Thursday, May 20, 2010

Visa Warns of New Fraud Scheme

Alert to Banks, Processors Describes Bogus Batch Settlement

Banking institutions and payments processors are on heightened alert after notification from Visa that a criminal group plans to execute a large, fraudulent batch settlement scheme.
According to Visa's alert, a copy of which was obtained by Information Security Media Group, the payment card giant has information about criminals who claim to have access to account numbers and the ability to submit a large batch settlement upload to occur over a weekend. (Merchants usually send their credit card transactions by batches at the end of a business day to be settled by the credit card companies and acquiring banks.)

Visa does not have any information as to when the fraudulent settlement activity may occur. The criminals claim to have access to a merchant account placed with a bank in Eastern Europe.

"Although the source of the information is reliable, the information that Visa has received coming forward so far is limited," the alert states. "Visa suspects that this scheme may be linked to a consortium of online merchants that have been trying to secure processing arrangements after being shut down at several acquirers across many geographies."

This alert comes after last year's record-breaking Heartland Payment Systems data breach and other noted incidents, including the Network Solutions breach that involved its merchant client database of more than 4,000 small business accounts.

Once Visa received the information from the third-party source, according to the alert, it immediately implemented monitoring of large settlement activity for banks located in Eastern Europe. Up to now, Visa says it hasn't seen abnormal or large settlement activity. Visa says it is continuing to monitor and will alert any affected Visa clients of abnormal activity, if needed.

Institutions should monitor for large or unusual settlement activity -- particularly during weekends and holidays. They should also closely review settlement and chargeback activity for high risk merchants and agents.

Analyst: Banks Should Be 'Very Concerned'

These types of thefts have been around for a long time, says Gartner analyst Avivah Litan.

"Financial institutions should be very concerned about this alert because they are the ones who get stuck with the bill and the chargebacks once cardholders notice the unauthorized charges. These 'fake' merchants will undoubtedly bail out of the system once they get their money, so the banks don't have a prayer of recovering money from the bad guys.

This type of fraud is likely to continue, as the biggest problem in preventing batch settlement fraud is how merchant accounts get created and underwritten in the first place. "Visa, MasterCard and the acquiring banks need to tighten up their accreditation process and how they onboard new merchants. There are too many 'third parties' and ISOs in the system, allowing too many illegitimate merchants to establish accounts and access to the payment systems.

No comments: