Monday, July 28, 2014

Attack Agents

This is the second and last blog specifically for fraud investigators detecting attacks on needs based payment system. I do not like to address one specific audience or one specific type of attack in this series of blogs because I like sleeping attackers. However, “no-seeums” prevalence within the needs based payment infrastructure requires special attention and I’m a special kind of guy.

I define the “no-seeums” attack as an attack on a payment system that investigators do not detect. Good folk recognize typical attacks on payment systems because other good folk report the attacks. No one ever reports a “no-seeums” attack because the victim is not party to the transaction. The only way to detect a “no-seeums” attack is with a behavior filter.

The most common “no-seeums” attack for needs based payment system is the false retailer. False retailers claim funds by presenting themselves as part of a large settlement stream to national retailers. In the SNAP community the behavior detection filter for this attack relies on STARS data collected by FNS. However, deploying a behavior detection filter for “no-seeums” without an evasion detection filter will do more harm than good.

Next Blog: Will hybrid payment settlement suffice for the bum’s pocket?

No comments:

Post a Comment