Risk Review FAQ – A Guide to Risk Review

Fraud Specialist, Risk Specialist, Compliance Specialist, Due Diligence Specialist

A Comprehensive Guide to Commercial Risk Review, Risk Management, Fraud Prevention, Business Loss Prevention, Bank Fraud Prevention, Due Diligence, Compliance, Audit, and Much More…

Recently Bill Trueman (an independent fraud and risk specialist) director of RiskSkill, wrote a comprehensive article on Risk Review, Due Diligence, Compliance, Fraud Prevention, Risk Management, Fraud Detection, Mobile Payment Risks, Card Risks, and lot more. After reading this article you will get answers of all the following questions.

What should I do to prevent Losses in my Business/ Bank/ Organisation/ etc?
What can I do to Stop/Detect/Prevent any kind of risk in my Organisation?
How a Risk Specialist Can Help to Stop Losses in a Company/ Bank/ Organisation?
How to Review the risk within an organisation before making an acquisition?
What is Due Diligence?
What is Compliance?
What is Operational Risk Review?
What is Credit Risk Review?
What is Financial Risk Review?
What is Enterprise Risk Management?
Can Fraud/Risk be Prevented ?
Can Card Fraud be Prevented ?
What is a Risk Review?
Can Mobile Payment Fraud be Prevented ?
How can Frauds be Prevented in Insurance Companies?
How can Frauds be Prevented in Telecom Companies?
Is Hiring a Fraud & Risk Professional is Costly Affair?
Where can I Find a Good Reliable Risk & Fraud Specialist?
Does RiskSkill Provide its Services Globally?
When Should I take Solutions provided by Riskskill or other Consultants?
What is VISA/MasterCard Compliance?
Our organisation has been instructed to perform an independent risk review by one or more the international cards schemes, what should we do?
Is hiring a Risk / Fraud professional expensive?
What are the Benefits of Hiring a Risk Specialist?
What does a Risk Specialist do?
How to Hire a Risk Specialist?
Where to Hire a Risk Specialist from?

I hope you got lots of good & useful information about risk review and fraud prevention, if you like this article please also share this with  others.

Other Posts Which You May Also Like:

What is Risk Management? Definition & Importance

11 FAQs on EMV Chip & Pin Credit Card Technology

Is EMV Chip and Pin Really the ‘Money Pit’ for Retailers?

Riskskill Appointed by Visa Inc. as an Approved GARS Reviewer

Is EMV ‘A Colossal Waste of Time’ for Retailers?

Top Technology Trends in Payments, Risk and Fraud in 2014

 

Judges Pave Way for Banks in US to Sue Target over 2013 Data Breach

EMV Chip Card

I read with interest that news in Finextra and elsewhere that the banks have been given the go-ahead to sue Target for $30m for the reissue costs associated with the data compromise in 2013. This puzzles me, as I then want to know how the figure of $1200 per card is calculated.

The cost of re-issue will be less than a tenth of that per card. How they can justify that size of loss based upon a reissue alone is not conceivable.

Accordingly, this figure MUST be calculated to include some of the ‘consequential loss’ – i.e. that the compromised cards were then used. Accordingly the banks will have to show a loss on their cards (as well as the costs to them of re-issue).

If I were in Target (and/or the Lawyers in the the defence team) then I would have plenty of defence arguments to tender:

  1. a) What did the banks do to mitigate the losses.
  2. b) What did their systems look for in the unusual transactional activity.
  3. c) As the cards were compromised with limited security feature details lost, why did the banks not check the security feature details and prevent the transactions at the time of the authorisations for the fraud losses on these cards (as is done in most other banks – certainly around the rest of the world).
  4. d) As a preventative solution, why had the banks not implemented greater security with EMV (and/ or EMV with CHIP and PIN) as this would have significantly (or completely) removed the possibility that these cards could have been of use. The US issuers involved are far behind the global ‘curve’ on upgrading to the latest technology that was introduced across the rest of the world 15 – 10 years ago.

Someone please introduce me – or any other card-fraud/risk/loss specialist to the consortium of banks or their lawyers to help build their case against Target – or better still to the Target people (and/or their indemnity insurers) – they probably have the much better and more fun case to present to the courts.

In all cases and scenarios, this will be a superb case to watch; and reveals how poor the infrastructure in the USA is, and how far behind both the infrastructure and the thinking actually is – on all sides of the argument.

Thanks

Bill Trueman

 

Is EMV Chip and Pin Really the ‘Money Pit’ for Retailers?

Fraud Specialist, Risk Specialist, Compliance Specialist, Due Diligence Specialist

I do not agree with this at all, we should exercise some degree of balance:

Maybe we should have called for a ‘national’ business-case to be written – as this has not been done.

Perhaps we should have examined the global context too: USA is only one country in the world, and just about the only one that has not attempted to create the business case, and the only one where the retailers are/have been (allegedly) feeling this way. Again, the US is the ONLY developed country that has not implemented this USA designed and led initiative.

In many (most?) countries, the retail consortia / lobbying groups have driven these initiatives forward in order to make the sales process better and smoother. For instance, in most countries now, the retailer no longer even touches (or sees) the card – the customer simply dips the card – on his/her/its side of the counter, enters a PIN and removed the card and leaves with a printed receipt. Retailers have insisted on this to:

  1. a) Ensure that the process is speeded up
  2. b) To increase / improve security – by avoiding retailer ‘touched’ on the card
  3. c) To make the transaction fully electronic and thereby reduce chargebacks, a need for paper handling and re-handling when chargebacks and disputes occur.

There needs to be a lot better thinking before we start calling EMV the “Money Pit” for Retailers.

Author (Bill Trueman) is Payments, Fraud and Risk Specialist helping businesses worldwide for risk review, risk management, due diligence, compliance solutions, fraud prevention, mobile payment fraud prevention, card fraud prevention, and much more.

Also visit another blog post on EMV Chip and Pin by Kevin Smith, an eminent fraud and risk specialist and Joint Chief Executive at AIRFA.

For more information on EMV Chip and Pin technology, fraud, risks, pros and cons visit here.

Other Posts Which You Would Also Find Useful:

25 FAQs on Risk Review, Risk Management, Compliance, Due Diligence and Fraud Prevention

Is EMV ‘A Colossal Waste of Time’ for Retailers?

Riskskill Appointed by Visa Inc. as an Approved GARS Reviewer

11 FAQs on EMV Chip & Card Technology

UK Banks Covering up Cyber Crime Losses – City of London Police

A widely-held suspicion that UK banks are covering up the true scale of cybercrime has been confirmed by the City of London Police chief Adrian Leppard, who says that up to 80% of online crime goes unreported to the authorities.

Speaking at a Tech UK conference, Leppard says that the vast gap between what is reported and the actual threat level arises “primarily because banks are happy to write off incidents as costs, thereby costing the consumer collectively and funding ongoing cyber-criminality”.The Commissioner told the audience that the scale of the threat is much greater than the public think, so much so that it may have even surpassed what drugs have delivered to the criminal economy.He argues that the banks’ unwillingness to report the true extent of cybercrime, makes it harder to gain an accurate picture of the threat to the national economy and the resources required by police to counter the criminals.In November last year, a Treasury Select Committee hearing into cybercrime and fraud heard evidence from Dr Richard Clayton, a senior researcher in security economics at the University of Cambridge, who said that “insider” accounts of fraud losses at banks are double the numbers generally reported publicly.This followed a July Home Affairs Committee report on e-crime that accused British banks of letting cyber-crooks carry out crime in a ‘black hole’ of impunity by failing to report or investigate fraud.

Comments by Bill Trueman over this News:

We need to be very careful about articles like this, and comments like this too.

The issue here is about REPORTING not dealing with (investigating, prosecuting and deterring) the crime.

The real question here is, of the crimes that are reported to the authorities (i.e. the police), how many are investigated and how many are prosecuted and how many organised gangs identified and stopped and how many opportunists deterred. We can assume that the answer to these will be “almost ZERO %” on all counts.

I have sat with senior COL police people over many years (mainly in the 1990s) – who have refused to accept reports of fraud from banks, because they have no resources to investigate and prosecute. Accordingly £100 millions’s of card fraud ARE reported and not progressed, and £100 million’s of insurance fraud go the same way without even being reported – except for the MAJOR, MAJOR cases that are accepted by the police from the Insurance fraud bureau.

Try and get Leppard to accet such cases is nigh on impossible as only the top – fraction of 1% are progressed. And do not even start talking about or reporting to the police the Inland Revenue, Local Authority, NHS, Benefits etc. fraud because they won’t look there either.

In the UK, we are held up globally (mainly the banks) for the exceptional fraud collation and reporting on card and banking fraud and insurance fraud – and we were leading with the statistical collation of fraud as UKPLC. This was all done 20 years ago as a fall-out from the Levi Home Office reporting – and ‘wrapped up nicely’ except for the police investigation, and prosecution bit, which is still absent.

So it is easy, but also abhorrent that a police officer shoudl stand up and throw stones at an industry that has been doing its bit for a long time. The industry also funds the fraud reporting centre that HE RUNS as part of the COL police force – so it is actually a) Under his control and b) HIS issue too!

BUT…. lets look at what we are talking about here….. We are asked to believe that banks are “covering up Cybercrime”. What is this cybercrime? As far as the banks are involved, the banks lose money from criminals who are attacking the banks to obtain money through the abuse of the systems and processes. This is always how it has happenned and the banks are good at losing money in this way. Just because a new term started to be used 3-4 years ago – does not change the fraud position:

– Banks are attacked and lose money

– Some of it will always get misrecorded as bad-debt when the crooks have managed to con the banks that it was thus. The agreement with all parties has always been that this will not be considrered as fraud (Cybercrime) and will not get reported. The police adamantly refuse to accept such reports too – believeing that the banks have brought this upon themselves by lending money in the first place to these cybercriminals (Ironic eh?).

– Cybercrime / fraud losses are experienced, reported and not investigated.

It is OK to moan at the banks these days – for everything, and often they are to blame for a lot of their mistakes, but in this case we must be careful to spot that here we have a big policeman throwing stones from a very big greenhouse.

Perhaps we should start asking him a few big questions and stop this outrageous reporting. It is probably too that he was taken out of context in this reporting, as I am afraif that I cannot believe that a responsible policeman would be so stupid as to criticise his partner banks, his funding bodies and people who are patiently waiting for him to do his job rather than trying to do theirs.

Bill Trueman is Director of Riskskill(http://www.riskskill.com/)

 

Source News: http://www.finextra.com/news/fullstory.aspx?newsitemid=27226

Riskskill Appointed by Visa Inc. as an Approved GARS Reviewer

Riskskill has been approved as a trusted vendor for Visa Inc., and specifically as a Global Acquirer Risk Standards programme (GARS) reviewer. The Visa Inc. risk team monitor acquirer performance – i.e. organisations, often major banks, who process card transactions and other electronic payments for merchants. Riskskill will now assist such acquirers that want to demonstrate their compliance with applicable legislation and card scheme rules.

There are only a small number of similar approved vendors globally and most of these are based in California. With the addition of Riskskill on the Visa Inc. programme, there is now payment and risk management expertise available to acquirers in EMEA and around the globe, including across the wider USA.

Riskskill is a business advisory and management-consulting specialist, which focuses upon risk management practices and compliance within financial services and retail businesses.

The Riskskill team is heavily engaged in this part of the payments sector and has helped many acquirers (and large merchants) to review and grow their business in the right way with strong risk and exposure controls.

