1、 1 外文翻译 Credit card fraud: awareness and prevention Material Source:Journal of financial crime Author: Katherine J. Barker, Jackie DAmato and Paul Sheridon Antifraud measures: Credit and debit cards are rapidly replacing cash and check transactions for many businesses. According to a study sponsored
2、 by the American Bankers Association,between 2004 and 2006, 45 percent of US consumers reported using less cash (Smith,2007). With the change in nancial exibility and control, a new opportunity is presented for exploitation. This section describes what nancial institutions are doing in response to c
3、redit card fraud and unique card features common to MasterCard, Visa, and American Express, which are used to mitigate the risks of fraud. Financial institutions and merchants are also doing their part to protect their customers from fraud by educating them about safeguarding their identity. Educati
4、ng consumers will aid toward prevention and could save consumers the hassles and burden of destroyed credit. Features unique to Visa include the following: the rst four digits of the account number are preprinted above the embossed number; the account number always begins with a 4 and contains 13 or
5、 16 digits; micro-printing appears around the Visa logo; a large dove is visible under ultraviolet light. Features unique to MasterCard include: the account number always begins with a 5 and contains 16 digits; a unique security feature character “MC” appears next to the expiration date; the account
6、 number is indent-printed in reverse italics on the signature panel; a large “MC” is visible under ultraviolet light. American Express has a few features that are unique as well. Under ultraviolet light, the letters “AMEX” can be detected. The account number usually begins with 37 and contains 15 di
7、gits (ACFE,2007, p. 1.1027). Over the last two decades, efforts have been under way by nancial institutions and technology vendors to reduce the problems associated with credit card fraud. Visa and MasterCard launched programs geared toward verifying card ownership at the point when the cards are us
8、ed. In 1993, Visa launched its card verication value (CVV) program.Within the magnetic strip of the card, an encrypted numeric value is 2 encoded. When the cardholder uses the card to make a purchase at the POS, the terminal reads the CVV code and transmits it to the issuing bank, where the code is
9、veried. Within the rst two months of instituting this program, Visa estimated that it prevented $3.4 million in fraudulent transactions. MasterCard instituted the same technology but also included a CVC on the signature panel following the account number (Day, 1993, p. 30). The downside of CVV is th
10、at it can only protect transactions attributable to fake magnetic stripes. It does not protect against skimming. What is important with the CVV code is that the merchant has the opportunity to halt the transaction for further exploration along with the opportunity to prevent the possibility of allow
11、ing a fraudulent transaction. Visa recently developed a technology for analyzing card transactions both individually and collectively for possible fraud across its transaction process network.The technology, “Advanced authorization,” is estimated to prevent $164 million in fraud losses over the next
12、 ve years (Marlin, 2005, p. 32). The technology instantly rates a credit card transactions fraud potential for the card-issuing nancial institution. To combat non-receipt fraud, nancial institutions are now using credit card activation programs to thwart fraud by perpetrators using the postal system
