POP Center Home Problems Check and Card Fraud 2nd Ed Page 3
Responses to the Problem of Check and Card Fraud
Your analysis of your local problem should give you a better understanding of the factors contributing to it. Once you have analyzed your local problem and established a baseline for measuring effectiveness, you should consider possible responses to address the problem.
This section reviews what is known about the effectiveness of various practices in dealing with check and card fraud. Unfortunately, most measures used against check and card fraud have been swiftly met with alternatives, particularly with the pace of technology. For example, ATMs were placed within office lobbies or other enclosed spaces to protect against robberies. However, these physical barriers did not prevent thefts, as fraudsters use skimmers and cameras to capture card information, or manipulate the magnetic strip of the card to increase withdrawal amounts. Regardless, the pace of these changes have rarely been evaluated for effectiveness, although institutions have reported lower rates of check or card fraud after implementation.
The government has funded little research in this field, generally regarding it as the private sector's domain. The private sector has focused on this issue due to the frequency and amount of loss stemming from cyber-attacks and methods.
The following response strategies provide a foundation of ideas for addressing your particular problem. It is critical that you tailor responses to local circumstances, and that you can justify each response based on reliable analysis. In most cases, an effective strategy will involve implementing several different responses. Do not limit yourself to considering what police can do: give careful consideration to others in your community who may share responsibility for the problem. It will be essential to work closely with local businesses and community groups. The most effective program to reduce check and card fraud reported to date involved banks, retailers, business associations, database administrators, and local, regional, and national police.[33]
General Considerations for an Effective Response Strategy
As noted, local police can do little on their own to prevent check and card fraud. In many cases, you will have to persuade local bankers and merchants to act. You may have to explain why police can achieve little using traditional responses such as surveillance and arrest, and why heavier court sentences are of limited value. You may want to explain to merchants that the way they process check and card payments may be contributing to the problem. You may have to convince retailers and bankers that they cannot ignore the problem, because the costs to the community are too great and, in the long run, the stores and banks themselves suffer. Finally, you will need to advise them on preventive measures they can take to reduce the problem.
It is important that responses be selective and based on a thorough understanding of the particular circumstances. For example, fraudsters often target high-priced electronic gadgets and appliances because they promise more cash.[34] Or, it might be better to concentrate on preventing check and card fraud by casual offenders, who are easier to deter, than to focus on the much smaller number of "professionals," who are harder to defeat. Again, such choices depend on your local circumstances. In framing advice, you must think carefully about the nature of the risk, which varies greatly depending on the kind of store and goods offered; the types of cards accepted; the store’s check-cashing policies; and the store’s or bank’s marketing practices. These factors determine the nature of the remedies. Department stores with huge turnovers of expensive goods can afford to spend much more on security than small retailers can, and their corporate headquarters often dictate security procedures.† In all cases, you must appreciate stores' need to make a profit. It cannot be emphasized enough that the success of your efforts will depend heavily on how well you can convince local retailers that improved security procedures can and do increase the bottom line. In making your case, you may need to
- Calculate the likely cost of measures such as installing a computerized customer database and issuing customers ID cards for check cashing
- Convince retailers that they can recoup the cost of increased security through reduced losses from fraud (e.g., item replacement, profit, and lawsuit losses)
- Coordinate services by a local security company, or fraud protection company, to offer discounts to local retailers on products that assist in antifraud procedures
- Enlist the support of the local Chamber of Commerce or other business organizations in persuading business owners to improve security
- Brief (with care) the local media on the problem and the proposed solutions.
† Most large retail stores now have standard antishoplifting technology, such as item tagging, tracking, etc. However, such technology cannot prevent card fraud at checkout. People commonly do not notice their credit cards are missing until a day or more after their loss. Unlike shoplifters, card fraudsters are in no immediate risk of being detected or of setting off alarms. Thus it may be expected that, as technology makes shoplifting more and more difficult, thieves may turn more to card fraud.
Working with Businesses
1. Raising responsibility awareness. As noted, many card issuers and banks do not hold cardholders liable for losses if their card is lost or stolen. Nor, in many cases, do they hold the merchant who accepts the card liable. Similarly, although merchants and banks incur losses from bad checks, they are reluctant to implement the security procedures necessary to prevent these losses, because they believe customers (especially regular customers) are “turned off” by being asked for ID. Yet research has shown that simply requiring two forms of ID for check cashing can significantly reduce the rate of fraudulent checking (see response #3). You must convince card issuers, banks, and merchants that any monetary losses due to fraud are serious losses both to them and to customers (who, of course, eventually bear the ultimate loss through higher prices and higher card interest rates). Perhaps worse, though, is the harm done to the community when identity theft is part of the fraud, because of the loss of trust it causes.‡ All parties concerned must be convinced of their responsibility:
- Merchants and bankers: to adopt antifraud procedures
- Card issuers: to adopt marketing techniques that do not offer opportunities to potential fraudsters
- Customers: to take security precautions with their cards (e.g., understanding secure online purchases, awareness of common scams to obtain card information).
‡ The 2000 British Crime Survey (Home Office 2000) found that 50 percent of respondents reported being fairly worried or very worried about credit/bankcard fraud—more than for mugging/robbery or physical attack.
2. Increasing the reporting of fraud. You should try to persuade local retailers and bankers to report fraud so that you can get some estimate of both the extent and the pattern of the problem. Most financial institutions require consumers to file a police report of the incident for record; however, it is important for the police department to treat this as a crime, not just a courtesy or non-victim offense. Capturing specific details about the offenses (e.g., time(s) of offense, method detected, type of card, financial institution, quantity of loss, location of purchase) can assist in identifying specific preventive efforts for action, rather than merely adding information to police records. You must also consider a strategic communication plan to handle perceptions of merchant reputations and increased reporting of fraud. Unless there is an active and positive program linked to reporting fraud, negative publicity can easily ensue.[35]
3. Verifying checks, cards, and users. Check and card manufacturers have introduced an impressive array of technological features that make counterfeiting or alteration very difficult. However, two significant facts work against them:
- Committed counterfeiters can easily match technological developments because all the equipment they need is relatively cheap and widely available on the Internet.
- Counterfeit checks and cards do not need to be all that good. They just need to get by what is usually only a cursory or inadequate checkout inspection.[36] Even amateurs who simply need a small amount of cash quickly to buy food or drugs can often avoid detection at checkout.
Thus, while local police may not be able to get at the source of many counterfeit cards, they can do something about where counterfeit cards and checks are used (checkout), if they work with the merchants concerned.
You can do much to inform merchants about modern verification procedures, particularly small businesses that, unlike large retail chains, may not have ready access to account and cardholder databases. Many police department websites offer lists of specific actions merchants can take to detect check and card fraud at checkout. In general, sales clerks must do the following:
- Verify that the person offering the check or card is the account holder. Sales clerks typically do this by checking the customer’s signature or another form of identification. Unfortunately, it is widely known that a signature alone is a very poor verification of customer identity. So there is a very high probability (over 60 percent) that someone using, say, a stolen check or credit card will get away with it at checkout.
- Limit the amount of sale allowed by check. Small businesses can be an attractive target for fraudsters, yet the financial loss (regardless of actual dollar amount) can significantly impact business. Restricting the amount of a sale by a personal check can deter a fraudster and minimize any potential loses.
Researchers have shown that adding simple security procedures can significantly reduce check and card fraud. In one U.S. study in a retail store,[37] a system that used picture IDs of customers who paid with credit cards reduced fraud by over 80 percent. Furthermore, retail stores (especially supermarkets) have found that customer databases that issue customers ID cards can also be used as an effective marketing tool to advertise special sales and promotions. A study in Norway[38] showed that legislation requiring people to show two forms of ID when cashing checks reduced check fraud by over 80 percent.§
§ Since the late 1990s, U.S. retailers have increasingly required a customer thumbprint (using special invisible ink) to accept checks. Some police departments provide the ink for free to local retailers. However, unless police work closely with retailers, retailers may fear this requirement will have a negative effect on customers, who may consider it an invasion of their privacy (even though the print is used only if the check turns out to be fraudulent).
