Finextra: Consumers warned of man-in-the-phone bank scam


10 July 2009 – 13:29
Consumers warned of ‘man-in-the-phone’ bank scam
Telephone banking customers are being warned about a new low-tech, man-in-the-phone (MitP), fraud technique being employed by criminals.

Vendor Actimize says it has recently spotted the scam through its fraud surveillance at several large retail banks. It originally targeted British banks but is now spreading to the US and Canada.

In a typical MitP attack, a fraudster calls the victim claiming to work for their bank, warning that their account may have been breached or compromised. The criminal then puts the customer on hold and calls their bank, connecting the two while remaining on the line.

The bank then requests authentication information, such as social security number, passwords and other personal information. Once the personal information is provided, the fraudster quickly ends the conference line and informs the customer that the issue has been resolved.

Meanwhile, with the personal information gathered during the call, the fraudster can take over the customer’s phone banking relationship and transfer money out of their accounts.

James Van Dyke, president, Javelin Strategy & Research, says: “As consumers shift more financial transactions to secure online arenas, fraudsters have become more creative in utilising traditional telephones. Access through mail and telephone transactions grew from three per cent of ID theft in 2006 to 40% in 2007 and fraudsters are getting creative and leveraging new techniques to commit fraud, so consumers need to be as diligent as ever in protecting their personal information.”

At the banking end, Actimize says firms should combine cross channel behaviour profiling and anomaly detection technologies with better call center processes and training. Call center employees should be trained to listen more closely and ask who originated the call.

Says the vendor: “Attacks may be thwarted or losses minimised if bank employees ask simple (but random instead of static) security questions at various points in the phone conversation when confirming personal credentials.”

 

Full Story

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: