What came first, the fraudster or the fraud?

Written by DataCash

In the aftermath of the recent elections we are seeing a shake up throughout all local and central government departments and public sector bodies. Cuts in costs, inefficiencies, unnecessary programmes and lower priority budgets are a reality. On top of these increasing pressures is the need to grow trust and support amongst key stakeholders, most important of which the public, in an uncertain time.
    
One area where massive advances have been made in recent years, are the methods by which citizens and businesses transact with the public sector. Although still preferred by some, the traditional ‘paying over the counter’ methods for the payment of council tax, parking fines and housing rents have given way to other more high tech solutions, driven largely by the growth of the internet. In the last 10 years the number of citizens electing to pay their council tax online has grown from around 800 people to over 2 million. In order to provide convenience, flexibility and wide accessibility to citizens, public sector organisations are now expected to provide a wide range of payment channels from the internet, to mobile phone and interactive TV while also accepting a varied selection of payment types from standard credit and debit cards, to online cash alternatives and additionally eWallet solutions such as PayPal.

Fraud threats
So, if a public sector organisation achieves a multi-channel, multi acceptance payments strategy is this a tick in the box for them in terms of keeping their stakeholders happy? Unfortunately not. Fraud is one very real threat to any business, and there is no reason why the public sector should see itself as exempt from this, with fraud on council tax alone now estimated in excess of £200million per annum. With new technologies come new issues, as payments migrate to new channels driven by developments in communication and technology, the payments related fraud faced by organisations also evolves.
    
Current fraud challenges for the public sector, highlighted within a report by the National Fraud Initiative (NFI), include housing tenancy fraud, benefit fraud, recruitment fraud, bogus insurance claims, blue disabled parking badge fraud and so the list goes on. Although, undoubtedly important to understand the types of fraud that are taking place, we see the more fruitful challenge as taking one step back from this and looking at the characteristics of the fraudster, and how they exist and operate, in order to achieve real prevention and results.
    
In our experience organisations should be on alert for Fraudsters who fit neatly in to one of three categories:
    
Persistent fraudsters are the people who operate in very effective, professional fraud rings, who understand and prey on the points of the vulnerability within any organisation. Their activity is rarely confined to a vertical sector, it could move from gaming to telecoms, from retail to travel and just as easily to the public sector, the fraudster doesn’t change, just the details that they provide. The activity of these serious and persistent fraudsters, is very often linked to other criminal activity and poses a very costly threat to any organisation. Your solution must provide the ability to monitor and act on previous fraudulent activity – felt by your organisation or others.
    
Opportunists:
Fraud in this case is not undertaken by habitual criminals, but instead savvy individuals who understand systems and who might find themselves with an opportunity as a result of a data breach, for example. As well as the general public, this category of fraudster is also pertinent to staff members of an organisation who are in a position of responsibility and have access to data – another costly threat, with additional high risk in terms of reputational damage. A solution here needs to take in to account systems monitoring and mismatches in common data fields – for example card details that are not usually registered to the given name, address or IP address in use.
    
A rapidly growing category of offenders is ‘friendly fraudsters’ whereby seemingly genuine citizens and customers make false claims, for example someone falsely claiming they haven’t received their blue badge in the post or in the retail world only part of their order has been delivered. Again, for a solution here you need to be considering any identifiable ‘previous form’.


Fraud strategy
For the organisation, awareness of other macro environmental drivers must also to be taken in to consideration within a fraud strategy:

    
So called ‘Silver Bullet’ solutions: Aware of a growth in eCommerce fraud, industry legislators and card schemes work to provide measures to safeguard genuine cardholders and organisations alike, a case in point was the introduction of 3-D Secure. Designed to authenticate a cardholder in the online world, in the same way as Chip & PIN in the cardholder present world, 3-D Secure is not a complete fix, fraudsters quickly become savvy to these systems and just adapt their methods accordingly. Therefore, this should be used as one tool amongst many for any diligent organisation looking to minimise their exposure to fraud.
    
Migration of fraud: Linked to the point above, organisations need to be aware that as the payments landscape changes, fraudsters and their techniques change accordingly – they certainly do not disappear. Awareness of internet based fraud and preventative industry measures has caused a surge in fraud amongst call centres and the telephone payment channel. Additionally the introduction of alternative payment types such as PayPal has seen fraudsters looking at ways to target these. Any solution put in place by an organisation must address this dynamic payments landscape.

Finding a solution
So what is the solution? From our experience, fraud screening transactions for over 30,000 merchants in more than 180 countries we suggest the following:
    
Appreciate the value of rich data capture and data sharing. Information is your biggest aid in the battle against fraudsters – you need a system that allows you to capture a depth of information to screen against rules that fit with your business logic. By doing so, you build a picture and understand the behaviour of the fraudsters that pose the threats to your business.
    
Learn lessons from all organisations – fraudsters know no sector specific boundaries. Fraud is a crime, perpetrated by criminals who do not usually have sector specific aspirations. To build the richest database of information, sharing knowledge, experiences and learning lessons from a wide spectrum of organisations is critical. A free ‘bad data’ sharing database such as SuperSearch can be invaluable.
    
Don’t underestimate reputational damage. If fraudulent activity occurs to the detriment of a genuine cardholder in connection with your organisation, in the cardholder’s mind the blame will fall with your organisation for not preventing the situation. In the public sector, the scrutiny is as high as in any other sector and the only way to limit this risk is to openly and actively work to prevent fraud.
    
Understand the tools that are available to aid you, how best to use them and when it becomes more efficient outsource. Transaction screening and linking, data sharing, IP look ups, device ID tools, validation services, velocity rules and matrix based rules are just some of the techniques you need to integrate in to your fraud prevention strategy to see results – the complexity of the fraudster must be combated with a comprehensive solution.

For more information
Web: www.datacash.com