Stopping Fraud in the Packaging
Prepaid cards are under constant attack from fraudsters, but sometimes the solution isn’t to protect the card itself — but to update the packaging.
The simplest scams are sometimes the hardest to thwart. Rather than redesign its prepaid card with added security, Incomm is redesigning the packaging in a way that should render stolen cards unusable.
Thieves like the idea of simply by taking a prepaid card out of its package and replacing it with a “dummy” card that has no value. When a buyer activates the “dummy” card by scanning its package at the point of sale, the real card in the thief’s possession is loaded instead.
Atlanta-based prepaid card provider Incomm is launching a new bar code encoding technique that requires both the card and the packaging to be present. If the card is removed, the bar code will not register at the point of sale.
Essentially, about two-thirds of the card activation code is on the packaging, with the final digits on the card inside of the package.
The new technique “helps to protect our retail partners and the end consumer from fraud by invalidating a prepaid card that has been compromised before it’s activated by a legitimate consumer,” said Chanda Wicker, senior vice president of global production services at Incomm.
Incomm’s packaging puts some of the activation code on the card itself, rather than printing it entirely on the packaging.
With this technique, if the card is stolen or replaced, the store won’t be able to activate it because part of the bar code will be missing.
In that regard, a fraudster trying to steal the card from the packaging would end up with a card that could never be properly activated.
“A card that cannot be activated is rendered useless, which makes the purchase impossible to complete,” Wicker said.
During Incomm’s initial run of prepaid cards using this printing technique, Wicker said the company saw “significant improvement” in the protection of those cards.
The technology will apply to both gift cards and prepaid debit cards.
The new packaging will definitely thwart fraudsters who swap out cards, said Julie Conroy, research director and fraud expert with Boston-based Aite Group.
However, scammers may adapt over time in response to Incomm’s antifraud efforts.
“As with everything else, if it is a pretty low-tech solution, we see that criminals can get through it pretty quick as well,” Conroy said.
“I want to learn more about what Incomm is doing with this, but it appears to address the card swapping aspects,” she said.
Conroy cited incidents with Visa gift cards two years ago in which buyers were purchasing what they believed to be legit cards, only to find they had been tampered with and returned to the packaging.
Incomm’s new packaging, or any sort of tamper-evident packaging, could be a deterrent for that kind of activity, she added.
Incomm received a grant from the United States Patent and Trademark Office for the patent on the new packaging method.
Late last year, Incomm addressed online security when it began using technology that constantly changes the CVV on the back of a reloadable prepaid card, incorporating the services of Tender Armor and its CVV+ solution.
Participating cardholders each receive a new three-digit security code daily to use in place of the static CVV code printed on network-branded payment cards that’s required for most card-not-present transactions.
Cardholders may opt to receive their code, which is sent anew daily, via text, email or by visiting a bank’s website. A mobile app is also planned.
Incomm was the first major financial services provider to try out Tender Armor’s approach that gives card issuers a way to directly deliver real-time, dual-factor authentication to customers.
Some recent surveys suggest consumers—who are increasingly aware of and concerned about fraud—are willing to take part in helping to block fraud, but there’s little evidence so far that they will do so.
While card network policies generally absolve consumers of liability for card fraud, when fraud occurs consumers’ accounts typically are frozen, and for those who rely solely on their prepaid card and live paycheck to paycheck, the inconvenience can be costly, said Madeline Aufseeser, Tender Armor’s co-founder and CEO.
“Not only are these cardholders concerned about how to react to a fraudulent event, but they’re actually afraid to shop online,” Aufseeser said.
“The intelligence we gain from our relationships with retail and brand partners guides us in our mission to protect them and their customers who rely on our products,” Wicker said.
But fraudsters keep prepaid card providers on their toes, with a favorite trick being to simply write down or scan the card numbers, which are fully visible through regular packaging so that retailers can scan them when being activated by the buyer.
The scammer will then regularly check online to see if that card is activated and will be accepted. This way the card and its packaging are in tact, but the funds can still be stolen in a card-not-present transaciton.
Time is also a factor in this scam. A person receiving a prepaid card as a gift might not know that someone else has already drained its value.
Incomm would like to see all of those tricks thwarted, and is developing more anti-fraud tools to combat them, Wicker said.