Visa Inc, proposes that acquirers engage a Visa-approved reviewer such as Riskskill to carry out a GARS review. They will then work on-site with management and teams at an acquirer to look at current practices and procedures to identify business improvements.

Within a GARS review, Riskskill advises on all aspects of the merchant acquiring business, including merchant and third-party partner/agent recruitment and management, underwriting and sales policy and practice; agreements and contracts; settlement operations and procedures; portfolio quality, ongoing merchant management and monitoring; merchant closure and termination; fraud, chargebacks and compliance programmes; merchant training; and data/systems security.

Kevin Smith, who manages the acquirer GARS practice at Riskskill commented that: “With a deep knowledge of the payments business and risk management requirements, the team at Riskskill look forward to working closely with more acquirers that want to improve their acquiring performance and be able to independently demonstrate this to other organisations such as Visa Inc. We are delighted that Visa Inc. recognises the skills and expertise at Riskskills, and our capabilities in global risk management.”

About Riskskill (www.riskskill.com)

Riskskill is a leading Europe-based risk management consultancy, with an impressive international track record of eliminating the risk of losses, reducing risks and exposures, and working with clients to put in place strategies and programmes of work to remove or prevent losses, regulatory issues and other fraud or bad-debt and compliance problems. Its people are widely accepted as some of Europe’s leading risk and fraud experts and they are frequent commentators on the issues involved. The key team have a wide experience in banking, insurance and the financial services and payments sectors and are thought leaders at the forefront of many industry wide and international debates.

Riskskill(http://www.riskskill.com/) is just one of only six organisations globally that have been confirmed as qualified and approved to complete GARS Reviews for Visa Inc.

For further information, contact:  Bill Trueman or Kevin Smith at Riskskill.com
enquiries@riskskill.com
or
Leigh Richards, The Right Image PR, 0844 561 7586 – leigh.richards@therightimage.co.uk

Read the full story here: http://www.pr.com/press-release/614755

How Enterprise Risk Management can Help a Company?

Fraud Prevention Specialist, Risk Review Specialist

Risks in enterprises can cover a multitude of things and present themselves in many different ways. They can be simple and easy to address, or they can get left and at some point become catastrophic.

Risks can cover a multitude of things and present themselves in many different ways. They can be simple and easy to address, or they can get left and at some point become catastrophic. They can also be known and accepted, or just unknown, misunderstood or arise suddenly to surprise your organisation. Accordingly, it is imperative to understand and to assess the risks as they change, which is fundamentally the root-cause of much legislation across the globe.  Today, it has become very much a cliché that ‘change is the only constant in business’, which makes for the need for continuous risk review, understanding and implementation of new protections and measurements. This is why we see in the media (and the reason why we work with a lot of our clients) details of sudden failures that usually stem from an absence of an understanding of the risks associated with a businesses.  This is also why internal and external shareholders alike are often emphasising scrutiny and expectations of their risk management functions.

What is Enterprise Risk Management?

A lot is talked about ‘Enterprise Risk Management’ (ERM) as a framework to measure, understand, assess and report upon wider business risks and uncertainties; and we also offer such ‘formalised’ services, but at the end of the day, this is a ‘new name’ for a very old concept of better understanding our risks, taking a break from 100% selling and growing a business, starting to consider, manage, and understand the risk in most business decisions; but also then in understand and implement the right solutions. ‘Enterprise risk management consulting services’ or whatever you want to call them, not only refocus a business upon better decision-making but make sure that there is a continuing consideration of the risks and a maintenance of an intelligent culture within a business.

How ‘Enterprise Risk Management’ can help a company?