While these simple measures seem obvious and commonsense, if you visit any retail store and observe the security procedures for verifying checks or cards, you will see that sales clerks rarely or only casually use the ones described here. As noted, merchants often do not implement such procedures because they fear the negative effect they may have on sales. There is, however, no research to justify this view—although there is research that suggests that checkout delays do reduce sales. Therefore, you must take these concerns into account if you try to get local merchants to change their security procedures. Simply informing them about security possibilities is not enough. To avoid the negative effects of checkout delays, a carefully planned system has to be developed. This may require the input not only of the merchants, but also of security experts.
The recent implementation of EMV card technology within the United States may also impact the perceptions of merchants and consumers. It should be noted that will the transmission of the financial transaction is encrypted, this does not prevent against fraudulent use of cards. The EMV technology encrypts the transmission of the consumer’s information, merchants’ information and bank information, which is intended to protect against cyberattacks and data exfiltration attempts by hackers. While the replication of an EMV card is more difficult for fraudsters, the technology has been replicated in fraudulent cards and other alterations to the card technology has been used to allow sales or ATM withdrawals to occur.[39]
Finally, an evaluation of the program’s effectiveness must be built in to show that the savings from frauds prevented more than offset the cost of implementing the program. Without this assurance, retailers are unlikely to adopt security procedures.†
† A simple, inexpensive, and quick procedure that can be done without checkout delays is to use black light to check for counterfeit cards. All major cards (MasterCard, Visa, American Express, and Discover) contain images that are visible under black light. The Troy (N.Y.) Police Department has successfully implemented this procedure.
4. Training checkout staff. As noted in the previous response, introducing new technology and procedures to identify illegal credit card use or fraudulent check cashing will be of little help if the staff who are required to check IDs are not trained to do so effectively. Ideally, a combination of technology (e.g., biometric techniques) and procedures that make identity verification independent of sales clerks’ judgment would be the solution. Both the introduction of PINs and biometric techniques have shown initial impacts to point of sale fraud transactions; however, the endurance of these programs by merchants, or the consistency among checkout staff over time, varies and can allow fraud to occur.40]
In the meantime, there are three important ways you can help businesses train staff:
- Work with business associations or specific businesses to play a role in their training of new and continuing staff. In training sessions, you should work to raise staff’s responsibility awareness (see response #1), for you can be assured that if the general business attitude is that card fraud is simply a cost of doing business, that attitude will show in the everyday practices of checkout staff.
- You should also inform staff of the known methods of check-cashing fraud and illegal card use that involve collusion with sales clerks, and inform them of the dangers of participating in such offenses. Keep in mind that, by various estimates, some 50 percent of “shrinkage” (loss of stock in a retail store due to any cause) is attributed to employee theft. For this reason, if a business has an especially serious fraud or theft problem, it may be advisable to install closed-circuit television (CCTV) cameras at checkouts. This step should, however, be a last resort, because CCTV requires carefully planned and defined implementation, usually requiring the services of an experienced security professional for installation and, especially, evaluation.[41]
- You should encourage the merchant to conduct—and, where legally appropriate, you should assist with—background checks on new employees. The U.S. Chamber of Commerce estimates that some 30 percent of all business failures result from employee theft. If businesses hire honest employees, then the risk of collusion with customers at checkout is obviously less.
- Encourage collaboration between local businesses, regional financial institutions or banking groups and information security groups to ensure there is a local focus and communication on fraudulent trends and vulnerabilities (e.g., Association of Certified Anti-Money Laundering Specialists (ACAMS), Association of Certified Financial Crime Specialists (ACFCS), information security meetings).
As with other responses in this section, you will need to gain a considerable amount of trust from businesses—and, where appropriate, security professionals—to participate in staff training. You must make your role and goals very clear to businesses, so they know you are not out to find something amiss in their business practices.‡
‡ Unfortunately, there are merchants who set up bogus companies to collude with co-offenders to process fraudulent purchases made with credit cards, or to defraud honest cardholders. Merchant-alert databases have been successfully used in the United Kingdom to identify fraudulent merchants and warn honest cardholders of possibly risky locations and businesses (Levi and Handley n.d.).
