Sunday, June 29, 2014

Effective Fraud Origin Detection

The world needs a centralized place to collect unauthorized cardholder transactions. Currently issuers, bank transaction companies, acquirers, retailers, and cardholders do not have a single place to report suspected or confirmed attacks on cardholder accounts. Europe has a better handle on the problem than the US because European issuers must report number and method of cardholder losses (although recently the Fed conducted a survey to get the same data from the US retail payment industry).  Data is nice but quite worthless if it cannot forestall future attacks from the same perpetrators.

I believe I can create a fraud clearinghouse with little or no money, and I might do so if I have a couple of weeks to build it. The fraud clearinghouse I envision is simply a database that collects the following data from cardholders suffering unauthorized expenditures from their accounts:
  1. Name and Address of Retailer, or URL, where unauthorized expenditure occurred
  2. Name and Address of Retailer, or URL, used 30 days prior but not often by cardholder
  3. Dates, times and amounts from 1 and 2 listed above
Look for statistically relevant intersects, find them and report the suspected thefts to the locals.  Once retailers and authorities discover a point of card data intercept on the down low while the attack is in progress, then the game of spy vs. spy can begin earnestly.

Of course if I build a clearinghouse, it might not have the public weight of an institution or firm such as a central bank or a group of central banks. Accurate and statistically valid responses from cardholders do not need to include more data than that listed above in the 3 data elements. More data, regardless of the temptation, may discourage participation, which is the primary ammo for this counterattack.  Requiring the payment system industry to report this data defeats a primary goal, making cardholders aware of their responsibilities to keep payment system costs down by keeping costs for the crooks high.

Next Blog: Events and payment hubs

No comments:

Post a Comment