Again, let’s not get too hung-up on the terminology. The principles are about striking a balance between getting and keeping new business, and making sure that the risks that could destroy a business, or make it less profitable are mitigated.  So it is about ‘applying a framework’ to identify, assess, communicate and address the risks. A risk-management framework can consist of many things, but these should form the core of any such framework:

a)      Risk Governance, Management, and Culture development – i.e. the direction, policy and strategy.

b)      Risk Prevention – by spending the time to put in protections.

c)       Risk Assessment – i.e. looking at the risks

d)      Risk Quantification and aggregation – to evaluate the priorities.

e)      Risk Monitoring – to keep these in-mind and managed.

f)       And Risk Reporting

Smaller businesses do not have such great challenges, as decisions every day are made (often by individuals) upon how to do things. Within larger businesses, it is hard for the CEO or the board-level people to make the right risk-based decisions when their businesses are so widely spread-out, and with so much else to do to please customers, shareholders, markets and (often) the public. Applying the latest ‘ethereal’  model to assess and manage risks, often imposed by legislation, is often the way that the biggest of companies go; and they do this without having a fundamental understanding or without properly thinking about what is actually needed as a bespoke solution for THEIR business.

Advise – What can you do?

a)     Don’t adopt a single framework and try and squeeze it into your organisation and expect it to work. The design will depend upon your organisation’s culture and will want to ‘marry-up with’ your business development requirements – i.e. it has to be right for your business.

b)     Build an understanding and consideration of the risks of new projects and doing business within your culture. We believe that all businesses (internally) should be transparent in including the risks in all decision making and take a broader view on understanding the risk vs. Business trade-offs. We never find that there is a need with the organisations that we work with, to change the existing organisation structure and management; but to improve communication of the risk-adjusted exposures-measurement and decision-making.

c)     Conduct risk management reviews within your business and identify ways that the risk management functions can improve business growth rather than accepting that risk management is a business inhibitor. People buy and work with companies that are safe and have considered the risks properly. In addition, fraudsters and exploiters attack those with the lowest protections and risk management.

Bill Trueman is Director and CEO of UKFraud(ukfraud.co.uk) and RiskSkill(riskskill.com) and member of AIRFA.

Source Article: http://www.ukfraud.co.uk/articles/enterprise-risk-management.html

Top Technology Trends in Payments, Risk and Fraud 2014

fraud prevention expert, risk review expert

1. Big-Data – Big-data has become a buzz-word to capture many things, but in finding risks and fraud, the more data that we look at, the better chance we have of finding unusual features and problems that should not be there. The manipulation of data and looking for such anomalies and patterns is getting ever faster and better – and there are generally lots of clues on ways to make better decisions – e.g. merchants looking at their own trading / selling for unusual sales.

2. Sharing Data within the confines of Data Protection laws (In Uk DPA s29) – This might sound complex, but it is not. Data Protection laws vary slightly market to market across Europe, but the principles are the same as they are governed by EU Data Protection law. Organisations cannot share much data between them because of Data Protection laws that protect us as consumers – and quite rightly so. But they can and do share details of fraudsters and confirmed fraud, and without the same constraints, but there are VERY strict rules on how this can be done and what can be shared in order to protect you and me from abuse of this. There are increasingly more people understanding what the rules are and what can be done, which will help stop more cheats. But equally there are many projects that have been going on for a long time that will never work because of the understanding of the restrictions on what can, and what cannot be done.

3. Making greater use of public data / bureau data. More and more, the value and usage of data bureaux data is being expanded, by the development of new products in the market and the need for organisations to use publically available data to better effect. With much better and stronger payments data, voters’’ role and default data (like County Court Judgments etc.), but also more shared databases available and more people using and sharing such information there are many more things that then can be done with the data. Remember, that every time that we get an insurance quote, ask for a loan, request a credit card or a new phone or gas contract, we are leaving ‘footprints’ at the Data Bureaux, that is all making our habits much more accessible.