13、. The institutions do not activate the cards until the customer contacts the credit card company and asks the customer for personal information known only to the cardholder. Once the information has been provided, the card is activated for use. Card activation programs are relatively inexpensive to
14、implement and can dramatically reduce the risk of the card being used by unauthorized persons (Arend, 1993, p. 91). The Anti-Phishing Working Group, which is devoted to eliminating identity thef and fraud, has reported that there were 29,930 attempts to steal passwords and important personal informa
15、tion from corporate customers in January of 2007 alone This gure was up 25 percent from December and up 5 percent from the previous record set in June of 2006 (Carey, 2007, p. 37). In the year ending May 2005, these types of schemes cost credit card issuers and banks about $929 million, of which the
16、y absorbed 90 percent of the losses (Mitnick, 2005). A new technology, “TimeDiff Linking,” has been developed by the 41st Parameter in 2005 to thwart this type of fraud. It works by correlating login data, computer data and customer data to build a ngerprint of the perpetrators device in real time (
17、Mitnick, 2005). In building the parameters, a prole is created which can then be used to quickly pinpoint repeat offenders and build a stronger defense 3 against all the different behaviors exhibited by cyber criminals and phishing rings. The technology allows companies to differentiate between legi
18、timate and fraudulent users immediately and transparently, without putting the burden on consumers to change their behavior (Mitnick, 2005). Another anti-phishing protection technology is offered by Blue Coat Systems, Inc.,which has the ability to conduct real-time assessment and categorization of U
19、RL databases. This capability protects enterprises or individuals by blocking access to phishing web sites or by warning users that they are attempting to open a phishing web page that could expose them to potential theft or fraud (Mitnick, 2005). Other technological solutions include both chip-base
20、d cards and a “magna” solution that derives a unique identier from a magnetic strip card. The benet of the chip-based smart cards is that they are almost impossible to compromise. The magna solution relies upon physical properties which have a unique ngerprint based on magnetic particle noise. The d
21、ownside of both of these technological solutions is found in the high cost of upgrading the POS infrastructures. The restaurant industry is plagued with the highest incidence of credit card skimming schemes at 38 percent, followed by gas stations at 27 percent and retail stores at 15 percent. Recent
22、 advances in technology allow transactions in restaurants to be settled securely at the table, in clear view of the customer. This new pay-at-the-table technology utilizes hand-held portable devices with cutting-edge security features. In many cases, the system can be fully integrated with an existi
23、ng POS system or used on a standalone basis (Drummond, 2007, p. 28). The advantages of this type of system are that it eliminates the opportunity for skimming. It ensures that the customers tab is completely closed before leaving the restaurant and it protects the reputation of the restaurant (Stock
24、, 2007). Some may argue that customers will not adapt to the change in method of payment, but think again. In a recent survey conducted by Visa International, 70 percent of consumers said the benets of protecting their personal or nancial information from being lost or stolen outweigh any inconvenie
25、nce or cost. Change comes and people adapt, especially when it comes to increased security of nancial information. Recently, the merchant must reassure their customers that they are fully protecting their customers nancial information by creating and implementing fraud deterrence tools.The threat of
