Tag: Fraud

Force Authorization Scam

From the Santa Barbara Police Department

Information Bulletin
Santa Barbara, CA – 08/21/19
Force Authorization Scam
An authorization code is an alphanumeric password that authorizes a purchase. A force authorization may be required for times when a merchant’s payment terminal cannot connect to the network or the amount of the sale is above a predetermined amount. The authorization code allows a merchant to bypass the process by manually entering a previously obtained authorization code.
Recently, two Santa Barbara downtown businesses fell victim to a credit card authorization fraud scheme. Based on the recent events, we would like to inform businesses of the scheme presented and ways in which to defend your business from such incidents.
Common scams include both over the phone and in person transactions.
Example 1: The suspect/customer enters the store and attempts to make an expensive purchase. When their credit card is denied, he or she will likely pretend to be upset and act as if he or she is contacting the bank. The suspect(s) will hand you their personal phone and have you speak with the (fake) bank representative, who will provide you a force authorization code. A later chargeback will result and the merchant will be at a loss.
Example 2: The suspect/customer will arrange for a transaction and provide the credit card number and an alias. The customer will provide the authorization code once the card declines to force the fraudulent transaction through. A rapport is usually generated prior to the actual transaction to cause the employee to further believe the transaction is legitimate.
Best Practices:
* Never enter an authorization code given by a cardholder to force a transaction. Always contact the cardholder’s issuing bank yourself to obtain the valid code.
*  Ask for identification, especially for expensive transactions made over the phone to verify the identity of the caller. This can be sent to you (the merchant) via fax, email, or text.
* Do not hand your payment terminal to the customer as the customer may enter the fraudulent authorization code themselves without your knowledge.

JURY SCAM ALERT

Santa Barbara County Superior Court officials are aware of a scam in which identity thieves target local residents and threaten them for failing to report for jury service.
These perpetrators then ask for confidential information.
Jury Services staff NEVER ask for Social Security Numbers, credit card numbers, bank account numbers or other confidential and sensitive information. 
Information such as this is not contained within our database and we do not request this information from the juror.
We urge all members of the public to be aware of such scams and be careful whenever you reveal confidential information over the telephone.
Do not give out such information over the phone to anyone who calls you claiming to be with the jury office of the Superior Court.
The court is aware of such activity in Santa Barbara County.  A similar scam has also been reported in Ventura County.  If you receive such a telephone call please contact your local law enforcement agency.

Password Risks

After what I witnessed helping a friend the other day, I need to alert everyone.
We can never assume and take for granted that everyone who has an online presence is technically savvy.
A few examples: Doctors, Plumbers, Electricians, Architects, Hair Stylists and many more.
All these people are trying to land customers, and have a LinkedIn account, a Facebook account, a Twitter account and maybe an Instagram account.
The big risk here is the password use. Was helping my friend to update his Facebook page and noticed something that alarmed me.
He was using ONE yes ONE password for everything. His Bank account, his Social Media pages and his email.
I explained a few things and he thanked me for saving the day.
So here are some basic rules for everyone to follow:

 

  1. NEVER USE ONLY ONE PASSWORD FOR EVERYTHING.
  2. HAVE ONE PASSWORD FOR BANKING, ANOTHER FOR EMAIL AND ANOTHER FOR SOCIAL MEDIA.
  3. NEVER USE YOUR NAME, BIRTH DATE, MAILING ADDRESS OR PHONE NUMBER AS A PASSWORD.
  4. TRY TO USE NUMBERS AND LETTERS AS WELL AS SOME *&^%
  5. IF YOU ARE NOT USING LASTPASS, CHROME OR OTHER PASSWORD MANAGER: Open an Excel Sheet and create a password list to remember them.
  6. MAKE IT A HABIT TO CHANGE YOUR PASSWORDS A FEW TIMES PER YEAR.
I hope that this will help. If you are unsure, or have questions, please fell free to contact me and I will help you with this very important task.
Stay safe in the world wide web everyone!

 

Market Guide for Online Fraud Detection

By Gartner Report:  Licensed for Distribution

Online fraud detection continues to grow in complexity with many solutions measuring dynamic behavioral characteristics. Security and risk management leaders responsible for fraud prevention should focus on creating a trusted ecosystem, and seek orchestrated solutions to improve customer experience.

Overview
Key Findings
The online fraud detection (OFD) market shows continued signs of M&A activity with the attention of many investment firms becoming focused on this space. As a result, many solution providers are the target of acquisition by financial services, payment providers or large software companies.
Machine learning continues to drive innovation in the space. However, buyers responsible for the specification and purchase of OFD solutions report increasing weariness with the jargon deployed by many vendors, leading to confusion over technical features rather than a focus on business benefits.
In many organizations, fraud teams are being challenged to grow beyond transaction governance and compliance, through the need to accommodate new channels such as social media, and to combat unreliable, unverified information found on those channels.