 

4.Greater use of Identity and Authentication Data – almost an extension of the data from the Data Bureaux, but with many more people doing things in the market to ‘know the customer’ better electronically and using data. We have almost gone full circle on this – as we evolved from a) Knowing who we were dealing with, b) Letters of introduction and c) “My word is my bond”. uberrimae fidei through to formal identification through d) the submission of passports and utility bills etc., and now to more and more e) electronic pattern analysis identification and crypto-based authentication services. The Electronic identification methods are becoming more refined and using more sources and more data to check that we are kind-of who we say we are, which in a way is a more complex way of knowing the person that we are dealing with (a) and letters of introduction (b). With government initiatives on identity management setting the ‘gold-standard’ of people identifying themselves through approved data identity bureaux, this can only change things for the better in the next 2-3 years.

5. Device identification / fingerprinting. Whenever we are ‘connected’ to the internet, the connectee can see how we are connected – and knows, with some degree of accuracy, what type of device it is that we are connected to and where it is. They have to know to deliver content to us. There are also companies evolving services that are going to become a lot more important who look at the devices that we are using in much more depth to make sure that when we connect to them, they recognise us. This is why, recently, when I tried to pay quite a large bill with my new iPhone, I was asked by the merchant to wait until I was using my normal computer. It realised that I might not be me, because they did not recognise my device. This technology area has a long way to go.

6. Movement away from ‘profiling types of people’ towards ‘knowing individuals’ – this is again a step towards a time in history when one knew exactly who one was dealing with. Insurance companies and loan providers historically have looked at the ‘groups that we fall into’ to predict the type of repayments or claims history that we might exhibit from the post-code / area that we live in, our age, the type of car/house that we have, how long we have been doing something etc.  This of course assumes that we all act the same as our neighbours, people who drive the same type of car/live in the same type house, or geography, or have the same job or family size.; which of course is not usually the case in today’s faster-moving world.  Whether for targeted marketing purposes or more targeted risk assessment and understanding, technology is helping us to be assessed as individuals and increasingly our behaviours are being used to determine what we can purchase and price what we pay for. For instance, insurance companies can price using telematics – devices attached to our car to assess our driving ‘style’ and thereby determine the potential risks involved to the insurance company.

7. Better use of the technology that we already have. The typical example of this today for me is the way that Apple has seen a commercial opportunity to enter the payments sector with ApplePay in the USA. The USA has not yet adopted EMV (CHIPs on payment cards) like the entire rest of the globe, and is losing more fraud than everywhere else, and has an outdated infrastructure that is causing problems for the financial services industry worldwide. The EMV backbone in the UK and across Europe is 15 years old, but the USA infrastructure dates back nearly 50 years. In one announcement, Apple did nothing new, but pulled together EMV, tokenisation (linking payment details at the point of purchase to the real payment credentials stored securely elsewhere and using a standard that exists today, but not widely used), NFC (again a common ‘tap & go’ technology used by millions on the London underground and more increasingly across the UK, but mandated by MasterCard for all payment terminals by 2020 across Europe; fingerprint identification/authorisation on the phone, and less talked about; geolocation technology to determine that the phone is physically where it is supposed to be when making a transaction.  They packaged this with some clever commercial arrangements to get issuer, acquirer, card scheme and merchant buy-in. This ‘sets a standard’ by using existing technology and ‘pulling it all together’ without inventing anything new. Despite the efforts of others, we should see a lot more of this type of using the current technology more in the year to come.

8. CHIP and PIN –  again in the same arena, the use of EMV Chip and enhanced cardholder verification, e.g. PIN, will evolve quickly in the USA to catch up with the rest of the globe. The losses and the stakes are too high for this not to happen. Despite continuing resistance in parts of the US market, with a desire by some people to stick with signature to verify transactions, or no cardholder verification at all; it must change. Signatures, however captured, take longer, are less secure, cannot be electronically checked, put the onus onto sales staff at every store and generally cause more disputes, chargebacks and fraud.  It is also a market acceptance of payment cards is still seen as expensive and with complex rules – so a major reason why Apple and others are invading this ‘space’. The USA strategy must be to move decisively towards CHIP and PIN – and the recent presidential order for the US government to lead the way in this direction must help with this.  There is no denying that migrating to CHIP and PIN usage and acceptance on debit cards is an easier challenge due the familiarity with PIN usage already, but the real issue will be PIN on credit and charge cards amongst others. There was a co-ordinated national (not just industry) engagement in the UK to drive CHIP and PIN success. It is hard to see the national or industry cohesion across the US market today on these issues.  The final ‘doubters’ must however be persuaded to put aside their own commercial interests in favour of the wider community interests, the answer is not signature.

