Debt collectors prey on soldiers and veterans

For CreditCards.com/ Updated: March 22, 2016

By Karen Haywood Queen

Unscrupulous debt collectors have a special affinity for military personnel.

Enlisted service members earn steady paychecks, move regularly and can lose a security clearance if they have excessive debt. They may be overwhelmed with paperwork and stress during and after a deployment. Those issues make them more likely to miss paying a bill, more vulnerable to unlawful debt collection tactics and easy targets for fraudsters trying to collect on nonexistent debts.

“We receive complaints from service members about debt collection issues at nearly twice the rate of their civilian counterparts,” says Holly Petraeus, assistant director of Servicemember Affairs at the Consumer Financial Protection Bureau. “We’ve heard that when National Guard units deploy, debt collectors will call family members and try to pressure them to pay without giving them a chance to call the service member. The worst one I heard about was a debt collector pressuring a recent combat widow to pay them immediately from the death gratuity.”

In a report released March 22, 2016, debt collection complaints accounted for nearly 50 percent of the more than 19,000 complaints the CFPB received from military members. Complaints are up 13 percent from 2014 to 2015. See chart below, “Service member complaints.”

Credit card debt was the most likely cause of those complaints, underlying 30 percent of the debt collection complaints.

“The complaints highlighted in today’s report show that members of the military continue to have serious problems when it comes to debt collection,” said CFPB Director Richard Cordray in a news release. “The bureau will continue to closely monitor complaints from servicemembers to ensure our brave men and women are getting the protection they deserve.”

The debt could be a real bill that slipped between the cracks during a military move. “When you move, you think you’ve paid a final bill,” Petraeus says. “The company says they will tell you if you owe more money — but sometimes they don’t. Then a late charge comes in and they send it directly to collection. In my case, it was a cable company. I went to talk about my current account and they showed me this unpaid debt that had been sent to collection. It was less than $5. Obviously you’re willing to pay it if you know about it.

Phantom debt
Sometimes the supposed debt is one that’s simply not owed. It may have been paid already, discharged in bankruptcy, the result of ID theft, or never owed in the first place. This is a problem that affects not just the military but also civilian consumers.

Or, you may indeed owe the debt, but not to the entity trying to collect it — because a debt broker sold the same portfolio to more than one buyer, says Christopher Koegel, the assistant director, division of financial practices, at the Federal Trade Commission.

We receive complaints from service members about debt collection issues at nearly twice the rate of their civilian counterparts.
— Holly Petraeus
Servicemember Affairs, CFPB

Attempts to collect debt that was never incurred — “phantom debt” — represent 70-80 percent of the debt collection complaints that come into the FTC, Koegel says. Amounts of the bogus debt range from several hundred to several thousand dollars. Sometimes, the scammers inflate the amount of money owed, he says.

Those attempts often appear legitimate because the collector has identifying information about the consumer. “They have a fair amount of personal information about the consumer to help overcome the consumer’s personal skepticism,” Koegel says. “Often consumers who have taken out payday loans may have taken out several. The consumer gets confused and thinks, ‘Maybe I did take out a payday loan a few years ago.'”

In two cases, (FTC versus Cornerstone and Co., and FTC versus Bayview Solutions), debt brokers listed consumer debt for sale on a website that was free, open to the public and contained borrowers’ identifying information including consumer names, addresses, birthdates, contact information, employer names, credit card numbers, bank account numbers and bank routing numbers.

“Anybody, including our investigators, could go on the spreadsheet and see all the information you would need to collect from consumers and ‘create’ a debt,” he says.

“The FTC sued to have that information pulled off the website and make sure consumers were notified of the breach.”

Pay up or else
Even if the debt is real, the debt collector’s tactics could be violating the Fair Debt Collection Practices Act. Making false threats of litigation or any threats of arrest, false claims to be an attorney or law enforcement agency — even spoofing phone numbers on caller ID — are all Illegal intimidation tactics. Debt collectors also sometimes threaten to disclose or do illegally disclose the debts without permission to third parties including family members, employers and — especially tough for service members — military commanding officers, says Christopher Koegel, the FTC’s assistant director, division of financial practices.

You may be going through PTSD. I was really struggling. Companies do prey on us.
— Sgt. Bryan Noyes
Victim of illegal collection practices

“Debt collectors may contact the service member’s chain of command to disclose the debt — something they’re not supposed to do under the Fair Debt Collection Practices Act,” Petraeus says. “They know if the commanding officer gets a lot of calls, he or she is apt to go to the service member and say, ‘I’m getting a bunch of calls about this, fix it.’ Even if they don’t owe it, the service member will pay the debt so it will go away.”

Unethical debt collectors also directly threaten to get the service member’s security clearance revoked, she says. A security clearance is not automatically revoked because of unpaid debt, Petraeus says. “But debt collectors know even the threat is effective,” she says. “Many jobs you cannot do without a clearance. For example, everyone on a nuclear submarine has to have a secret or higher clearance.”

In many cases, the name of the supposed creditor is not recognizable to the consumer. That’s because the original debt holder has concluded the debt is uncollectable, written it off, taken a tax deduction and then sold the debt to a third-party debt collector for pennies on the dollar.

“We’ve had service members says to us, ‘I’d be happy to pay the debt if I could find out who I One veteran’s story
Sgt. Bryan Noyes survived an Iraq deployment from 2003 to 2007 as a forward observer, one of the 10 most dangerous jobs in the Army. “I was usually on top of buildings or right across the street from where the enemy was,” says Noyes, now a district service officer with the Veterans of Foreign Wars in Portland, Maine. “I coordinated movement on the ground, if they needed backup with artillery. We’re an extremely valuable target if the enemy gets us.”

Once he left the Army, he became a valuable target for debt collectors. “When you come out of the military, you’re easily vulnerable to scams,” he says. “You may be going through PTSD. I was really struggling. Companies do prey on us.”

Noyes paid the bills he knew he owed. “I knew I owed those bills because the credit cards were in my wallet,” he says. Other bills were to creditors he’d never heard of and for large amounts he knew he never would have been approved to borrow.

The harassment calls were constant. “I put an app on my phone to count and one day I had 15 messages from the same debt collector,” Noyes says. Debt collectors called as early as 3 a.m. and as late as 1 a.m.

Pine Tree Legal Assistance in Maine helped him resolve the issue, getting three cases totaling $5,000-$7,000 dismissed, Noyes says. “What I tell veterans nowadays is, ‘If you need money, go to your bank or credit union. They know you.'”

How to protect yourself
Petraeus urges service members to take advantage of education and protections they have:

  • The CFPB and Military One Source — a support resource for service members — offer financial planning, counseling and education geared toward soldiers and veterans. The CFPB offers financial coaching for transitioning veterans and other economically vulnerable consumers.
  • Service members who deploy can place an active duty alert on their credit reports to require businesses to take extra steps before issuing credit in their names.
  • Service members also are protected from high interest rates and other predatory practices under the Military Lending Act.
  • The Servicemembers Civil Relief Act protects service members on active duty from certain financial civil actions.
  • Veterans Affairs benefits that are directly deposited into the veteran’s account or issued onto a card are protected from garnishment to collect on debts. The bank must protect two months’ worth of benefits and allow the veteran to use that money. Payments issued on paper checks are not protected; veterans are urged to take advantage of direct deposit to get that protection.
  • The FDCPA protects all consumers, requiring, among other things, that third-party debt collectors send a validation notice within five days of first contacting a consumer about a debt. That information must include the name of the creditor, the amount owed and how the consumer can dispute or the debt.

Federal law says consumers who feel they don’t owe the debt can request a debt verification letter within 30 days of receiving the debt validation notice. At that point, the collector must stop contacting the consumer until written verification is provided.

The third-party debt collector may not even have that information. One study by the FTC showed that only 12 percent of accounts sold to third-party debt collectors came with any underlying documentation, says Lisa Stifler, a senior policy counsel who leads the Center for Responsible Lending’s work on debt collections.

Often, accounts lack key information needed for verification. For instance, 89 percent don’t list the original principal amount; 65 percent lack the date of first default; and 54 percent omit the name of the original creditor, Stifler says. “All of the above are critical pieces of information for debt collection,” Stifler says.

The debt collector, however, may claim the information is sufficient.

“Unfortunately, it’s not always black and white,” she says. “If you cannot get verification, you should not be obligated to pay. Often, though, it takes a complaint to the FTC, the CFPB or an attorney’s intervention.”

 

SERVICE MEMBER COMPLAINTS BY PRODUCT BY YEAR
Product 2014 complaint volume 2015 complaint volume % changer from 2014-2015 % of all complaints
Debt collection 8,700 8,900 2% 46%
Mortgage 2,500 2,800 10% 15%
Credit reporting 1,600 2,200 35% 11%
Consumer loan 900 1,400 59% 7%
Bank account and services 1,100 1,100 2%* 6%
Credit card 800 1,100 29% 6%
Payday loan 600 500 -2% 3%
Student loan 400 400 7% 2%
Prepaid 100 300 226% 1%
Other financial services 100 200 179% 1%
Money transfer 100 200 73% 0.8%
Total* 17,000 19,200 13% N/A
* Complaints are rounded to the nearest hundred, so percentages (based on nonrounded values) may appear inconsistent with complaint volume
Source: Servicememebers 2015: A Year in Review, released March 22, 2016

 

To see original publication, go to http://www.creditcards.com/credit-card-news/debt-collectors-prey-soldiers-veterans-1282.php

10 warning signs of ID theft and what to do if you suspect you’re a victim of fraud

 For CreditCards.com/Published May 24, 2016

By Karen Haywood Queen

You clicked on a spam link without thinking, you left your laptop for a few minutes at a coffee shop, you use the same password for every account, and you even turned off your pesky firewall protection. You know you’re playing with fire. How will you know when an identity thief has stolen your personal or card info?

Be on the lookout for these 10 warning signs of identity theft, and know what to do if any of these things happens to you:

  1. Missing money from bank accounts.
    You see withdrawals from your bank account that you can’t explain. “Someone else has access to your account,” says John Krebs, the Federal Trade Commission’s identity theft program manager.

What to do: Call your bank, explain the situation and change passwords for the account. You may have to wait to get your money restored to your account while your bank investigates the problem.

  1. You stop getting mail.
    “If you’re not getting your mail, that’s a definite red flag,” says Christine Arevalo, director of fraud solutions at ID Experts in Portland, Oregon. A fraudster has likely redirected your bills and other mail to his or her address.

    Post offices are working to prevent this theft by contacting people by text messages, email and U.S. mail to confirm a change of address, Arevalo says. “I just put in a change of address, and all three were utilized,” she says.

What to do: Contact your post office, your credit card company and other billers before payments are past due.

  1. Collectors calling about debts that aren’t yours.
    If debt collectors call you about debts that aren’t yours, someone likely has used your name to borrow money and then not paid it back. If this happens to you, don’t stop at telling the bill collectors to leave you alone, Arevalo says. “That’s a bad idea,” she says.

The FTC’s Fair Debt Collection Practices Act requires third-party debt collectors to send – within five days of contacting a consumer about a debt – a validation notice with the name of the creditor, how much is owed and how to dispute the debt.

What to do: If you think you don’t owe any money, you can send the a verification letter asking for proof, such as a copy of a bill for the amount you owe. You must send the letter within 30 days of the initial contact from the collector. Collection calls and letters must stop until the debt is verified.

Still think the collector has it wrong? You should dispute the debt and file an identity theft report. Also, check your credit reports with the three credit reporting bureaus, Equifax, Experian and TransUnion, or via annualcreditreport.com to make sure there are no fraudulent accounts.

  1. Suspicious charges on your credit cards.
    You notice unfamiliar charges on your credit card bill. A fraudster is likely charging in your name — either with a fake card or online with your credit card number.

What to do: Contact your credit card issuer, tell your creditor about the bogus charges, and ask to get them removed. Then check your credit reports to make sure there are no accounts you didn’t open.

  1. Bogus accounts in your credit history.
    You notice unfamiliar accounts on your credit report. You likely are a victim of account takeover or identity theft.

What to do: Contact each credit bureau, and tell them which accounts on your credit report are fraudulent. You can find a sample letter from the FTC here. Report the ID theft to the FTC. You can also place a fraud alert or credit freeze on your accounts.

  1. A bill from an unfamiliar doctor.
    You received a bill from a medical provider you never heard of for a procedure you never had. That’s a strong sign of medical ID theft. Other warning signs: Your health plan rejects your legitimate medical claims because records show you’ve reached your benefits limit. Or, a health plan won’t cover you because your medical records show a condition you don’t have.
If you’re not getting your mail, that’s a definite red flag.
— Christine Arevalo
ID Experts

What to do: Contact each doctor, pharmacy, laboratory and health plan where the thief may have used your information and tell them about the issue. Contact your employer in case the fraudster is being treated for conditions that would cause you to lose your job

  1. Your government benefits are maxed out.
    If you get a notice that government benefits such as unemployment, food assistance or other services are maxed out or denied and it doesn’t add up, someone may have assumed your identity to collect benefits, Arevalo says.

What to do: Report the crime to the relevant government agency and to the police. Check your credit reports to make sure there are no bogus accounts in your name.

  1. Arrest warrants for crimes you didn’t commit.
    You get stopped for a minor traffic offense and the officer tells you there are outstanding warrants against you for crimes you didn’t commit. Or you are unable to renew your driver’s license because of traffic offenses that aren’t yours. Or you may get a notice for a parking ticket in a city you weren’t in at the time. You may have been hacked by a fraudster who is committing crimes, traffic offenses and/or parking violations in your name.

What to do: Contact the police and the district attorney to report this crime, says Steven Weisman, author of the scamicide.com blog. You’ll have to confirm your identity via photographs and fingerprints. Get a letter from the district attorney’s office explaining that you are a victim of criminal identity theft and that you did not commit the crimes done in your name, Weisman says.

  1. You receive a data breach notice.
    If you get a notice that your information was compromised by a data breach at a retailer, health insurer or other entity, your identity theft risk level just went up.

What to do: Check your credit and sign up for whatever free credit monitoring service is offered in response to the data breach. Most of these services take additional steps that are difficult for the average consumer. “Most will also search the dark Web to see if your information is being sold,” Krebs says.

  1. Tax refund check arrives before you file.
    If a tax refund check arrives before you file your return, that’s an obvious sign that someone has filed a fraudulent return in your name, says Rod Griffin, director of public education at Experian. This actually happened to Griffin. Other signs of tax fraud: You receive an IRS notice that someone used your Social Security number to get a tax refund, or the IRS notifies you that more than one return was filed in your name.

What to do: Contact the IRS and complete Form 14039 Identity Theft Affidavit, notify law enforcement and file an identity theft report with the FTC. If the notice also says you were paid by an employer you didn’t work for, contact that employer and explain that a fraudster stole your identity.

What did Griffin do? “I used Experian’s website to add an initial security alert to my credit reports, filed a police report and notified the IRS of the fraud,” he says. “They then issued a fraud protection number that I had to use when filing my tax return.

Identity theft can happen to anyone. Griffin’s incident had a humorous moment.

“The funny thing is that when I was at the police department I asked the officer if I could have just cashed the check and used it to pay my legitimate taxes. He said, ‘Probably,’” Griffin says. “I, of course, did the responsible, law abiding thing and did not cash the check.”

 

Four easy ways to increase online security

  1. Don’t automatically click on links in email. Make a rule that you must stand up and stretch first.
  2. Guard your computer the same way you’d protect $10,000 in cash. The data on your device could be worth more than that in the hands of a fraudster.
  3. Change your passwords regularly. Don’t use 1234, your name or birthday.
  4. Turn that firewall back on. The minor hassles aren’t worth the huge blaze you’ll have to put out if you become a victim of identity theft.

 

To see original publication, go to http://www.creditcards.com/credit-card-news/10-warning-signs-id-theft.php

Summer spending: Plan, set budget for more fun, less debt

 For CreditCards.com/Published May 16, 2016

By Karen Haywood Queen

 

Summer means lounging by the pool, enjoying a vacation getaway and, for kids, the fun of being out of school. But then there are the bills to pay: pool memberships, vacation costs, wedding gifts and camps or day care for kids. If you’re not careful, you could find yourself racking up credit card debt to pay for all those expenses.

Ideally, you’ve saved all year to be ready for summer. If not, check out these tips on how to better position yourself for next summer and find last-minute savings now.

Pool memberships
Joining a pool, whether it’s a country club or a private pool, can sink your budget if you’re not prepared. “Pool memberships can be quite expensive,” says Dara Duguay, executive director of Credit Builders Alliance, who lives in Washington, D.C.

If you have all year to plan, see if your favorite pool will let you spread out the cost over 12 months. If not, make your own plan by setting aside money in a special pool account.

As for this summer, if a private pool membership isn’t in your budget, consider a free or a less expensive city or county pool. “For us, the other alternative is the public pools, which are free for district residents,” Duguay says. “They are super crowded. You usually have to sit on the cement because all the chairs are broken. There definitely are trade-offs – but it’s free.”

Day care and camps
For parents of school-age kids who can’t be left alone, summer means scrambling to find reliable, safe, affordable day care or camps. Plan ahead for next year by seeing if you can get discounts by signing up and paying well in advance.

If you’re looking for good day care or camps for this summer, there are alternatives to pricy summer camps and nannies. “There’s a brand new YMCA right down the street from me,” Duguay says. “I enrolled my 7-year-old daughter for a couple of weeks at a fraction of what I would pay for a baby sitter.”

Vacation travelMany churches also offer summer kids’ programs for free or low cost during the mornings or evenings or even all day.

Still need to choose a vacation destination? If you have a travel rewards credit card and have accumulated a fair amount of points or frequent flier miles, you may want to narrow down your choices by seeing choosing a destination that maximizes your frequent flier miles.

Whether you’re paying with cash or points, consider off-season locations such as the Caribbean islands that are popular in the winter, but hurricane-prone in the summer, says Rod Griffin, director of public education for credit reporting agency Experian. To hedge your risk, check to see if you have travel insurance through a credit card that covers weather-related trip delays or cancellations.

Also check for what other kinds travel-related perks and safeguards your credit cards may offer.

If your destination is high-end, compare the price of checking a bag on the plane with the cost of buying liquid toiletries and other items at your luxury destination, Ingram says. “If it costs you $25 to check a bag versus purchasing what is going to go in that bag that would cost you four times that much at your destination, then check that bag and fill it with stuff you buy at home.”

Holiday rental homes
When booking a vacation rental home, you may be able to get a discount by booking next year’s stay as you leave this year. Even if you don’t get a discount, paying part of the rental fee early spreads out the cost.

But if you haven’t booked this year’s beach house yet, you can save money by paying attention to school schedules, says Leah Ingram, author of “Suddenly Frugal.” For example, if your kids get out of school at the end of May, book a rental in an area where school remains in session until mid-June, Ingram says. If your children don’t start back to school until after Labor Day, consider traveling in late August to a state where the school year begins in August.

You may even be able to redeem credit card rewards for vacation home rentals through services such as Airbnb, though the industry has been slow to offer easy rewards programs.

Vacation meals and souvenirs
Many families want to take a vacation from cooking too, Ingram acknowledges. But if you book accommodations with a kitchen, you can save money by eating breakfast at home before heading out for the day and packing a picnic lunch, she says.

When looking for souvenirs, skip the stores on the boardwalk or any place that spells shop “shoppe.” Instead, check out the local Walgreens or other national chain, Ingram says. “They’re likely to have the same touristy tchotchkes at a lower price,” she says.

Staycations
If your vacation destination is money-saving home sweet home, check Groupon and similar sites for discounts on amusement parks and other local attractions, Griffin says. Don’t overlook free concerts and other events in your area.

Weddings
Thinking about getting a new outfit to that summer wedding you were invited to? Think twice – everyone will be looking at the bride anyway. If you must have a new outfit and can’t bear to wear the same thing to more than one major event, check out Rent The Runway to rent a dress and/or Poshmark to buy or resell high-end clothing, Ingram says.

Cashing in credit card rewards for wedding gifts may also save you money.

Summer happens. Being prepared for expenses means you can pay those extra bills easily as opposed to wasting your pool time worrying or worse, getting a second job to cover extra bills.

To see original publication, go to http://www.creditcards.com/credit-card-news/summer-spending-budget-plan-debt.php 

Account takeover fraud rising

 For CreditCards.com/Published April 22, 2016

By Karen Haywood Queen

Instead of merely stealing your credit card number, today’s fraudsters are moving to full-blown account takeover, partly to thwart EMV chip-card technology but mainly to maximize their return on investment.

Account takeover is a type of identity theft where a fraudster uses parts of the victim’s identity such as an email address to gain access to financial accounts, says Patrick Reemts, vice president of credit risk solutions at ID Analytics in San Diego. The perpetrator often reroutes communication about the account, keeping the victim in the dark so the thievery can continue longer. Affected accounts can include credit cards, checking and savings accounts, brokerage accounts and store loyalty rewards accounts, Reemts says.

This type of fraud has overtaken simpler types of credit card fraud, according to a data analysis released in August 2015 by NuData Security. An earlier NuData report revealed that incidents of account takeover jumped 112 percent in the first quarter of 2015 compared to the same time period in 2014.

“If you steal a credit card, you’ve stolen one relationship,” Reemts says. “With account takeover, you have the potential to access several relationships they have. You have a lot more data to use. The payoff is typically greater.”

Part of the reason for the increase in account takeover is the increasing adoption of EMV technology, which makes it more difficult for fraudsters to clone physical credit cards. As the United States catches up to the rest of the world in implementing EMV, criminals will turn to new techniques such as card-not-present theft and account takeover, Reemts says.

Bigger returns for thieves
A bigger reason, though, is simple economics. Compared to a one-off theft, account takeover offers a better and longer return on investment. It’s the fraud that keeps on taking.

“Fraudsters are realizing how to optimize their operations,” says Ryan Wilk, director of customer success at NuData. “Having a pile of stolen credit cards can get you only so far. On day one, those card numbers are extremely valuable on the Dark Web. But people realize they’ve been breached and cancel the card. Within two weeks, the value of that card goes down from $5 a card to pennies a card.”

By comparison, stolen account information – including usernames, passwords, email and snail mail addresses, bank account information, Social Security numbers and more – can sell for much more in shady online markets and hold its dollar value for well over a month, Wilk says.

“That’s the beauty of account takeover for criminals,” says Don Bush, vice president of marketing at online security company Kount Inc., in Boise, Idaho. “They have time to act.”

Instead of just using a stolen credit card or card number, fraudsters can use the victim’s history to change the addresses for email and/or snail mail statements so that those statements now go to the fraudster’s address instead of the legitimate consumer. And they can request additional credit cards be sent to that new address.

“If you don’t get your statement for a month or two, you might not notice,” Reemts says.

For a bank account, a fraudster who has taken over an account might then clean out all the funds or pose as the true consumer and borrow money. The impact on the consumer is much more significant than when their credit card number is stolen.

“Credit card fraud is not solved, but credit card fraud is contained,” Reemts says. “With account takeover, [a fraudster] can clean out all kinds of accounts – checking accounts, investment accounts, savings accounts.”

Easy, reused passwords multiply consumer risk
Once a fraudster hacks one account, the next account often is easier to crack because consumers frequently use the same username and password combination on many different Web properties including email accounts, Wilk says. It’s easier for consumers to remember, but also easier to hack.

With access to an email account, the fraudster can reset site passwords on commercial websites using the victim’s trusted email address. “NuData sees the same credentials being tested across its various clients showing that the bad actors are testing the authentication credentials they acquire across multiple web properties,” Wilk says.

Compared to a one-off theft, account takeover offers a better and longer return on investment. It’s the fraud that keeps on taking.
 

Once a fraudster accesses a victim’s e-commerce account, they now have access to all of the payment methods linked to that account. “You may have a stored account where you have linked a few of your credit cards and PayPal account to easily use when you check out,” Wilk says. “Gaining access to this account is far more lucrative to a bad actor as they now have access to your multiple stored payment methods versus trying to use a list of one-off stolen credit card numbers, which may or may not be valid.”

Rewards accounts are targets, too
Another goldmine for fraudsters is rewards points stored online in retail store accounts such as Kohl’s, which pays users store credits called “Kohl’s Cash” as a reward for spending money in the store, Wilk says. Thieves who get access to those accounts can use the stored information to buy expensive, bulky items – say, a coffee table. The thieves have no interest in the coffee table, so they have it sent to the legitimate account holder’s address – using the slowest shipping method possible.