Get the full Analysis HERE

How To Fail

It is very surprising to see that there are Companies and Organizations out there that don’t have a clue on how to run their business.

I got a call today and I want to bring attention to the following red flags to avoid:

  1. The caller ID was from a foreign Country.
  2. He asked to speak with Mariella. When I asked who was calling, he insisted: “Is this Mariella”?
  3. The name of the Organization was only mentioned after the call intrigued me enough to hear more.
  4. The seller told me that he was representing one of the biggest Women’s Groups.
  5. When I mentioned LinkedIn he wasn’t sure.
  6. After asking a lot of questions about my background that are already visible on every Business platform, he quickly asked for my credit/debit card information.

Needless to say that this organization lost a sale.

I researched the said Group in LinkedIn and saw this:

For claiming to be one of the “biggest” organizations, this surely looks suspicious.

Nobody will give you their credit/debit card information via phone any longer.

If you are indeed a legitimate business, then make sure that your prospective clients, members, customers feel safe!

No established business lacks a professional presence.

No established business lacks a way for buyers/clients to pay online via a safe payment portal.

So do your Business or Organization a huge favor and build a foundation that will show the world that you are legitimate, professional and trustworthy.

 

Scam and Fraud Rules!

  1. THE IRS WILL NEVER CALL YOU.
    Anyone claiming it’s the IRS, simply hang up and block the caller.
  2. Your Bank will NEVER call you!
    Simply hang up and block the caller.
  3. SOCIAL SECURITY will NEVER call you! Your SSN can never expire for any reason!!! Hang up and block the caller.
  4. Chinese phone calls are bugging a lot of phone numbers.
    Simply hang up and block the caller.
  5. ANY call that starts with a recorded message is a SCAM!
    Simply hang up and block the caller.
  6. ANY caller that asks for your debit or credit card information to send you a free product is a SCAM!!!
    Hang up and block the caller.
  7. ANYONE calling you about a family member is a SCAMMER!
    Hang up and block the caller!
  8. Facebook will NEVER give money for any click, like or share!
    Stop sharing such information.
  9. NEVER click on links you don’t feel sure about.
Don’t panic! Authorities of any kind will NEVER call you to ask you for your social security number, bank account number, or debit/credit card number! Don’t fall for those phone calls.
Don’t fall for false shared information on Social Media!!!
A great solution is NEVER to answer calls from numbers that are not in your contacts list!

Debate: Finance or Customer Support?

Chargebacks – Fraud – Claims – Disputes – Refunds
Here is the deal: A lot of Customer success directors want to own the Risk/Chargeback manager of the company they work for.

Not so fast. Do you know the difference between a refund and a chargeback?
Do you know the difference between a dispute and a claim?
Does your back end translate the difference?

1. Disputes should be under Customer Success, since the customer needs some help for a purchase that was either never received, or received and has an issue.
There is where the Customer success department sets the policy for such transactions to make a customer happy.

2. Claims and chargebacks fall 100% under Finance department, since it involves money/revenue at risk to be lost.
This is where your Risk Manager fights back against all those transactions and with a few clever steps wins them for the Company.

3. Fraud: Also under Finance Department. Here is where the Risk Manager sets up and adds fraud filters to all your online transaction channels.

If your company is selling only digital goods, take a look at FASTSPRING
They do everything for you and they are the best at becoming your shopping cart, payment processor and everything you need without the headaches.

 

 

How misunderstandings can happen – Do not Risk it

This happened to me and I am warning you all to NOT use the same password for all your online usage!

This started on my phone. I found out by shear chance…. Facebook, LinkedIn, Instagram, Twitter…. was locked out of all. Had to work for 6 straight days to fix it all. Had to change passwords. Managed to log back in and found out that most of my connections had been blocked…. Imagine the terror…. people thinking that you have kicked them out of your life for no reason at all…..
I worked on every Social Media platform and unblocked them all….
Now all I can hope for is that they will see my post and reconnect.

Beware people…. The internet has changed our lives, has made connections valuable, has connected us with friends, family and colleagues all over the world, BUT has increased RISK exponentially.

So we suggest that you keep an Excel sheet with all your logins and passwords, or use Last Pass or another password software and keep them safe!

NEVER share passwords, do not create passwords with birth dates, or SSN, your actual names or email addresses. Use difficult and long passwords and CHANGE them periodically!!!!