9. Large-Scale thefts of data – not a month, not a week in many cases goes by without us learning that clever IT hacks have caused another major retailer to lose the card details (and much more) of millions of cardholders and customers. Home Depot lost 56million earlier this year, but similar lost data sizes have been seen at TKMaxx, Target, JP Morgan and more recently at Kmart and Staples.  The attacks exploit technical and procedural weaknesses in the management of systems holding sensitive data as well as the POS terminals and systems. The data would not be so valuable or costly to deal with if there was an EMV payments infrastructure (see above). Misuse of card data would be more easily identifiable in an EMV-compliant set-up, but this type of attack will continue to happen until the data security technology is in place to stop it from happening or being worth stealing the data.

10. Data ‘in flight’ or data ‘at rest’ – whether sensitive data is being stored, temporarily or longer, or if transmitted between various endpoints, it is always at risk of being ‘snooped-upon’, captured, deleted, redirected, or amended – generally for financial or nuisance. Further to point 9 above, the data security issues that we hear more and more about can be prevented or significantly  reduced through proper controls and monitoring, whether PCI DSS, ISO, POS terminal estate management, Point-to-Point Encryption (P2PE), or just by using a little common sense. ‘Cyber security’ is another new ‘buzzword’ but an old problem. It challenges our current thinking on making things secure, regular monitoring, mitigation, proper management, plus real ownership and accountability – from the CxO level down.  ‘Cyber criminals’ seeking financial gain, test systems either to prove a point, or just for their own entertainment because they can. It is no longer called hacking or theft of data and money, but now it is called cyber crime.

11. Increasing IT skills of the global fraudster – Probably the weakest bullet point here to be described as a ‘trend’ – because this is not new; it has been happening for 2,000 years, where the crook always uses his slightly better knowledge or technology than the good guys. Dick Turpin used an alibi that he was somewhere else because the horses and roads available at the time were not developed enough to place him at the scene of the crime and at that time. On this occasion law enforcement matched his guile; but this rarely happens this quickly today as the crooks develop the attacks with new methods and technology quicker than we can implement the counter-measures.  The only thing that we can do, is ‘stay awake’, look out for the issues, ensure the controls and procedures are ‘fit for purpose’, and stay ahead of the market. We should worry that many attacks start with inside information, knowledge and access. Staying awake means constantly looking internally as well as externally. Bat note too that sometimes, if you are being chased by a hungry bear,  you do not have to outrun him, you just have to out-run the rest of the crowd!

12. The answer is mobile – what’s the question? – Industry pundits challenge the traditional card payment brands as ‘dinosaurs’, particularly now that we all transact, bank and shop more online than face-to-face. The mobile, PDA, tablet, watch or similar devices are now seen as the place to transact with customers.  Traditional card payments are being tested, alternative payment methods and new authentication solutions that are more flexible and more adaptable to the virtual space are entering the marketplace every DAY and  with a real vengeance. But how security-enabled are the devices, the new ‘apps’ and gateways. Leaving aside concerns about interoperability, commercial success, etc., the biggest challenges rest with sensitive data being stored or accessed by personal devices with uncontrolled hardware/software security standards, questionable accreditation, payment/security apps with potential weaknesses and users who believe that if there is a problem – that someone else will deal with it.

By Bill Trueman, Managing Director, UK Fraud and Riskskill

For more information visit http://www.ukfraud.co.uk/ and http://www.riskskill.com/

Source: Top Technology Trends in Payments, Risk and Fraud 2014