In the meantime, the store credit for that coffee table accrues and the thieves use it to buy more items at Kohl’s. Then, they either resell or return the items for gift cards before the customer is even aware of the fraud.

The scheme works because that coffee table may take two weeks to show up on the consumer’s doorstep. When it does, the customer may delay taking it to the store and clearing up the fraud because it’s a hassle, Wilk says.

More hassle, more potential loss
Compared to a credit card hack, the consequences and hassles for consumers are higher with account takeover. Federal laws and most issuers’ zero-liability policies mean you usually don’t have to pay fraudulent charges.

But if a fraudster cleans out your bank account or takes out a loan in your name, “Your money is gone,” Kount’s Bush says. “The bank isn’t putting it back while they do their investigation.  They may say that you don’t need to pay back the loan while they do their investigation, but if their investigation finds no evidence of fraud, they may charge you for interest and penalties if you didn’t pay.”  How does this all start? You may click on a link that downloads keystroke logging malware onto your computer, Bush says. That tracker will note that every time you click on your bank’s website, you type a certain set of characters and then hit enter, he says.

“It’s easy to figure out that’s your email and password,” he says. “The malware sends it to the fraudster’s network. The malware works in the background. It’s very difficult to detect.”

To fight back
Although the incidence of account takeover fraud is on the rise, you’re not helpless. Here are some steps to protect yourself.

  • Use different usernames and passwords for different accounts.
  • Change your password every four to six weeks.
  • Use a password manager such as LastPass to help generate difficult usernames and passwords and store them securely without the need to remember them.
  • Reconcile or balance your bank account every month.
  • Give all of your account statements more than a passing glance.

“Often, consumers are lazy,” Bush says. “We get our account statement or bill and say, ‘It looks good to me.’ We pay the minimum charge and don’t look at it in depth. Criminals take advantage of that laxity.”

To see original publication, go to http://www.creditcards.com/credit-card-news/account-takeover-fraud-rising.php

 

How you type, move your mouse may help catch fraudsters

 For CreditCards.com/Published March 3, 2016

By Karen Haywood Queen

You type fast and hard on your computer keyboard while your boss uses a two-fingered, hunt-and-peck style. You hold your mobile phone in your left hand and text with your right, but your left-handed sister does the opposite. You always log into your bank account lying in bed and holding your phone above your face.

Increasingly, security companies are tracking these distinct behaviors to protect you, financial institutions and e-commerce sites against fraud. The technology also reduces irritating false positives — when you have to prove you’re really you before making a financial transaction.

Fraudsters can hack your credit card number, name, password, PIN, bank account number and more. But they can’t steal the way you hold your mouse or tap your keys.

“The way you move your mouse is different for each person,” says Natia Golan, senior product manager at BioCatch, in Tel Aviv. “We’re looking not just at typing speed, but at what kind of keys you are using. Are you using tabs? How hard do you swipe? Are you holding your mobile in a certain way? Every time you type do you put your tablet on a table or desk?”

TYPING-BASED ANTI-FRAUD TECHNOLOGY COMPANIES
Information about exactly who is using the new typing-based algorithms and how many consumers are affected is hard to come by. But the companies supplying the technology can give some hints:

• BioCatch has been offering its technology for two years, during which the company says it has protected 33 million users with 1 billion transactions, including customers of e-commerce sites, the top five banks in the U.K., as well as banks in France, Spain, Italy and Brazil.

BioCatch also is part of the Early Warning partnership owned by seven major banks in the U.S., which provides risk management solutions to 2,300 financial institutions, government entities and payment companies, Golan says.

• BehavioSec, which began working on its technology in 2006, now has more than 15 million users and logged more than 1.5 billion transactions in 2015, according to the company website. Clients include banks in Sweden, Switzerland, Belgium, the Netherlands, France and the U.K., Costigan says.

• NuData Security was founded in 2008 and its customers include Fortune 50 financial services and e-commerce companies, including some of the largest financial and e-commerce companies in the world, a company spokeswoman says.

 

These behavior-based technology algorithms are offered by at least three security/behavior biometrics firms and used by financial institutions, e-commerce sites and others worldwide. The technology can flag attempted account takeover, card-not-present fraud and other online fraud in real time, even if the fraudster steals or hacks a verified device such as your mobile phone, tablet or computer.

These algorithms can also verify that you are who you say you are if you forget to give your credit card issuer a heads up before, say, taking your first trip to Argentina.

“We’re looking to really understand what that person looks like in the digital world,” says Ryan Wilk, director of customer success at NuData Security in Vancouver, British Columbia. “By knowing how you type, how you hold your mobile device, how much of your finger is actually landing on the machine, we can determine if it’s truly the correct human interacting with that device.”

High stakes
A lot of money is at stake — both in terms of theft and loss of customer business. “For corporate accounts, we’re talking about a lot of money, accounts that have millions of dollars that can be stolen,” Golan says.

As for false positives, consumer irritation sometimes evolves into a lost customer. Someone who can’t get a legitimate transaction to go through is likely to move on to another e-commerce site or credit card and may never return — cutting into a lifetime of potential profit, Wilk says.

“A $20 buy can turn into thousands and thousands of dollars over a lifetime of spending” he says. “You’re building up that level of trust and consumer relationship.”

How it works
The technology doesn’t replace other anti-fraud technology, but adds another important layer. “Institutions are going with the assumption that data is compromised,” says Julie Conroy, research director at research firm Aite Group. “They’re building their defenses to be multi-pronged, multi-layerered. I’ve spoken with a number of banks who either have this technology in pilots or have rolled it out on their mobile/online channels.”

The hundreds of behaviors tracked include typing speed, typing strength, how much of your finger hits a key, whether you’re right- or left-handed, how you move your mouse, how and if you use the tab key, whether you use other keyboard shortcuts, and the angle you hold your mobile device. More behaviors can be tracked for mobile devices because these are often used in three dimensions, compared to two dimensions for a computer.

Major banks contacted by CreditCards.com (including Chase, Bank of America and Wells Fargo) declined to comment on their anti-fraud technology.

But technology vendors say, depending on how involved the consumer’s transactions are, the technology needs three to 10 sessions — sometimes more — to develop a user profile. That profile yields fraud detection rates of 83 to 99 percent (often higher for mobile devices) with false positive rates of only 1 to 2 percent.

Some people quickly move to a button, rest there and then click it. Some people zoom in.
— Neil Costigan
CEO, BehavioSec

Each company’s simple JavaScript is embedded in the clients’ online banking or e-commerce applications and captures information such as where the consumer’s — or fraudster’s — mouse is, pressure on touch screens, area under each finger as well as typing speed and style on a computer keyboard or mobile device. For mobile phones and tablets, the gyroscope and accelerometer assist to provide information, says Neil Costigan, CEO of the behavioral biometrics firm BehavioSec in Lulea, Sweden.

“We find people have small nuances,” he says. “Some people quickly move to a button, rest there and then click it. Some people zoom in.”

Compared to legitimate users, fraudsters quickly navigate online financial and e-commerce sites because they have practice from previous fraud forays, BioCatch’s Golan says.

Another tell is that fraudsters are often speedy, more efficient typists than typical consumers, Golan says. Fraudsters know more keyboard shortcuts — for example, they know that “shift tab” is the opposite of tab. “The fraudster knows the shortcuts,” she says. “He knows every time he presses ‘tab,’ the cursor lands on the address. Most people, every time they press the tab key, will need to look again at the window to see where the cursor is before they start typing. The fraudster types really fast and it looks different when you analyze his interaction.”

On the other hand, fraudsters are not as familiar with some of the data they’re inputting — that would be the names, addresses and other info of the consumers they impersonate, Golan says.

“When you have to fill in information about yourself, you’re very confident about your name, phone number and address,” she says. “If the fraudster needs to copy the information from another window, he will type it very slowly.”

Stopping suspected fraud
Each entity using the technology can set its own risk parameters. For example an e-commerce site selling low-value goods might opt to let more risk through to reduce false positives and the potential customer loss, NuData’s Wilk says. But an online retailer selling jewelry at $10,000 or more might set the bar lower because the stakes are higher if a fraudster succeeds. An entity also might react to a deviation depending on what you — or the person posing as you — is trying to do, he says.

The fraudster types really fast and it looks different when you analyze his interaction.
— Natia Golan
Sr. product manager, BioCatch

“Suppose it’s the same device, the same connection, but something has changed,” Wilk says. “The typing is not the way you normally do. It could be that you’re typing only with your right hand because you’re holding coffee or a briefcase in your left hand. Even though the log-in looks risky, the system could let the user continue through. But now the first thing the user wants to do is change the email account. The typing style was the first risky event. Now the user wants to do something risky within the account.”

At that point, the e-commerce site or financial institution could push for a second-factor verification such as a text message or voice call, Wilk says.

Or, you may be tested without even realizing it — with what’s called an invisible challenge such as making your cursor disappear, Golan says. “Imagine you are working on your computer and the mouse cursor disappears,” she says. “You do a swipe with your mouse to see where it went. Each person does that swipe in a different way. That’s another way we can differentiate between users.”

Improvement rates fuzzy
In one pilot with a top five retail bank in the UK, BioCatch showed a fraud detection rate of 83 percent with false positives of just 1 percent, according to a case study. NuData helped one of its e-commerce clients reduce by 20 percent the number of good customers whose transactions had to be reviewed before they could proceed — a situation the financial institutions call  “customer insult,” Wilk says.

Financial institutions are reluctant to reveal just how much this technology improves their rate of catching fraud, says BehavioSec’s Costigan.

“It’s very commercially sensitive and banks just won’t share it with us,” Costigan says. “That would be the million dollar question if I could get our customers to say what the return on investment was.” But BioCatch works with its clients on annual contracts and, he says, “We don’t have anybody not renewing.”

To see original publication, go to http://www.creditcards.com/credit-card-news/how-type-move-mouse-help-catch-fraudsters.php

One Credit Card? Or Many? How to decide

Your credit history, appetite for rewards will help you choose solitaire or full deck

 For CreditCards.com/Published February 22, 2016

By Karen Haywood Queen

Visa? MasterCard? American Express? All of the above and more? When it comes to credit cards, there are pros and cons to owning just one card or playing with a full deck. Depending on your fiscal self-control and other factors, there’s a winning hand for you.

Playing solitaire: Using just one credit card
Having just one credit card means less temptation to get into trouble by overspending, says Rod Griffin, director of public education at credit reporting agency Experian. Getting out of trouble is easier, too. “If you do become over-indebted, you can stop using the card, start paying it down and get out of trouble more quickly.”

For most people, managing one card is easier than keeping track of multiple cards — and bills. “You have only one bill to worry about paying on time,” says Can Arkali, principal scientist at the credit scoring company FICO.

If you’re the type of person who tends to have your credit card charged to the max, then the more cards you have, the more debt you’ll have.
— Dara Duguay
Credit Builders Alliance

On the other hand, having only one credit card restricts your access to some services and merchants, Griffin says. If the store or other provider doesn’t accept your card, then you can’t charge the item or service.

Also, if you max out that one card and then have a legitimate emergency — not a fabulous sale on your favorite shoes, of course — you’re out of luck, says Dara Duguay, executive director of Credit Builders Alliance.

As for building a credit history, it’s possible to do so with only one credit card, but it takes longer. “If you use one credit card well, keep the balance low, make a small purchase every month and then pay the balance in full, it will help you build a strong credit history and build good credit scores,” Griffin says. “It may take longer than it would having two or three credit cards. But you can have very good credit scores with just one credit card.”

Credit Builders Alliance recommends three credit lines to build a credit history — a mortgage, car loan and a credit card. A young person who doesn’t have a mortgage or car loan might want to consider a second credit card to help build that credit history, Duguay says.

Full deck: Using multiple credit cards
Having multiple credit cards can give you plenty of options in case one is lost, stolen or not accepted. But a wallet bulging with credit cards can trick you into thinking you’re flush with cash.

If you have good self-control, having a number of cards with little or no balance may help your credit utilization ratio, which is simply your total balances divided by your total credit limits, Griffin says. The more available credit you have, the lower your utilization ratio will be, assuming you don’t spend more — and that helps your credit score.

Disciplined rewards chasers also can boost their rewards points through the sign-up bonuses that come with new accounts, and by using different cards for different categories of spend. For example, you may have one card that gives you 3 percent cash back for gas spending and another that gives you extra points for travel purchases.

On the other hand, those benefits can be quickly wiped out if you don’t pay off your balance every month. “If you’re the type of person who tends to have your credit card charged to the max, then the more cards you have, the more debt you’ll have,” Duguay says.

You’ll also have more hassles if your credit card-stuffed wallet is stolen. You’ll need to contact each card issuer to report the theft. And if you autopay bills on different cards, you’ll have to sort out which card matches each account as opposed to calling only one or two companies. “The more cards you have, the more unraveling you have to do,” Duguay says.

Know when to hold ’em
What counts as too many cards for one consumer might be just enough for another cardholder. To learn whether you’ve dealt yourself a good hand, get a copy of your credit score and look at the risk factors, Griffin says.

If the risk factors say you have too few revolving accounts, then consider opening another account. If the risk factors say you have too many revolving accounts, then you should probably consider closing an account or three, Griffin says.

Finally, if the risk factors say your utilization rate is too high, then it’s time, or even past time, to get your balances under control. “If your risk factors indicate your utilization rate is too high, you need to pay down the balances on one or more of your credit cards,” Griffin says. “High utilization is a sign that you overspend with credit and are taking on debt you may not be able to manage. Rather than opening new cards, which simply increases temptation and results in greater debt, you should stop using your credit cards and pay down your current balances.”

Consider financial goals before you act
Before you start opening or closing accounts, look ahead. If you’re planning to apply for a mortgage, car loan or other major loan in the next three to six months, don’t rush to close accounts, Griffin says. Closing an account affects your credit utilization ratio and will cause your credit score to fluctuate.

“If you go from using 30 percent of your available credit to 100 percent of your available credit because you simply have less available credit, this could negatively impact your score,” FICO’s Arkali says.

You don’t need a lot of credit cards. One, two or three is sufficient from a credit reporting standpoint.
— Rod Griffin
Experian

For example, consider you spent $1,000 on a vacation spread out over three credit cards with a $1,000 limit each. You have used 33 percent of your available credit. But if you close two of the accounts, that same $1,000 suddenly is 100 percent of your available credit.

Keep in mind, however, that closing accounts does not immediately harm your credit history, another component of your credit score. “When you close a long-standing account, it does not suddenly disappear from your credit report,” Arkali says. “The FICO score will continue to consider a closed account when it determines the length of your credit history, a category which makes up 15 percent of the score’s calculation.”

Experian retains the history linked to an account 10 years after the date it’s closed, Griffin says. “You don’t have to worry about losing the history, just the utilization” and credit line, he says.

Both experts also advise caution when opening new accounts. “It’s best not to apply for new credit either,” Arkali says, when you think you might be in the market for a new home or car loan. “That creates instability in the credit history, which can cause fluctuations in the credit score.” Any new accounts lower your average account age, which will have a larger impact on your FICO score if you don’t have a lot of other credit information.

Although you might think that those new accounts would improve your credit utilization rate, that strategy can backfire, Griffin says. “Opening a bunch of accounts in a short time is a sign of credit risk and can offset the benefit of increased credit limits,” he says.

In addition, new credit requests, called “hard inquiries,” can also temporarily ding your FICO score a few points, Arkali says. “Rapid account buildup can look risky if you are a new credit user,” he says.

The sweet spot
For most people, one to three credit cards is probably the winning hand — with two being the sweet spot. “My advice always was, ‘You don’t need more than two,'” says Duguay, who worked as a credit counselor in the 1990s. “It’s good if you can limit yourself to two or no more than three.”

Says Griffin: “You don’t need a lot of credit cards. One, two or three is sufficient from a credit reporting standpoint.”

But it’s not the cards you have. It’s how you play (manage) them.

“I actually know somebody who collects affinity credit cards with pictures on them,” Griffin says. An affinity card is affiliated with an organization, such as a school or charity or sports team. “He has 100. He has perfectly fine credit scores. What matters is how you use those accounts. Credit scoring is less about how many cards you have than how you manage those cards.”

To see original publication, go to http://www.creditcards.com/credit-card-news/one-many-credit-cards-1264.php

Know your fraudster: 8 types of card criminals

The crooks specialize now, from malware coders to mules

Published Jan. 26, 2015 for CreditCards.com

By Karen Haywood Queen

You open your credit card bill and see a bogus charge. Yep, you were hacked. You’re not alone – but most likely, neither was the criminal who used your card.

Card fraud is a staggeringly big business: A Federal Reserve payments study released in July 2014 found more than 28 million unauthorized transactions on credit, debit and prepaid cards, totaling $4 billion in fraudulent charges. Behind those numbers are multiple layers of criminals.

“A lot of people assume that the hacker is the person who steals the credit card number and uses it — a single person,” says Jeff Foresman, information security compliance lead with Rook Security in Indianapolis. “But the concept of some guy sitting in his basement doing all this is not valid anymore.”

Until 2003, most online crimes were isolated vandalism — “anti-social self-expression using high-tech means,” according to a 2013 report from Kaspersky Lab. By contrast, today’s cybercrime is a sophisticated, widespread business meant to make money illegally, the report says.

While a few rogues still steal information and use it themselves, most credit card fraudsters are part of a large underworld industry.

Organized crime, much of it based in Eastern Europe and Russia, helps bankroll the criminals involved, says Loc Nguyen, chief marketing officer at data security company Feedzai Inc., in San Mateo, California. An IT specialist working for organized crime gangs in Eastern Europe can make 10 times what he’d make in a legitimate job — or more.

“These are not high school kids — these are highly organized, well-funded organizations,” says Nguyen. “The business of hacking has gone from a mischievous activity conducted by hobbyist developers to an occupation of paid professionals working closely with organized criminals. Just like any company, they have specialists, people who write the code, people who run the equivalent of e-commerce sites and people who buy the card numbers. They have upper management and an endless supply of workers.”

There are multiple ways to get your credit card information and there are different types of criminals who specialize in each. Once they have your info, numerous players stand ready to use it for their profit. The whole industry includes malware writers, several types of thieves who use card skimmers, operators of websites selling card data, credit card counterfeiters and end users: people who buy and shop with stolen credit cards. (To get a taste of life on the lower rungs of this criminal enterprise, check out “‘A day in the life of a common credit card crook.”)

Sound complicated? This guide breaks down the eight professions and their job descriptions.

  1. Malware writers
    Malware authors write the software code that remotely hacks into major databanks to get stored credit card numbers, Nguyen says. Many are young men who are either from Eastern Europe and Russia, or who have connections to people in those areas, he says. Some malware writers are part of organized crime rings, others are freelancers selling code with no idea of who uses it, says Jay Jacobs, managing principal and co-author of the 2014 Verizon Data Breach Investigations Report.

“Someone will create the malware, then they sell it for hackers to use to steal credit card data,” Rook Security’s Foresman says.

The code writers evolve quickly to stay ahead of the good guys. After the 2008 arrest of master hacker Albert Gonzalez for, among other things, stealing credit card information from clothing retailer TJ Maxx, malware writers changed their focus from major companies to smaller businesses, says Jay Jacobs, managing principal and co-author of the 2014 Verizon Data Breach Investigations Report. They began using devices or small programs known as keystroke loggers to capture information typed into the systems of small businesses whose point-of-sale terminals are often open directly to the Internet via third party servers, Jacobs says.

Now the focus is back on major retailers and businesses using programs called RAM scrapers that take payment card information from the merchant’s point-of-sale system while it’s still being processed inside the terminal, Jacobs says.

Because the terminals at large businesses are not directly connected to the Internet, the criminals must work their way through the company’s system to find a part that is connected to the Internet so they can get the stolen data out. That can take time, but the payoff is potentially huge. “Rather than focusing on 10 victims and getting a little data from each, there’s a shift back to multiple weeks targeting a lot of data from one large victim,” Jacobs says.

  1. Phishers and spoofers
    Some malware coders specialize in creating phishing emails designed to get you to give up your personal information. Others perform these duties in addition to writing other kinds of code, Nguyen says.

These phishing fraudsters may work with or separately from spoofers — criminals who create websites that are designed to look like the real thing but are instead run by criminals seeking your personal information, Nguyen says.

“They may have hacked into a database to get your email address ,” he says. That’s why you should be concerned about email hacks such as the one discovered at Home Depot.

Besides targeting consumers, phishers also often target nontechnical employees of banks or retailers that handle a lot of consumer data. The “From” address is spoofed to make it look like it has come from a trusted insider.

  1. Shady clerks and wait staff
    The same guy that’s serving your food may be dishing out your credit card number to an organized crime ring. Gangsters sometimes score credit card information by putting employees of legitimate businesses on their payroll, Jacobs says. “They’ll approach an employee — at a restaurant, hotel, retail chain or anywhere that handles credit cards — and bribe them” to skim customers’ credit card numbers when they swipe the credit cards, he says. “The employee is paid by the number of cards they’re able to skim.”

These employees use small portable skimmers that fit in the palm of the hand and steal your credit card number as they process your payment for the legitimate business, he says.

Working the skimmer scam in person is easier at restaurants where the server takes your card away than at retailers or hotel chains where the employee has to use the skimmer under the counter right in front of you, Jacobs says.

Although many of these workers answer to organized criminals, some work alone, skimming your credit card information for themselves, Jacobs says.

  1. Skimmer installers
    Another brand of criminals mounts hidden skimming equipment anywhere credit cards are swiped. Good targets are unmonitored payment locations, such as gas pumps, vending machines and train ticket kiosks, Jacobs says.

These skimmer installers vary widely in skill and sophistication. Like the shady employee with a skimmer, some operate as part of organized crime gangs and others operate alone.

They may leave a skimmer in one location for a few days, gather a few hundred credit card numbers and then stop collecting data before they get caught. “The longer the skimmers are on there, the more likely they are to get noticed,” Foresman says.

Yesterday’s old-style skimmer installers were often caught when they came back to retrieve the equipment and stolen data. New technology creates wider buffers. Today’s more sophisticated installers use skimmers connected via Bluetooth so they can download stolen data from the safety of the parking lot, the Verizon report says.

Tech savvy fraudsters can also buy skimmers with built-in SIM cards enabling remote configuration, remote data uploading and even tamper alerts that, if triggered, will cache the data and send it out immediately.

Sometimes these skimmers also are paired with cameras or keystroke loggers to capture additional information including your PIN, ZIP code and the card validation code (also called CVV2 or CVC2) that is written but not embossed on your credit card, Foreman says.

  1. Fake technicians
    This con artist looks and acts like a company technician. But beneath the designed-to-fool persona you’ll find a fraudster out to tamper with a legitimate company’s credit card processing machines.

The scenario plays out with someone walking into a store with an authentic-looking work order to replace the old credit card terminal, Foresman says. But this tech guy has no connection to the real processing provider. The new terminal installation comes with an extra feature: a computer chip that copies credit card numbers and sends it out to another online server.

These setups allow fraudsters to get all the magnetic stripe information and PIN numbers from swiped cards, Foresman says. “If I can capture the entire track that’s on the magnetic strip on the back, I can make a new card or overwrite an existing card,” he says.

  1. Counterfeit credit card manufacturers
    These modern day counterfeiters don’t make $20 bills. Instead, they buy stolen credit card numbers and make fake credit cards. All that’s needed are imprint machines, a magnetic card writer and, sometimes, credit card stock — all of which are for sale legally, Nguyen says.

“With less than $1,000 invested, you can have your credit card maker,” he says. “The equipment itself isn’t illegal.”

Sometimes, criminals don’t even need new card stock. Instead, they can take the magnetic stripe data from the stolen cards and overwrite it onto existing credit cards or even onto hotel key cards, Nguyen says.

That’s one reason merchants may ask to see your credit card for a transaction. They want to compare the last four numbers embossed or printed on the front of the card with the last four digits of the account number that the magnetic stripe sends to their system to make sure it matches, he says.

  1. Data sales websites
    The credit card numbers that don’t end up on fake cards often end up on websites offering credit card numbers for sale. Operators of these sites offer thousands of credit card numbers and associated information for sale.

“You can go online and buy 1,000 Visa platinum cards,” Foresman says.

Also for sale are card expiration dates, card validation codes, ZIP codes and PINs, Foresman says. The prices vary from $2 for a single unchecked credit card number to more than $100 for a complete data sets called fullz.

“It’s just like eBay,” Nguyen says. “You go on, put in your search criteria, where you want the card. Do you want MasterCard or Visa? Do you want the PIN and the address? The more valuable the information, the more the fraudsters are willing to pay for it.”

Unattended gas stations and vending machines are more than great places to obtain credit card numbers — they’re also good places to test hot cards and card numbers, he says. If a small purchase goes through, the card is verified.

  1. Shoppers, mules
    At the end of the chain are crooks who buy the fake credit cards or fraudulently obtained card numbers and shop with them, typically for items that then can be resold. They buy big-ticket items at electronics stores such as Apple or major retailers such as Home Depot, Nguyen says.

Grocery stores — because they sell gifts cards that can easily be resold — are another big target. “They want to use cards and get cash out of the system,” he says. “They buy $500 or $1,000 worth of gift cards and go and resell them.”

Spending habits differ by the mode of purchase. Thieves who use the cards in face-to-face transactions tend to spend about $450 in the course of a week, often at supermarkets and home-supply warehouses, according to data compiled by Feedzai.

Those shopping online tend to spend about $900 over five days. They target electronics sellers and discounters, according to Feedzai data. To avoid detection, they have the items shipped somewhere other than their home address, Nguyen says.

Though the latter would seem to be more efficient, it’s all a matter of taste if you’re a criminal. In-person crooks prefer not to have to deal with e-commerce hassles such as fake shipping addresses or proxy servers. “To each their own,” says Nguyen. “The opportunity, or ‘market,’ for fraud is so big that there’s room for all kinds of talents, just like honest professions.”

Sometimes, “mules” are hired to do the shopping — often unaware that they’re part of a scam. These end-of-the-line criminals are the ones who tend to get caught, Nguyen says. “They get arrested, make the news, and then are replaced with other people,” he says.

 

Estate Planning For $1 Million +

Published June 9, 2015 for Forbes​BrandVoice/RBC Wealth Management 

By Karen Haywood Queen

Estate planning is essential for everyone, no matter how simple or small the estate. But once your estate edges close to $1 million, the complexities increase. Unless your estate is valued at more than $5.43 million—or $10.86 million for a married couple—you’re exempt from federal estate taxes.

But some states impose estate and/or inheritance taxes at a lower threshold, with most around $1 million to $2 million, although the cutoff is only $675,000 in New Jersey. A comprehensive estate plan can help to maximize what your heirs receive and ensure that your wishes are followed.

Understanding Wills Vs. Trusts

Most people start their estate plan with a will, said Bill Ringham, senior manager of Wealth Strategies at RBC Wealth Management. That’s because wills are relatively easy and inexpensive to create. But for more complicated estates—as those that exceed $1 million often are—a will may not be the only solution to consider.

Wills are a matter of public record, which means anyone can find out the value of your estate and who your beneficiaries are, Ringham said. “A very public figure such as a politician, entertainer or professional athlete might not want people to know what they’re leaving in their estate,” he said. “Or, someone might not want people to know exactly how much is being directed to their children and how much is being directed to charity.“

For a more private resolution after death, many people with larger estates choose to put their assets in revocable trusts, also called living trusts. You transfer assets into the trust and those assets are managed by a trustee—often that trustee is you—for your benefit while you’re still alive.

As the name implies, the trust can be modified during your lifetime. When you pass away, the trust can specify that assets be distributed to your beneficiaries, or a successor trustee can be named to manage and control the trust for your heirs.

A revocable trust can include real estate, cash and non-retirement/non-qualified investments accounts, non-qualified annuities, and tangible personal property such as cars. Retirement accounts such as 401(k)s and -deferred IRAs cannot be placed in a revocable trust. There is no minimum amount for establishing a revocable trust, but such trusts become more attractive as an estate becomes more complex and exceeds $1 million, Ringham said.

“With a trust, no one can see where you’ve left your money,” Ringham said.

Family Estate Planning

Trusts often take less time to settle than wills, since wills must also go through probate. Administering an estate with most assets in a revocable trust could take six to nine months, Ringham said. Probating a will, especially in several states, could add three months to the typical timeline for a trust, he said.

Cost varies by state. “Many of our clients, especially northerners, have homes in more than one state—a primary home in New York, a home in Florida, another home in California,” said Barry Zischang, an RBC Wealth Management consultant. “Going through probate in three states will be expensive and a lot more work. By having individual homes titled in a trust, you can avoid that.”

Setting up the initial trust document isn’t necessarily more difficult than setting up a will, but trusts do require some additional work, Ringham said. After you set up the trust, you have to change the title in all applicable assets from your name to the name of the trust. If you don’t, the title of the accounts takes precedence over your will or the trust and it may take longer for funds to be released to your heirs.

Give While You’re Alive

While planning for the distribution of your assets after you pass, you can also start giving them away during your lifetime. Since the rules vary by state and each family situation is different, it’s important to consult an experienced financial advisor regarding tax implications that may apply You can give $14,000 per year ($28,000 per year for married couples) to a child, grandchild or anyone else you choose without it counting as a gift under the federal gift-tax exclusion. That’s especially appealing if your estate has grown past the level of being exempt from state or federal taxes.

“[For] every dollar that you move out of your estate, your heirs save [approximately] 40 cents in taxes,” Ringham said. If you give more than that $14,000, it counts as a taxable gift and taxes are imposed not on the recipient, but on you as the giver, Zischang said. You don’t have to pay those taxes, but you do have to file a gift tax return and the gift counts against your individual estate exemption of $5.43 million, he added.

However, there are two unique instances where you can exceed that $14,000 individual annual limit with no tax consequences. “You may pay somebody’s tuition at an educational institution in unlimited amounts and that is not considered a gift,” Zischang said. But the payment must be for tuition only—not for books or room and board. And you must pay the money directly to the educational institution—not to the child, grandchild, other recipient or their parents. The other exception is paying medical bills. “If your child or grandchild goes to the hospital and gets a bill for $100,000 they can’t pay, you can pay the hospital or other provider directly and that is not considered a gift either,” Zischang said. You could even help pay for health insurance as long as you write the check directly to the insurance provider, he added.

Irrevocable Trusts

As your assets grow beyond the $5.43 million federal estate tax threshold, you may want to set up an irrevocable trust. Assets placed into an irrevocable trust are removed from your estate, which can make it an especially attractive option for any assets you expect to increase in value, such as stocks and real estate, Ringham said. The assets you put into an irrevocable trust still count against the $5.43 million gift exclusion, but any growth or appreciation occurs outside your estate.

There are some downsides: An irrevocable trust can’t be terminated or modified except under special circumstances. Ringham also pointed out that you will have to draft and file separate tax returns for the irrevocable trust. A well-thought-out estate plan is crucial to ensuring that your wishes will be followed after you’re gone. With the right tools and the help of an experienced estate planner, even a large estate can be handed down to your heirs in exactly the way you intend.

Advances in Fraud Analytics Promise to Stop Crooks, Not You

By Karen Haywood Queen Published May 13, 2015 CreditCards.com

Fighting credit card fraud is a balancing act. On one hand, if you’re in Houston but your card account is buying expensive jewelry in Paris, you want that transaction stopped — now! On the other hand, if your first trip to the Bahamas includes renting a boat, you don’t want your day ruined by an overprotective computer program blocking the charge as suspicious.

New anti-fraud analytics and mobile phone geolocation tracking offer hope for both problems. Used on their own or together, these technologies can help your credit card issuer stop a fraudster early in that international spending spree, while also reducing “false positives” — those times when a legitimate purchase is flagged as fraudulent.

New analytics lessen anti-fraud failure
Consumers using this technology “now have peace of mind,” says Loc Nguyen, chief marketing officer for Feedzai Inc., a San Mateo, California, company that provides this technology to credit card issuers. “Knowing their bank is watching gives consumers satisfaction that their money is being protected.”

A lot is at stake. Currently up to 80 percent of transactions that are declined when consumers are traveling abroad actually are legitimate, says MasterCard spokesman Bernhard Mors. Issuers spend hundreds of millions of dollars annually to manage customer service calls related to pre-travel requests and to research declined transactions, according to estimates from Visa.

Visa, MasterCard, Feedzai and FICO all have new solutions designed to lower those costs and make fraud detection more accurate. So when that fraudster in Paris tries to use your card, the authorization is more likely to be declined, or you’re more likely to get a text or call alerting you to possible fraudulent activity.

And when you try to rent that boat in the Bahamas, these tools mean the credit card is much more likely to be honored.

Better analytics
FICO is one of the oldest and biggest players in anti-fraud analytics. Its Falcon Fraud Manager technology is 20 years old and is used by 9,000 banks worldwide covering two-thirds of payment cards, says Scott Zoldi, FICO’s vice president of analytic science.

In recent years, FICO has rolled out an updated version called Falcon 6 that is able to immediately learn when fraudsters change their methods, Zoldi says. More than two-thirds of the financial institutions using Falcon are either already using Falcon 6 or moving to it, he says.

“Fraudsters are continually adjusting their tactics and it’s a never-ending battle,” Zoldi says. “That is why in Falcon 6, the adaptive and self-learning models and capabilities are so important … the model can continually refine itself based on the motives and calculated movements of the fraudsters.”

The new technology also keeps track of your behavior and can quickly determine if an attempted transaction is part of your normal patterns. “When I go and take money out of an ATM, I don’t go to a random ATM — I have favorites,” Zoldi says. “If Falcon saw me taking a large dollar withdrawal from an ATM I haven’t been to before, that’s riskier.”

If we saw a score of 85, we consider that very risky. But when we see a location match, we’re able to say that decreases the risk.
— Eden Smith  Visa

Although reducing fraud is important to card companies, reducing false positives may be even more important from a customer service point of view. A 2014 scientific national poll by CreditCards.com found that among frequent card users, 42 percent said having a legitimate transaction blocked made them feel annoyed, embarrassed or angry — conditions that would cause customers to turn away from their cards. In a 2012 study by Finsphere, a Bellevue, Washington, company that provides mobile identity-authentication services, 54 percent of those surveyed said they would be less likely to use a credit card in the future if it had been declined and 48 percent said they’d consider changing cards. “We are committed to reducing fraud,” says MasterCard’s Mors. “But we also want to drive a better consumer experience.”

Your history, habits go into a score
With a detailed history of your personal behavior, card issuers are better able to pinpoint activity that may be uncommon for others but isn’t for you — and thereby reduce false positives. “For example, if customer ‘Joe’ tends to frequently make a large number of large payments associated with online gambling, that is normal for ‘Joe’ but perhaps not for other customers,” explains Zoldi.

All of this information feeds into a numerical score. FICO’s Falcon systems rate credit risk from 1 to 999, with a score of 1 having the lowest probability for fraud and a score of 999 having a high probability, Zoldi says. The model also identifies the ratio of fraud to false positives at each score. For example, at a score of 960, for every three transactions, two are legitimate and one is a fraud, he says.

Banks target different strategies at the higher score ranges based on their fraud experience, Zoldi says. One bank may decline every transaction with a score of 980 and higher while another bank may decline purchases at 990 and higher, he says. Also, certain banks write rules to work at lower score thresholds for more risky international destinations, particularly high dollar transactions in risky merchant category codes.

Besides location, risk factors might include a fast pattern of purchases, especially of electronics and jewelry, Zoldi says.

The time it takes to rank those risks is now measured in milliseconds or less, drastically shortening those awkward moments waiting for a verdict from the cashier or card reader. “When you’re at a terminal and swipe the card, you don’t want to wait a long time,” Zoldi says. “You want it to go rapidly.”

Geolocation tracking
In addition to advanced analytics, some of the new programs also rely on location tracking through your mobile phone. MasterCard, for instance, is working with Tampa, Florida-based technology provider Syniverse on a program that focuses on international transactions and will be available to consumers this summer.

Once you register for the service with your card issuer, a transaction can be matched to your location, which is revealed by data from your mobile network, says MasterCard’s Mors. Because all device types connect to the mobile network, this system is effective using both smartphones and phones that don’t have GPS.

We’re now in the era of the ‘always connected Internet of things’ where this digital exhaust can be captured and recycled to keep our money safe.
— Loc Nguyen Feedzai

Visa’s Mobile Location Confirmation program, which it developed with Finsphere, is due to be in the hands of consumers by the summer travel season and also focuses on international transactions, says Eden Smith, senior product analyst at Visa. To use it, you must download an app to your smartphone and agree to allow the company to use your location for fraud prevention purposes, according to Visa.

Mobile location can be determined using the mobile network, Wi-Fi or GPS. This is especially important for international travelers who may prefer not to use expensive data roaming services. Visa’s location analysis is ongoing so there is no need to wait for your location to be pinpointed after attempting to use the credit card. If your device is in the same location as the attempted transaction, the credit card issuer can more confidently confirm the transaction.

The Visa system scores risk from 1 to 99. “If we saw a score of 85, we consider that very risky,” Smith says. “But when we see a location match, we’re able to say that decreases the risk. Now we can approve the transaction because it’s not as risky as it seemed before.”

While it’s still early days, vendors say initial results look promising. In one pilot program, Finsphere reduced by 55 percent the number of times that legitimate transactions were either declined or required what it calls “intrusive customer contact,” according to a company news release. FICO says both generations of Falcon technology reduce fraud losses up to 50 percent. Falcon 6 also results in 25 percent fewer false positives, the company says.

Technology, attitudes enable results
The reason these programs are gaining traction now is because several factors have changed: computers are faster, smartphone adoption has increased and consumers are more open to being tracked.

Only in the last few years have location-based anti-fraud systems been capable of crunching data fast enough to quickly detect fraud, Feedzai’s Nguyen says. “Even three years ago, fraud systems weren’t able to do this in real time,” he says. “People moving around produce massive real-time data streams that come in too fast for legacy anti-fraud systems to process. We’re now in the era of the ‘always connected Internet of things’ where this digital exhaust can be captured and recycled to keep our money safe.”

Another change making the technology more marketable is the increasing consumer use of smartphones. Two-thirds of consumers now own smartphones, compared to 35 percent in 2011, according to a 2015 survey by the Pew Research Center.

And, as credit card fraud has increased, cardholders have become more open to having their credit card issuer know their location in exchange for improved security, Nguyen says. Nearly one-third of Americans (31 percent) are willing to have a financial institution access their mobile phone data in exchange for protecting their personal financial information from being stolen, according to a March online poll conducted by Harris Poll on behalf of Feedzai.

In exchange for protecting their personal financial information from being stolen, 29 percent of adults said they would allow a financial institution access to their online activity; 23 percent would allow access to their social network accounts and 23 percent would allow access to mobile phone, online activity and social network accounts, according to poll results.

“Five years ago, the attitude was ‘I don’t want anyone to know where I am,'” says Nguyen. “Now, for security purposes, consumers are more willing to make that barter.”

But Visa’s Smith stresses that consumers will still have a lot of control over their information. They first need to opt in to Visa’s Mobile Location Confirmation program, and then they still have options to limit tracking. “They can opt out any time,” she says. “Consumers can say ‘I would like to opt in to this, but for fraud purposes only — not for marketing.'”

CREDIT CARD ANTI-FRAUD SYSTEMS
New systems work both behind the scenes and with consumer-facing apps to better determine whether it’s a fraudster or you trying to make a transaction.
FICO’s Falcon 6
Capable of learning from legitimate cardholder behavior and from fraud attempts so it can more quickly identify new types of fraud. Uses merchant location and distance from consumer’s home in its fraud detection model but does not use mobile device analytics, yet. Future versions will incorporate mobile device location. Analyzes both domestic and international transactions.
Feedzai
This fraud-detection engine is used by banks, which may incorporate it into their banking apps. Can analyze tens of thousands of transactions per second in real time, track online and in-store consumer behavior and learn from that behavior. Analyzes both domestic and international transactions.
Visa’s Mobile Location Confirmation/Finsphere
Works through mobile banking apps offered by participating financial institutions, and focuses solely on international transactions. Once a cardholder opts in, their location can be determined using their mobile phone network, Wi-Fi or GPS. Those options are especially important for international travelers who may prefer to use Wi-Fi rather than GPS, which relies on expensive data roaming services.
MasterCard/Syniverse
Works even on mobile phones with no Internet access. No app required. Users register with their card issuer for the service, then travel with their mobile device. Location is tracked through the mobile service provider. Focuses solely on international transactions.