The conclusion? The scope is expansive and has a long-term impact on brand value and customer trust.

A new study takes that theory to the next level. Comparitech.com, a site that offers security and privacy advice, conducted a study of 24 companies that have experienced a data breach — comparing what happened to their stock after the breach.

The result? Over time, the companies felt the sting, which was reflected in the stock market.

FinTech advancements have transformed the banking industry in the past decade faster than ever before. Paving that path has been the ability of banks and credit unions to tackle one of their biggest problems (fraud) through one key trend: Machine learning.

What's made that all possible? Software and options to integrate smarter, better fraud detection tools. 

While most of the chatter around how artificial intelligence (AI) will impact how banks and credit unions interact with their customers (i.e. chatbots) in the near future, there’s a lot more powerful ways organizations can leverage machine learning to actually impact their bottom line.