Fraudsters exploit multi-million pound crack in card fraud protection system Wednesday 11 June 2008 PDF Print A system designed to help protect retailers and consumers from credit card fraud is now being used by fraudsters to steal goods from retailers, according to fraud protection specialists the 3rd Man. The potentially serious flaw in the system, which fraudsters are already exploiting and could result in millions of pounds of card crime, was spotted by one of the 3rd Man’s fraud analysts as she was monitoring daily card transactions on behalf of a retailer. Address Verification System (AVS) is used by credit card companies and banks to verify the identity of a person claiming to own a credit card. AVS checks the billing address of the credit card provided by the user with the address on file at the credit card company. It works by matching the house number and postcode numbers for each card issued. For example, 43 Crooks Close, B10 7GB would result in an AVS number of 43107. With retailers like Cotton Traders and TK Maxx having their customer databases hacked, fraudsters can simply obtain card details and use them for personal gain. “What we’ve observed is that fraudsters are now compromising and using card details where the genuine cardholder’s address numerals exactly match the address they want delivery to,” explains Andrew Goodwill, Director and fraud expert at the 3rd Man. “So, not only are they obtaining goods fraudulently, they have them delivered to their chosen address. “This is a serious problem, one that fraudsters have not only cottoned onto but are exploiting in significant volume. Retailers relying on AVS, or where a retailer will only deliver to the billing address, are facing a potentially huge risk.” Internet and mail order retailers often rely on AVS matches to help them determine that the order has been placed by the card holder. By using compromised cards and address details fraudsters can virtually guarantee that although the transaction appears genuine, the retailer actually has no realistic way of verifying the correct address details. The Security Code check is also useful, but again has been compromised in these recent frauds. “Another method of security is for the merchant to sign up for Verified by Visa or MasterCard SecureCode,” explains Goodwill. “However, this is also open to compromise as when a fraudster finds card details that have not been registered by the cardholder or 3D Secure the fraudster will simply register the card themselves, using a password of their choice. “If this trend continues and nothing is done about it, we will have multi million pound losses to UK business and banks. “More needs to be done to encourage retailers to engage with specialist fraud screening companies who detect irregular behaviour and will review unusual transactions manually. These frauds are usually detected.” In April 2008, the 3rd Man issued statistics which showed that CNP fraud in the UK is higher than official statistics suggest1 and is in danger of getting worse. Over £500 million of fraud was attempted during 2007. This information supported a BBC investigation into card not present crime. Ends Editors notes 1APACS reported that CNP fraud in 2007 was £290.5 million, an increase of 37% on 2006. This was the figure on UK issued cards only and excludes losses on non UK issued cards. The 3rd Man’s SuperSearch data sharing service has detected over £40 Million in attempted frauds this year to date. Shared data is important and detects around 30% of all attempted frauds. This figure will increase as more retailers join shared data schemes. Similarly the banks are invited to join in with the SuperSearch initiative, a move that will significantly hinder fraudsters. Press contact Glen Goldsmith 2thefore Tel: 01483 811234 / 07812 766338 Email: firstname.lastname@example.org Paul Simms Managing Director The 3rd Man Tel: 01276 856444 Email: email@example.com Andrew Goodwill Director The 3rd Man Tel: 0870 874 4999 Email: firstname.lastname@example.org About The 3rd Man Group - www.the3rdman.co.uk The 3rd Man provides card not present fraud screening, card fraud analysis and consultancy services to some of the UK’s leading retailers, including Argos, Halfords, Woolworths and Ticketmaster. The 3rd Man reliably detects in excess of 95% of fraudulent attempts including organised and casual fraud. The 3rd Man also provides its GateKeeper secure online data reporting and analysis tool that enables clients to search for and display transactional information instantly, performing complex analysis to identify fraud rings quickly. Sharing data - SuperSearch SuperSearch is a screening service which is used by retailers throughout the UK. It works by providing retailers and banks in any location with a reciprocal connection to fraud screening services. When a transaction is rejected because an attempted fraud is detected, details provided by the suspected fraudster are made available anonymously to all users. Retailers and banks may then take action to prevent further incidences of fraud, not just in the UK but worldwide. The service works by enabling retailers to share information about fraudulent activity. This information is available to banks upon their application. CNP Forum The 3rd Man’s CNP Forum Card is designed to help retailers and other groups involved in the fight against card crime. CNP Forum, which has at its core a secure portal for sharing information – www.cnpforum.com – enables retailers and special interest groups, such as the banks and police, to share data and collaborate. This press release was distributed by ResponseSource Press Release Wire on behalf of 2thefore in the following categories: Men's Interest, Women's Interest & Beauty, Consumer Technology, Business & Finance, Education & Human Resources, Media & Marketing, Retail & Fashion, Public Sector, Third Sector & Legal, Computing & Telecoms, for more information visit http://pressreleasewire.responsesource.com/about.