Stop­ping Fraud in the Pack­ag­ing

Pre­paid cards are un­der con­stant at­tack from fraud­sters, but some­times the so­lu­tion isn’t to pro­tect the card it­self — but to up­date the pack­ag­ing.


The sim­plest scams are some­times the hard­est to thwart. Rather than re­design its pre­paid card with added se­cu­rity, In­comm is re­design­ing the pack­ag­ing in a way that should ren­der stolen cards un­us­able.

Thieves like the idea of sim­ply by tak­ing a pre­paid card out of its pack­age and re­plac­ing it with a “dummy” card that has no value. When a buyer ac­ti­vates the “dummy” card by scan­ning its pack­age at the point of sale, the real card in the thief’s pos­ses­sion is loaded in­stead.

Atlanta-based pre­paid card provider In­comm is launch­ing a new bar code en­cod­ing tech­nique that re­quires both the card and the pack­ag­ing to be present. If the card is re­moved, the bar code will not reg­is­ter at the point of sale.

Es­sen­tially, about two-thirds of the card ac­ti­va­tion code is on the pack­ag­ing, with the fi­nal dig­its on the card in­side of the pack­age.

The new tech­nique “helps to pro­tect our re­tail part­ners and the end con­sumer from fraud by in­val­i­dat­ing a pre­paid card that has been com­pro­mised be­fore it’s ac­ti­vated by a le­git­i­mate con­sumer,” said Chanda Wicker, se­nior vice pres­i­dent of global pro­duc­tion ser­vices at In­comm.

In­comm’s pack­ag­ing puts some of the ac­ti­va­tion code on the card it­self, rather than print­ing it en­tirely on the pack­ag­ing.

With this tech­nique, if the card is stolen or re­placed, the store won’t be able to ac­ti­vate it be­cause part of the bar code will be miss­ing.

In that re­gard, a fraud­ster try­ing to steal the card from the pack­ag­ing would end up with a card that could never be prop­erly ac­ti­vated.

“A card that can­not be ac­ti­vated is ren­dered use­less, which makes the pur­chase im­pos­si­ble to com­plete,” Wicker said.

Dur­ing In­comm’s ini­tial run of pre­paid cards us­ing this print­ing tech­nique, Wicker said the com­pany saw “sig­nif­i­cant im­prove­ment” in the pro­tec­tion of those cards.

The tech­nol­ogy will ap­ply to both gift cards and pre­paid debit cards.

The new pack­ag­ing will def­i­nitely thwart fraud­sters who swap out cards, said Julie Con­roy, re­search direc­tor and fraud ex­pert with Bos­ton-based Aite Group.

How­ever, scam­mers may adapt over time in re­sponse to In­comm’s an­tifraud ef­forts.

“As with ev­ery­thing else, if it is a pretty low-tech so­lu­tion, we see that crim­i­nals can get through it pretty quick as well,” Con­roy said.

“I want to learn more about what In­comm is do­ing with this, but it ap­pears to ad­dress the card swap­ping as­pects,” she said.

Con­roy cited in­ci­dents with Visa gift cards two years ago in which buy­ers were pur­chas­ing what they be­lieved to be le­git cards, only to find they had been tam­pered with and re­turned to the pack­ag­ing.

In­comm’s new pack­ag­ing, or any sort of tam­per-ev­i­dent pack­ag­ing, could be a de­ter­rent for that kind of ac­tiv­ity, she added.

In­comm re­ceived a grant from the United States Patent and Trade­mark Of­fice for the patent on the new pack­ag­ing method.

Late last year, In­comm ad­dressed on­line se­cu­rity when it be­gan us­ing tech­nol­ogy that con­stantly changes the CVV on the back of a reload­able pre­paid card, in­cor­po­rat­ing the ser­vices of Ten­der Ar­mor and its CVV+ so­lu­tion.

Par­tic­i­pat­ing card­hold­ers each re­ceive a new three-digit se­cu­rity code daily to use in place of the static CVV code printed on net­work-branded pay­ment cards that’s re­quired for most card-not-present trans­ac­tions.

Card­hold­ers may opt to re­ceive their code, which is sent anew daily, via text, email or by vis­it­ing a bank’s web­site. A mo­bile app is also planned.

In­comm was the first ma­jor fi­nan­cial ser­vices provider to try out Ten­der Ar­mor’s ap­proach that gives card is­suers a way to di­rectly de­liver real-time, dual-fac­tor au­then­ti­ca­tion to cus­tomers.

Some re­cent sur­veys sug­gest con­sumers—who are in­creas­ingly aware of and con­cerned about fraud—are will­ing to take part in help­ing to block fraud, but there’s lit­tle ev­i­dence so far that they will do so.

While card net­work poli­cies generally ab­solve con­sumers of li­a­bil­ity for card fraud, when fraud oc­curs con­sumers’ ac­counts typ­i­cally are frozen, and for those who rely solely on their pre­paid card and live pay­check to pay­check, the in­con­ve­nience can be costly, said Made­line Auf­seeser, Ten­der Ar­mor’s co-founder and CEO.

“Not only are these card­hold­ers con­cerned about how to re­act to a fraud­u­lent event, but they’re ac­tu­ally afraid to shop on­line,” Auf­seeser said.

“The in­tel­li­gence we gain from our re­la­tion­ships with re­tail and brand part­ners guides us in our mis­sion to pro­tect them and their cus­tomers who rely on our prod­ucts,” Wicker said.

But fraud­sters keep pre­paid card providers on their toes, with a fa­vorite trick be­ing to sim­ply write down or scan the card num­bers, which are fully vis­i­ble through reg­u­lar pack­ag­ing so that re­tail­ers can scan them when be­ing ac­ti­vated by the buyer.

The scam­mer will then reg­u­larly check on­line to see if that card is ac­ti­vated and will be ac­cepted. This way the card and its pack­ag­ing are in tact, but the funds can still be stolen in a card-not-present transaci­ton.

Time is also a fac­tor in this scam. A per­son re­ceiv­ing a pre­paid card as a gift might not know that some­one else has al­ready drained its value.

In­comm would like to see all of those tricks thwarted, and is de­vel­op­ing more anti-fraud tools to com­bat them, Wicker said.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.