5. Reducing card application fraud. By far the biggest contributor to application fraud is the huge volume of invitations to apply for cards sent out in the mail every day, and available on the Internet. Fraudulent applications are very easy to complete using false personal information.[42] In general, local police cannot do much about this—it is a problem of national and international proportions. However, there are three types of local card application fraud:
- Getting new cards using a stolen identity
- Intercepting card renewal mail or other mail that contains a person’s identifying information (some postal employees have done this)
- Surveilling mail delivered to vacant houses, such as those for sale, or obtaining credit card applications by not forwarding mail to a previous resident. (In this case, you can work with real estate agencies and the post office to ensure that card renewal letters reach their proper destination. Since vacant residences may be located in several different mail-delivery areas, coordination with the post office may be very difficult.)
6. Using information to fight online card fraud. Offenders make online or telephone card-not-present purchases from retail stores that are most likely out of state or even abroad, beyond local police jurisdiction. A significant amount of card application fraud also occurs when people apply for cards either online or by telephone. As distant as such frauds may seem to local police, the fact remains that they are committed by people who live in particular jurisdictions, and at the other end, fraud victims, whether merchants or individual cardholders, also live in particular jurisdictions. Depending on your department’s resources (some large departments have specialized fraud and electronic-crime squads), you can take some practical steps (limited though they might be) to counteract at least the effects of fraud, and perhaps prevent some of it from occurring. You can do this by using the most powerful tool available in the 21st century— information:
- In 2002, the FBI set up a computer crime squad that has considerable technical and prosecution capabilities. The U.S. Justice Department also issues updates on current frauds and scams, and on where they are occurring in the United States.
- Check with the major online websites that specialize in collecting information about frauds and scams in general, credit card frauds, and other fraud-related crime that occurs on the Internet. Many sites provide useful information on how to identify various frauds and how to protect against victimization (see list in box).
Useful Internet Sources
- Association of Payment Clearing Services: https://www.wearepay.uk/who-we-are/our-organisation/
- Association of Certified Financial Crime Specialists: https://www.acfcs.org
- Better Business Bureau: www.bbb.org/
- CERT/CC. Carnegie Mellon University repository of reported hacking incidents: www.cert.org/stats/cert_stats.html
- Credit Federal: www.creditfederal.com/credit-card-fraud-prevention.htm
- Crime Prevention Service: http://crimeprevention.rutgers.edu
- FBI National Computer Crime Squad, through the Washington Field Office: email nccs@fbi.gov, or call 202.324.9164
- FBI Cyber Crime information page: https://www.fbi.gov/investigate/cyber or White Collar Crime information page: https://www.fbi.gov/investigate/white-collar-crime
- FBI Washington Field Office: www.nipc.gov/sites/ipcis/ipcis.htm
- Federal Citizen Information Center: www.pueblo.gsa.gov/scamsresources.htm
- Federal Communications Commission, Consumer and Governmental Affairs Bureau: www.fcc.gov/cgb/information_directory.html
- Federal Trade Commission: www.ftc.gov
- Financial Fraud Enforcement Task Force: https://www.fincen.gov/financial-fraud-enforcement-task-force-ffetf
- Netcheck.com: www.netcheck.com
- US Department of Justice: https://www.justice.gov/criminal-fraud/report-fraud
Most states have websites for their attorney general’s office, many of which provide updates and advice on current and past scams.
- Because of the risks involved in maintaining massive online databases of individual cardholder information, businesses should (and increasingly do) develop and clearly publicize a privacy policy to ensure their customers that their personal information is safe, and will not be used for any other purposes except purchases. Small local businesses can increasingly accept credit card payments online as web-purchasing software becomes cheaper and easier to install on small websites. You can help local businesses by providing any available information on privacy policies and procedures. This may involve simply providing website addresses as part of maintaining a productive working relationship with local businesses. You should not assume that businesses, especially small ones, are well acquainted with such information, since many hire website developers to design their websites and may have limited knowledge of the risks involved in web retailing.
