Welcome to the cutting edge of safety science—Learn more about our rebrand.
Services
Insights

Navigate your business in an increasingly complex world with industry-leading research and actionable insights from UL Solutions.

View all
Aerial photo of downtown Chicago
Next
Previous
News

Explore our press releases and news updates. Delve into detailed press kits for information on our work. If it’s UL Solutions and newsworthy, it’s here.

View all
man using and tablet while presenting in front of a room
Next
Previous
Events

Connect with us in person or online, around the globe. We’re everywhere your business needs us to be.

View all
Photo of a crowd attending a presentation in a large view.
Next
Previous
About Us

As a global safety science leader, UL Solutions helps companies to demonstrate safety, enhance sustainability, strengthen security, deliver quality, manage risk and achieve regulatory compliance. 

Overview
UL Solutions Consumer Information

See how we put safety science to work to help create a safer, more secure and sustainable world for you.

Learn more
Resources

Explore our business intelligence-building digital tools and databases, search for help, review our business information, or share your concerns and questions.

Overview
UL Solutions Market Access Portal

Accelerate your planning process and learn the requirements needed to take your products to market worldwide.

Visit
myUL® Client Portal

A secure, online source for increased visibility into your UL Solutions project files, product information, documents, samples and services.

Go to myUL
Certification Database — UL Product iQ®

Access UL certification data on products, components and systems, identify alternatives and view guide information with Product iQ.

Visit
Industries
View All
Software
View all
  • Feature Story

It's always a season for fraud

Contact UL
credit card with a closed gold lock laying on top of it

November 21, 2017

It seems as if every day reveals another cyber or transaction security incident. Reports of skimmers collecting information from fuel pumps or malicious hackers stealing personal information to the 2017 Equifax breach leads to only one conclusion—threats are everywhere.

“The challenge will be to address not only the fraud scenarios that we saw in the past but also the growing number of fraud scenarios we see with the eCommerce and mCommerce channel,” says Francis Limousy, principal advisor with UL Identity Management & Security.

Identity fraud increased 8 percent with 16.7 million people affected in the U.S. in 2017, according to publicly available numbers from Javelin Strategy and Research. This increase was driven by growth in existing card fraud, which saw a significant spike in card-not-present transactions (CNP).

CNP fraud involves the use of card-account information obtained from skimming and phishing scams or card breaches. Fraudsters use the information to make purchases online, over the phone or by mail.

Related , How to Spot a Credit Card Skimmer

As Limousy points out, it has become more difficult for fraudsters to physically duplicate credit cards due to the widespread adoption and activation of EMV technology.

And when fraudsters try, the transaction is being caught more often at the payment terminal as shown by the real-life story of a UL employee whose credit card had recently been cloned. When the fraudster attempted to purchase an item in-store, the credit card issuer denied the transaction because they knew the real card issued contained an EMV chip.

Safeguards such as EMV technology do not exist in the virtual world though. A consumer’s card may have been registered on multiple websites, along with poor password control, and the information could be easily acquired by a fraudster.

CNP fraud is now 81 percent more likely than point-of-sale fraud.  Account takeovers (ATO) also rose significantly in 2017 with a total ATO loss of $5.1 billion reported.

Tips to help avoid fraud online

Limousy offers this advice to consumers:

  • Consider the use of wallet platforms such as Paypal, Apple Pay, Android Pay or Visa Check out. Wallet platforms are available for both mobile and desktop environments and increasingly include a new technology called tokenization. Tokenization protects sensitive data on your credit card number by replacing it with an algorithmically generated number called a “token.”
  • Routinely review credit card statements for fraudulent activity. This simple action may help you identify and shut down unauthorized use of your credit card.
  • Check to see if your bank allows you to set up customized alerts as some allow customers to set up transaction alerts or withdrawal notifications when an amount is over a preset limit.
  • Pay attention to changes in credit score. Some banks and credit card issuers will alert a customer when his/her credit score shifts up or down.
  • Creating unique passwords for online banking, credit and other accounts with sensitive information may also help stem fraudulent activity. Passwords gleaned from one attack are often tested by fraudsters against other accounts with the same password protocols.
  • Don’t be redundant! Mix up your choice of security questions. For example, many security challenges include one’s place of birth, an easy question to answer. The temptation is to continuously select this question—don’t! Use a mix of security questions to help minimize risk.

Related , I'm EMV Compliant...Now, What's Next?

Advice for merchants, too

Merchants can also protect themselves by monitoring sales transactions. Tools can be used to check IP addresses and filter out countries known for fraudulent activities. Scrutinize inconsistent shipping addresses and billing information before products are mailed.

The Address Verification System (AVS) is one tool you can use to verify the address of the person claiming to own the credit card. AVS compares the numeric portion of the shipping address with the address on file through the credit card company.

Additionally, a merchant should ask for the Card Verification Code (CVC) as part of every transaction. The Payment Card Industry Data Security Standard (PCI DSS) prohibits the storing of CVC, so the chances of virtually obtaining the code are practically zero, making it a smart requirement for most eCommerce and mCommerce sites.

Finally, keep software and platforms up to date as software vulnerabilities are continuously being found and security patches issued to prevent fraud and protect customers from malware and viruses.

By practicing good security habits like monitoring accounts and updating software plus utilizing available tools such as instant alerts and AVS, both consumers and merchants can help minimize the risks from fraudulent activity.