Blog Posts Process Analysis

Are Your Fraud Alert Replies Being Spoofed?

Blog: Enterprise Decision Management Blog

SMS screen with fake response to bank inquiry

As banks try to improve customer experience, reduce fraud and cut operational costs through interactive SMS, criminals have moved in to take advantage of the channel. The latest fraud scam involves ‘spoofing’ CLI (calling line identity) numbers to respond to SMS fraud alerts intended for customers.

“Spoofing” SMS or texts might seem like something teenagers would do, perhaps sending fake texts on Valentine’s Day appearing to be from someone else. Instead, what’s happening is more sinister.

If a credit/debit card transaction is deemed as suspicious, banks can alert customers through SMS, as well as through automated voice, mobile application push notifications and emails. If the transaction is genuine, the customer simply needs to respond to the SMS to confirm this, without actually having to speak to an operator in a call centre.

What the fraudsters are doing is making a fraudulent transaction using a compromised card and then successfully ‘spoofing’ a customer’s SMS response, confirming the transaction to be genuine when it isn’t. The fraudsters don’t know for certain that the customer got an SMS alert in the first place – but they might know the bank’s alert and customer notification strategy. They would have to have obtained the customer’s telephone number on the black market, possibly when they would have obtained the credit/debit card details. The fraudster then guesses the correct timescale in which to ‘spoof’ the response, before the genuine customer can reply.

FICO are fully aware of this emerging fraud threat and have a range of solutions available as part of our FICO Fraud Resolution Manager:

Contact us if you would like more information on any of these redresses.

The post Are Your Fraud Alert Replies Being Spoofed? appeared first on FICO.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="https://www.businessprocessincubator.com/content/are-your-fraud-alert-replies-being-spoofed/?feed=html" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples

BPMN.org

XPDL.org

×