RealTime IT News

MasterCard Charges Phishers

Numerous reports, surveys and statistics have shown increasing numbers of fraudulent online phishing activity involving financial information and credit cards. MasterCard International has decided that enough is enough and today announced a new initiative to fight the phishers.

MasterCard joined forces with digital fraud detection company NameProtect in a new anti-identity theft initiative that aims to thwart phishing scams.

The goal is to shut down the scams before they can hurt consumers, rather than trying to catch them after consumers have been duped into handing over sensitive information that can be used in identity theft and payment fraud.

The NameProtect technology will continuously monitor multiple online mediums, including Web pages, online discussions and hidden content, to nab identity theft trading rings. According to Mark McLane, CEO of NameProtect, the company will then provide the real-time exclusive reports to MasterCard. Together with law enforcement's own network of 25,000 financial institutions, MasterCard can take the necessary action to shut down and prosecute the phishers, as well as inform and protect cardholders.

"We are confronting identity theft head-on by taking the fight directly to where credit card scams breed and spread," said Sergio Pinon, senior vice president of MasterCard Global Security and Risk Services division. "By identifying these illegal card-number-swapping rings and working to close down these online 'credit card black markets,' as well as sites that are established solely to steal personal information, we can squash illegal activity before people's accounts are compromised."

During a phone conference to discuss the effort, Pinon said industry groups, such as the Anti-Phishing Working Group, of which MasterCard is a part, counted 60 million e-mails in a two-week period alone during March. "Of that, 19 percent of those phishing e-mails were responded to, and 5 percent were tricked into providing information" such as Social Security numbers and bank account info, he added. "This is a concern because we want to ensure that trust remains in the financial system."

The new partnership will not only protect MasterCard cardholders but also MasterCard's own identity as well. NameProtect will identify and report phishers that 'spoof' any of MasterCard's branding marks as part of an attack. The partnership announcement was made during MasterCard International's second annual Global Risk Management Symposium in San Diego. The conference is exploring new techniques to deal with phishing as well as other forms of identity theft and payment fraud.

In addition to the technology initiatives that MasterCard has undertaken to help its cardholders, the credit card company is also informing them how they can safeguard against such attacks. It recommends that people review their own credit reports and report any inaccuracies right away. The company also suggests cardholders not use their mothers' maiden names as a security feature, because identity thieves can easily find this information and use it to execute attacks.

Phishing attacks that use legitimate looking e-mails and Web sites to trick users into giving up their personal information have increased dramatically this year. The latest Anti-Phishing Working Group stats show a 180 percent increase in attacks in April as compared with March.

Statistics from e-mail security company MessageLabs indicate a 1,200 percent increase in phishing attacks over a six-month period. What's more, according to Gartner Group, the cost of the ID theft phenomenon cost $1.2 billion last year.

All this has not been lost on federal authorities who have taken action against the phishers. The FTC recently settled charges against two phishers in a federal case, with one defendant facing a possible 46-month jail term for related offenses that were filed by the U.S. Attorney General.

MasterCard's Pinon said an educational effort is also part of the partnership, which includes a Web site that will post information to help consumers spot fake or spoofed messages from purported financial services providers. The most obvious, banks say, is that they would never ask customers to come to a Web site just to input their personal information.

"This has been covered in many news channels," said Pinon. "We think it's getting to the consumer. We want to be part of that effort, but at the same time, we felt a new approach needed to be made."