- As an information provider, you may be able to help small businesses get connected to services that maintain databases of card-use patterns. Currently, the major card issuers (e.g., Visa, MasterCard, and American Express) provide this service, which analyzes card use and detects any abnormal patterns. This service has significantly reduced card fraud by not only flagging unusual card use,§ but also errant merchant processing. Stores that issue check-cashing cards could also use this service.
§ Visa claimed card fraud reductions of up to 20 percent after it introduced software that detected unusual spending patterns (Maremont 1995).
The obvious difficulty with this response is that it does not focus as much on a specific crime as is usual in problem-oriented policing, but instead entails a more general approach of enhancing police-business relations. Thus, although it may help in implementing some of the other responses described in this section, it may be difficult to evaluate its specific effects on online credit card fraud.
7. Tracking products. Legitimate cardholders sometimes use the following techniques to commit online card fraud:
- They deny having made a purchase and insist the item was not delivered.
- They say they made a purchase (it was charged to their account), the item was not delivered, and they want a refund.
In the first case, local police can do very little. But in the second, they might work with delivery companies to locally track items bought online. Tracking technology is common for retail and other business, and it is certainly at the operational core of USPS, UPS, Federal Express, and other delivery companies. Small transmitters are rapidly replacing bar coding, the most pervasive tracking technology of the late 20th century. These transmitters can be placed on retail items (they have proved particularly effective in reducing shoplifting),[43] vehicles (including delivery vehicles),[ii] pets, livestock, and even people. They can be programmed to hold substantial information and to transmit location. Such devices make the recovery of stolen items much easier and can precisely track the delivery of products. Indeed, some companies already provide this service for stolen cars and trucks.[44] Because of the massive increase in online retailing, many more products are delivered to the home, creating opportunities for theft during shipping. The following are ways you can help businesses verify product delivery and detect possible card fraud:
- Work with Neighborhood Watch and local delivery companies to ensure that deliveries to residences where no one is home are left in safe places. Using focused Neighborhood Watch programs is one of many ways to ensure safe deliveries.[46]
- Fraudsters claiming non-delivery may give a bogus address (perhaps that of a vacant house) to get the item. Working with real estate agencies (see response #5) to track vacant local residences may help reduce such opportunities.
- Work with local retail chains from which customers can purchase products online. Credit card fraudsters commonly return items to the store for a refund. Patterns of product return and cases of excessive returns should be monitored.
The amount of card fraud committed through non-delivery claims is probably quite low, though there are no data to support this assumption. There may be high rates of product theft from delivery vehicles in some densely populated urban areas.[47] You may have to balance your delivery-monitoring efforts against competing demands on police time. But bear in mind that your responses to delivery theft may also work in reducing other crimes, such as selling stolen goods, returning stolen goods for refunds, and shoplifting.
8. Raising perceptions of wrongdoing and risk. Reminding would-be shoplifters that shoplifting is a crime and warning them that they will be prosecuted can help reduce shoplifting.[48] Stores commonly post signs to that effect. As noted above, making purchases via check or card fraud is a form of shoplifting, but with much less risk. A simple sign such as “WE REQUIRE ID FOR CHECKS AND CARDS” indicates that the business takes IDs seriously. Sign placement may depend on a store’s particular patterns of theft, procedures for processing check and card payments, and ways of dealing with customers. Putting up a sign costs very little, and monitoring its effectiveness is relatively straightforward. Of course, this presumes that stores keep records of check or card fraud incidents.
Community Partnerships
9. Educating cardholders. Although cardholders are not liable for losses if their credit cards are lost or stolen, they may be liable for many other card-related thefts. And if their entire identities are stolen, they may suffer considerable financial loss. Customer education concerning practical precautions to avoid identity theft, including credit card and bank account access, may contribute substantially to preventing fraud. These precautions may include:
- Carrying only a minimum of cards in high-risk neighborhoods
- Covering the keypad when punching in a PIN at an ATM, or a card number and PIN on a telephone, to prevent a passerby or cameras from seeing your number
- Never giving out personal information (e.g., Social Security, credit card, or bank account numbers) over the phone to telemarketers or anyone claiming to be collecting money for charity
- Never responding to online requests for personal or card information unless they are on a trusted website
- Never buying from an online retailer unless the website has “https” in the URL, to include the green padlock emblem on all pages, to ensure your transaction is encrypted and secure
- Never leaving credit or bankcards in a vehicle, whether locked or unlocked (these are among the most common items stolen from cars)[49]
- Never letting anyone (including family members) use your debit or credit card, or know your PIN
- Watching carefully how sales clerks process your credit card and, if the store still uses mechanical card-processing devices, making sure that copies of receipts are destroyed
- Not using publicly accessible computers (e.g., in libraries or Internet cafes) to make online purchases, because hackers may retrieve your personal data.
Who should tell cardholders about these precautions? Local police do not have the ready access to customers that merchants and card issuers do: it is much easier for merchants and card issuers to provide crime prevention information along with customer bills and statements, or on ATM welcome screens. However, police have taken proactive steps to inform their residents through websites, social media (e.g., Twitter, NextDoor) or newsletters.[50] While past programs have focused on senior citizens, or youth/young adults, the majority of card fraud occurs among people ages 25 to 64 years of age (see Figure 2).[51] Here are some strategies for increasing awareness among groups within your community:
- Set up educational programs to give talks to senior citizen groups and high school students about fraud trends and how they can protect themselves
- Work with local universities to push out fraud awareness campaigns among students (particularly during campus events that solicit students to get credit cards)
- Hold information sessions at local recreation centers or athletic clubs to reach adults that may otherwise not attend other community held events.
Of course, the effectiveness of these programs will be difficult to measure, since it requires a broad approach directed at affecting future behavior.
Figure 2. Victims of at least one identity theft incident with financial loss in 2012 and 2014[52]
10. Publicizing the costs of fraud. Perhaps the biggest challenge in dealing with fraud is changing attitudes toward it. Offenders typically view merchants and banks as rich and able to afford losses from fraud (one of their “excuses” for breaking the law).[53] Card issuers view fraud as a cost of doing business. Police must allocate scarce resources where they are most cost-effective. It seems reasonable, then, given merchants’ reluctance to report credit card fraud and banks’ reluctance to report check and debit card fraud, for police to give such crime a low priority. Yet don’t merchants—who pay taxes—have at least some right to expect the police to “do something” about fraud when it directly affects their businesses?[54] The problem here is one of perception: who does fraud harm, how much harm does it do, and who is responsible for preventing it?
One response is to publicize what is known about fraud—emphasizing its financial and human costs, and spelling out the steps people can take to avoid becoming victims. Response #2 entailed working with businesses to increase the reporting of fraud, and response #1 suggested ways of raising responsibility awareness among merchants, card issuers, and customers. The most direct and—probably—effective way to reach all those affected by fraud is through the local media or social media outlets, which tend to be very interested in reporting on crime victims.[55] Police could write a piece outlining the costs to both victims and police: for example, it can take victims up to three months to straighten out credit problems caused by stolen identity, and may cost police up to $20,000 to investigate a case of identity theft.[56] As usual, you must take care to ensure that any publicity is linked to a planned prevention program agreed to by local business associations and merchants.
11. Collaborating with colleges. College students using campus computers have committed some of the major hacking offenses.[57] Offenders have committed other crimes, such as stalking and pornography-related offenses, using Internet cafes and public libraries. As part of your overall strategy, you might work with college computer departments, to make sure that they have established a clear and publicized policy on campus computer use, outlining users’ rights and responsibilities, and that they can track computer use if a hacking incident is traced to the campus. In addition, colleges are increasingly adopting “smart” cards that students use to charge meals and buy items from campus stores. You should work with colleges to make sure they have taken precautions to prevent fraudulent use of such cards and, if possible, work with campus security to educate students about fraud prevention. There is some indication that a fraud prevention program may work best if combined with programs to prevent other common campus crimes,[58] such as shoplifting and mobile phone theft. Bear in mind, though, that different colleges have different traditions and policies regarding local police participation in crime prevention. They also carefully guard information about crimes occurring on or near campus, for fear that publicity may adversely affect college applications. You should be sensitive to this issue and be aware that collecting the necessary information or data to measure the effectiveness of crime prevention programs may be difficult.Enforcement
12. Monitoring fencing outlets, pawnshops, and online auctions. A major problem for check and card fraudsters is converting goods into cash. At the local level, you can be sure that the existence of fencing outlets may substantially contribute to fraud and to retail theft, in general.[59] Thus you should monitor any known outlets, as well as monitor the flow of new items into pawnshops and the sale of goods through online auctions. Local regulations for pawnshops and their collection of transaction data can assist investigations in identifying organized rings of fraudsters; however, the common use of pawn shop data bases (e.g., LeadsOnline, PawnMaster) in legitimate pawn shops may deter fraudsters. The majority of auction websites now list the sellers’ locations—though these tend to be broad regions. However, since research has shown that card fraudsters tend to operate some distance from home,[viii] the broad regional information is probably accurate enough. To make monitoring the sale of stolen goods of use in preventing fraud, you will need to have a close working relationship with retailers, so that you can track the items.13. Monitoring chat rooms, bulletin boards, and bogus websites. Response #12 included monitoring online auctions for sales of stolen goods. You may also monitor chat rooms (e.g., 4chan, ICQ), bulletin boards, information posting websites (e.g., Pastebin.com, Backpage.com, Craig’s List) and social media forums (e.g., YouTube, Facebook) where people discuss acquiring counterfeit or stolen cards, hacking into databases containing card information, and committing card fraud. It is not difficult to join these chat rooms and bulletin boards, and given the anonymity the Internet allows, it is relatively easy to conduct “undercover” surveillance of them. Unfortunately, finding out users’ location is difficult without the help of Internet service providers (ISPs) or computer crime specialists.
Phishing, corporate account takeover and other email scams are a large entry point for fraudsters. In 2015, an Omaha, Nebraska commodity company lost $17 million as a result of an email scam among employees.[61] In 2016, the FBI reported multiple businesses fell victim to the “CEO Fraud” scam, resulting in a $2.3 billion-dollar loss across several businesses.[62] These scams change often, in order to further collect private information on individuals and businesses. Here are a few websites that track latest scams and inform consumers quickly with techniques and preventative measures:
- Fraudwatch International - https://fraudwatchinternational.com/
- Arstechnica - https://arstechnica.com/
- The Swiss Security Blog - https://www.abuse.ch/
- Dark Reading - http://www.darkreading.com/
Again, unless you have help from an ISP or a computer crime expert, you may have difficulty determining the location of the people operating the scams. As suggested in response #6, you should keep in close contact with nearby police departments that have specialized computer crime departments, local bank Financial Intelligence Units, and the relevant state and federal agencies that monitor Internet fraud. You can also check with the Better Business Bureau or other local consumer-reporting agencies to find out if there have been scams in your area.
14. Targeting high-risk merchants. Rates of check and card fraud vary enormously, both between different chains and between stores in the same chain. One study reported that recoveries per fraudulent check ranged from approximately one in 268 for one large chain, to one in 24 for another in a similar line of business.[63] You must develop a systematic way of collecting fraud information, so that you can identify high-risk merchants in your area. If collecting incident data is initially impossible (and it probably will be), you should try other avenues such as working with business associations to get a rough idea of which businesses are victimized most. It is likely that offenders target particular types of stores (such as large electronics stores, or higher end stores for card fraud, and supermarkets for check fraud). Or they may target particular stores because they are considered “easy.” Using crime mapping,[64] perhaps with assistance from specialized task forces in the region or from larger police departments nearby (see next response), may also help in identifying high-risk merchants. Once you have identified them, you should try to build a working relationship with management to implement fraud-prevention measures.15. Getting help from experts. If your police department is in or near a big city, you probably have access to a variety of experts who can help you. These may fall into several categories:
- Professional security consultants. These experts specialize in areas such as product scanning and tracking, checkout fraud, CCTV, card authentication, employee screening and training, and check verification. You can find them through a simple web search.
- Specialist police units or individuals. Some police departments have specialist units or individuals who conduct fraud investigations. However, the extent to which they address fraud proactively (with prevention in mind) rather than reactively (from an investigative viewpoint) is not known. Unless these units or individuals adopt carefully planned preventive programs, they may find themselves inundated with incident reports from merchants who see the police as the solution to their problems.[65] For example, a 1995 Scottsdale (Ariz.) Police Department program successfully addressed a serious case-backlog problem in the check fraud bureau by adopting a team approach to working with local merchants.[66] Many police departments in the United States and elsewhere have special antifraud programs, though they vary considerably in sophistication. A web search will reveal hundreds of such programs, though few with a problem-oriented approach.
- Regional or national squads. Some check and card fraud is of a regional, national, or international scope. For example, credit card counterfeiting and distribution operations reach from Southeast Asia to North America and Europe, requiring highly focused and specialized squads to track down the perpetrators and identify their manufacturing and marketing systems.[67] Nonprofit groups like the National Cyber-Forensics & Training Alliance (NCFTA) work with the FBI and private businesses to monitor Internet scams and network defenses to detect, deter and disrupt financial hackers and fraudsters. Their Cyber Financial Program focuses specifically on card fraud and methods to inform regional businesses of risks based on current trends (visit https://www.ncfta.net/ for more information or local contacts). The Financial Fraud Enforcement Task Force (www.stopfraud.gov) may also be of assistance in educating your community and reporting types of fraud trends in your region.
Responses with Limited Effectiveness
16. Conducting crackdowns. There are some difficulties with crackdowns. If, by “crackdowns,” we mean intensive campaigns to publicly catch and arrest perpetrators of check and card fraud,† then we face a serious problem in police-business relations. This is because retailers, and even bankers, have a longstanding belief that a strong police presence on or near their premises, especially when arrests are likely, contributes considerably to negative customer attitudes that translate into decreased business. The reluctance of merchants to use thumbprints to verify ID, even when strongly pressured to do so by police, illustrates this problem.
† If crackdowns are to work—and they do in some cases, for some crimes—they should be carefully tailored to work with the other responses described in this guide. See the POP Guide on The Benefits and Consequences of Police Crackdowns.
17. Implementing business watch. The popularity of Neighborhood Watch has spawned some attempts to use that approach for businesses. However, unless business watch is clearly oriented toward solving a specific problem (e.g., the reduction or prevention of check fraud at supermarkets), in contrast to reducing business crimes in general, it is likely to fail for want of focus, enthusiasm, and participation. Business owners must have specific crime-prevention goals if they are to devote the time and effort needed to make the program work.[68]
18. Handling offenders through means other than the criminal justice system. Check and card fraud offenders who are reported to the criminal justice system tend to receive a low priority in processing, resulting in extensive case backlogs.[69] Rather than formally report people who commit crimes against businesses (e.g., shoplifting, drug- and alcohol-related misdemeanors, vandalism), many jurisdictions opt for informal procedures, issuing warnings to offenders, requiring that they compensate their victims, and/or requiring that they get counseling. These alternatives to the regular criminal justice system are usually reserved for juveniles and depend heavily on community—and, in the case of shoplifting, business and shopping mall security—involvement. No research exists on whether these alternatives would work for check and card fraud, nor has research established the extent to which juveniles are involved in such fraud. What data are available suggest that check and card fraud offenders tend to be adults, with an occasional preponderance of drug users and college students. However, without research that examines the entire range of behaviors that make up check and card fraud, it is difficult to predict whether any criminal justice or quasi-criminal justice procedures that effectively address shoplifting could also be applied to fraud.
19. Conducting publicity campaigns. We have recommended establishing educational programs to help people avoid being fraud victims (response #9), and publicizing the economic and human costs of fraud (response #10). These responses must be part of a broader business and community initiative, not solely a police initiative (as with “lock your car” campaigns). In fact, a study of a Stockholm, Sweden campaign failed to demonstrate any measurable effect on the rate of theft from cars. The campaign looked more promising, however, when combined with security measures such as environmental changes to enhance natural surveillance.[70]