26、 fraud will continue to grow along with the various fraud schemes employed today. Therefore, it remains essential for each organization to evaluate their fraud control strategies to aid in protecting not only their own 4 interests, but also the interests of their customers (Sorentino, 2003). Recomme
27、ndations Credit card fraud has become a huge challenge to overcome. Although there is no way to completely knock out this type of fraud, there are many things that credit card companies, merchants and consumers can do to protect themselves. Although steps are being made to prevent credit card fraud,
28、 improvements can always be made. Discussed below are four different recommendations to help control this growing fraud: implement chip-based credit cards, make skimming and counterfeit card equipment much more difcult to obtain, provide incentives and training to merchants on spotting counterfeit c
29、redit cards; and help victims restore their credit in a more efcient manner. Use chip-based cards To catch the problem before it starts, the USA should end all use of magnetic strip credit cards and implement chip-based cards. Chip-based cards, or smart cards, are nearly impossible to re-create, all
30、owing its users the condence that their card cannot be used fraudulently. The draw back to switching all cards from magnetic strips to chips is the cost in doing so. However, credit card companies and merchants need to understand that a large investment will save them billions lost to credit card fr
31、aud. Countries such as Malaysia, Canada, and Europe have begun to integrate or switch completely to chip-based credit cards. In Canada, Visa, MasterCard and Interac have combined forces to ensure a smooth transition from magnetic strips to the chip cards and have committed to mass distribution of th
32、e new cards by 2010. Not only are the chips themselves nearly impossible to duplicate, but a PIN is also required to authorize any transaction instead of a signature (“Moneris Solutions”, 2007). Malaysia switched exclusively to using Smart Cards in 2005. The country saw a huge decrease in counterfei
33、t card losses from US$400,000 in November 2004 to nearly “no counterfeit fraud” as of September 2005. The decrease in fraud shows that chip technology is more secure than magnetic strips (Yeo, 2006). Make equipment more difcult to obtain Unfortunately, credit card fraud is easy to commit since the e
34、quipment needed to make counterfeit cards is extremely available. All it takes is a short visit to one of many web sites, a couple-hundred bucks and, voila! The criminal now has a machine capable of creating fake credit cards to buy whatever his or her heart desires on someone elses dime. The compan
35、ies that are affected the most by credit card fraud should come together to ensure this equipment cannot be sold to just anyone. With 5 combined resources, a group could be created that specically searches for these types of web sites to shut them down. Since counterfeit card fraud is the fastest gr
36、owing type of credit card fraud, these machines need to become harder to obtain. Incentives and training for merchants Offering incentives to merchants to do their part to thwart credit card fraud is a promising choice. This option has recently been introduced since in the past, credit card companie
37、s have maintained a ne-only approach with merchants who were not compliant to industry standards. In December 2006, Visa broke this trend by offering incentives to merchants who were compliant with their Payment Card Industry Data Security Standard. In their effort to protect customer data and lock
