Cybercrime is a little like the weather. Everyone reads and talks about it but nobody does anything about it. Congress like Mother Nature, has a will of its’ own and the likelihood of seeing any real legislation forcing Big Business to take care of our personal information is suspect.
However, the same way that we can prepare for a Hurricane there are things that we as individuals and business owners can do to prevent or minimize the effects of the Cybercrime storms that are upon us. We can use Transactional and Point in Time Alerts in the same manner as the National Weather Service alerts us that a Tornado is on the way.
All of us have heard the never ending mantras of “Use Strong Passwords”, “Change your Passwords periodically”, and “Be suspect of providing personal information unless you have verified the recipient.” That goes almost without saying and most articles on Cybercrime protection would probably end right here – but not this one.
The focus of this article is on behavior and transactional monitoring of your online and offline financial habits. This is similar to the spending profiles that the Credit Card companies create for you to monitor your purchase patterns for possible Fraud. At least once a quarter, I get a frantic phone call, email, and text from Citibank VISA asking for additional information on a recent purchase. In some cases, they hold the authorization (not letting the charge to my account go through) until they have positively verified that I am who I say I am and that I personally made or approved the transaction. I appreciate this minor inconvenience as it lets me know Citibank may actually care about my financial security after all.
In a perfect world, most Credit Card companies and to some degree Banks do this in the normal course of business to protect their customers. But we do not live in a perfect world so some personal responsibility needs to be taken. Fortunately, the tools to do so exist and are readily available – if you just take a few minutes to set them up.
As mentioned above, the Credit Card companies will flag things that look “out of the ordinary” to them based purely on statistical modeling and your spending patterns. Cybercriminals know this and therefore it makes it easier for them to match the pattern.
I will give a real world example: My American Express Corporate Card number was lifted by an unidentified group or person operating at a local restaurant in New York City near a particular client where I order in from frequently for lunch or dinner. To American Express, the pattern looked normal. No flag was raised. I use my Corporate Card for meals all across Manhattan. None of the amounts were particularly outside the normal range and it is not uncommon to see the same establishments appear multiple times in a month. I, like most, am a creature of habit. I tend to shop and eat at the same places on a regular basis.
What was out of the ordinary for me was two charges in one day from this particular restaurant and that caused me to check my Date Book and see that there were at least six additional charges at this Restaurant on days when I was not even in Manhattan.
Of course American Express, as will all Credit Card companies, held me completely harmless, gave me full credit for the fraudulent charges, and “promised to investigate the matter fully.” (Yes. I am sure…)
What could I have done and what can you do to protect yourself help uncover this type of fraud in a more timely manner? Signup for and enable Transactional Alerts on your credit card and bank accounts wherever they are available.
Chase exceeds my expectations in that within minutes of swiping my Chase Freedom Card at a Gas Station; I get an email alert telling me my credit card has been presented for authorization. After the sale is completed, I get another email telling me the exact amount of the charge.
Each Financial Institution varies with the level of Transactional and “Point in Time” alerting available but most seem to offer all or some of the following:
Transactional: Notice of Card Authorization; Notice of Charge to Card; Notice of Charge over a certain dollar amount; Notice of Receipt of Payment; Notice of Presentment of Check to Bank Account; Notice of ATM/Cash Machine withdrawal; Notice of Teller Activity (Bank Deposit/Withdrawal);
Point in Time: Daily Bank Account Balance or Amount Owed on Credit Card; Notice when Amount Owed exceeds a certain dollar amount; Notice when Checking/Savings balance goes below a certain dollar amount; Daily Summary of All Balances; Daily Summary of All Transactions;
Everyone who has online banking access, especially business owners, should make sure that alerts are in place for all transactions, where possible. Most importantly, if wire transfer or Bill Pay options are offered through your Bank, make sure that transactions over certain dollar limits above and beyond your normal activity range require “Secondary Verbal Approval” and/or additional authentication measures to allow them to proceed. Otherwise, if access to your Bank account is compromised, (a Cybercrimnal has your password or token), you could find a zero balance in your account with an almost insurmountable challenge ahead to try to retrieve the missing funds.
Using the combination of alerts mentioned above that is right for your personal financial spending habits and need can make all the difference between be “prepared” to catch a fraudulent event in near real time and prevent further Cybercrime vs. having a maxed out Credit Card, Zero Bank Balance, and spending months filing reports and signing affidavits that state, “No, you did not purchase that 60” Plasma Flat screen for $2,799 at Best Buy in Houston, TX” and having to prove that you were actually in New York at the time. Or worse, you now having to completely rebuild your credit file because you were a victim of Identity Theft and did not discover the damage until well after the fact.
Transactional and Point in Time Alerts are you best defense.