38、down the critical data held in merchant storage components, Visa decided it would be benecial to offer nancial incentives to eradicate the storage of full track data or the complete card numbers versus a truncated option. “Securing customer trust and commerce are important to Visa,” says Michael Smi
39、th, Senior Vice President of Enterprise Risk and Compliance. With the combination of both nes and incentives, Visa expects merchants to do their part to eliminate risk (Visa, 2006). In January 2007, MasterCard announced, under their new program SecureCode, that it would provided merchants with disco
40、unted charges that are as much as 16 percent lower than fees associated with face-to-face transactions for those who implanted their new security standard (Visayan, 2007). However, credit card companies need to expand their approach in offering incentives to include a more complete education in frau
41、d awareness to merchant employees. In fact, most credit card companies encourage fraud prevention training and even offer additional materials to learn how to be fraud savvy. However, this is just a small step in the right direction. By training employees to be on the lookout for card fraud through
42、the examination of holograms, comparing signatures or examining the expiration date and comparing signatures, merchants should receive nancial incentives for their efforts. Financial incentives may be the only way in which merchants will do their part to establish not only security features, but als
43、o to create best practices and implement various tools to help protect merchants at the local level and protect commerce at the higher level. 6 信用卡欺 诈的识别和防范 资料来源 :金融犯罪期刊 作者:凯瑟琳 .巴克,杰基 .阿玛托,保罗 .谢里顿 反欺诈措施:在商业活动中,信用卡和借记卡正在迅速取代现金和支票交易。根据美国银行协会赞助的一个研究报告显示:在 2004 年至 2006 年,只有45%的美国消费者使用少量现金。随着财务弹性和控制的改变,一
44、种新的机遇正面临着开发。本章节介绍了金融机构是如何应对信用卡欺诈和利用维萨卡、万事达卡和美国运通卡的共同特点来减少诈骗风险。金融机构和商人从自身角度通过教育他们的客户维护个人身份信息来保护他们远离欺诈。 教育客户如何采取防范措 施将会减少信用卡欺诈风险对客户的麻烦和压力。维萨卡的产品特点包括以下特征:账户号码的第一个四个数字被预印在突起的数字上;账号通常由一个 4 起头并包含了 13 或 16 个数字;微型印刷出现在有 VISA 字样的标识语边;在紫外线光的照射下可见一只大型鸽子。万事达卡的产品特点包括:账号通常开头是一个 5 并包含 16 个数字;一个特殊的安全字符特征“ MC”紧挨着终止届
45、期;账户号码被反斜体凹嵌在签名栏上;在紫外线灯光下可见一个大的字符“ MC”。美国运通卡也有一系列的特征。在紫外线光的照射下,字母“ AMEX”可被检测到。账号通常由 37 开头并有 15 个数字组成( ACFE,2007, p.1.1027) 。 在过去的二十年,金融机构和技术专家付诸了极大的努力来减少信用卡欺诈问题的发生。维萨卡和万事达卡设计和运用了各种程序方法来识别客户身份当信用卡被启用时。在 1993 年,维萨卡启用了它的信用卡的身份识别程序( CVV)。在卡的磁条中,有一串数值被编码。当持卡人在 POS 机上进行一项业务支付时,终端机将读取 CVV 代码传输给发卡行验证。在制定这个程
46、序开始的两个月中,维萨卡估计此项技术可以阻止 340 万美元的欺诈交易。万事达卡不仅采用了相同的技术还在账号后设置 了 CVC 在签名栏上 (Day, 1993, p. 30)。 CVV局限于只能保护交易不受假磁条的影响,却无法对抗略读。 CVV 代码的重要性在于它可以使商人能够停止那些可能包含了欺诈成分的交易。 维萨卡近来研究出一项技术可以分析发现通过交易处理网络中的那些单独或集体交易中是否存在欺诈性。这项技术,“高级专利”被估计在未来的五年中可以阻止一亿六千四百万的欺诈损失。这项技术被立即看做是金融机构对信用卡欺诈交易潜在性的识别。为了打击欺诈交易,金融机构现在已使用信用卡激活程序来阻止罪
47、犯利用邮政系统来进行犯罪。只有在客户联系 公司并在持卡人知道个人信息的情况下,信用卡才能被激活。一旦信息被提供,信用卡才能被激活使用。卡激活程序投入使用相对比较便宜并且能显著地减少未授权人使用卡的风险 (Arend, 1993, p. 91)。 7 反网络钓鱼工作组是致力于消除身份盗窃和欺诈,单在 2007 年一月就被报道发生了 29930 起盗窃客户密码和个人信息的事件。这个数字比 12 月上涨了25%,比 2006 年 6 月记录的数据上涨 5%。在 2005 年 5 月末,这些策划类型使信用卡发行商和银行花费了九亿二千九百万,其中包括了 90%的损失 (Mitnick, 2005)。 一
48、项新的技术,“时间间隔连接”在 2005 年由第 41 个参变量来发展过来并阻止这种类型的欺诈。它通过关联登录数据、计算机数据、客户数据在确定的时间搜索犯罪者装置痕迹来工作。在建立参数时,一个大致的外形就会被查明来精确定位犯罪者的副本以此建立一个强大的防御措施来抵御可识别的所有不同类型的计算机犯罪和网络钓鱼。这项技术可以使机构有效地识别正当和欺诈使用者,不需要增加客户压力以改变行为的方式防范风险 (Mitnick, 2005)。 另外一个反网络钓鱼的保护措施有蓝外套系统提出。它有能力实现确定时间评估和 URL 数据 的分门别类。这种技术通过阻塞钓鱼网的打开或是提醒他们正在打开一个钓鱼网页来揭露
49、潜在的盗窃欺诈风险来保护公司或个人 (Mitnick, 2005)。 其他技术解决方案包含了芯片卡和源于磁条卡标示性的“麦格纳”方案。这种只能芯片卡的优势在于它们几乎不能妥协。“麦格纳”方案依赖于具有唯一痕迹的磁颗粒噪音的物理特性。它们的缺陷在于对 POS 机升级的高花费。 餐饮业以 38%高发生率深受信用卡浏览盗窃阴谋,接下来是在加油站为 27%和零售店为 15%。近年技术上的进步在顾客的考量上允许顾客在餐桌上进行安全交易。这种新的在餐桌上 支付方式使用了具有尖端安全技术的手提便携装置。在许多情况下,可以整合充当 POS 机来使用 (Drummond, 2007, p. 28)。这种系统的优势在于消除了读取信息的机会。它使顾客在离开餐厅前,账单时完全封闭的,保护了餐厅的信誉 (Stock, 2007)。 一些人会争辩,顾客并不接受支付方式上的这种转变,但再想想。在最近由国际维萨机构进行的一项调查发现, 70%的顾客表示这种方式保护个人财务信息不丢失或被盗窃的益处远大于它的不便捷和花费。人们在适应改变的到来,特别是当它增加了财务信息的安全性。近年,商人使他 们的客户相信他们有能力保护他们客户的财务信息通过使用欺诈防范工
