MasterCard Charges Phishers

Numerous reports, surveys and statistics have shown
increasing numbers of fraudulent online phishing activity
involving financial information and credit cards. MasterCard International has decided
that enough is enough and today announced a new initiative to fight the phishers.

MasterCard joined forces with digital fraud detection
company NameProtect in a new anti-identity theft initiative that aims to thwart
phishing scams.

The goal is to shut down the scams before they can hurt consumers, rather
than trying to catch them after consumers have been duped into handing over
sensitive information that can be used in identity theft and payment fraud.

The NameProtect technology will continuously monitor
multiple online mediums, including Web pages, online discussions and
hidden content, to nab identity theft trading rings. According to
Mark McLane, CEO of NameProtect, the company will then provide the real-time exclusive reports
to MasterCard. Together with law enforcement’s
own network of 25,000 financial institutions, MasterCard can take the
necessary action to shut down and prosecute the phishers, as well as inform
and protect cardholders.

“We are confronting identity theft head-on by taking the fight directly
to where credit card scams breed and spread,” said Sergio Pinon, senior
vice president of MasterCard Global Security and Risk Services division.
“By identifying these illegal card-number-swapping rings and working to
close down these online ‘credit card black markets,’ as well as sites that
are established solely to steal personal information, we can squash
illegal activity before people’s accounts are compromised.”

During a phone conference to discuss the effort, Pinon said industry
groups, such as the Anti-Phishing Working Group, of which MasterCard is a
part, counted 60 million e-mails in a two-week period alone during March.
“Of that, 19 percent of those phishing e-mails were responded to, and 5
percent were tricked into providing information” such as Social Security
numbers and bank account info, he added. “This is a concern because we want
to ensure that trust remains in the financial system.”

The new partnership will not only protect MasterCard cardholders but also
MasterCard’s own identity as well. NameProtect will identify and report
phishers that ‘spoof’ any of MasterCard’s branding marks as part of an
attack. The partnership announcement was made during MasterCard
International’s
second annual Global Risk Management Symposium in San Diego. The conference
is exploring new techniques to deal with
phishing as well as other forms of identity theft and payment fraud.

In addition to the technology initiatives that MasterCard has undertaken to help
its cardholders, the credit card company is also informing them how they can safeguard
against such attacks. It recommends that people review
their own credit reports and report any inaccuracies right away. The company also
suggests
cardholders not use their mothers’ maiden names as a security feature, because
identity thieves can easily find this information and use it to execute
attacks.

Phishing attacks that use legitimate looking e-mails and Web sites to trick
users into giving up their personal information have increased
dramatically this year. The latest Anti-Phishing Working Group stats show
a 180 percent increase in attacks in April as compared with March.

Statistics from e-mail security company MessageLabs indicate a
1,200 percent increase
in phishing attacks over a six-month period. What’s more, according to Gartner Group, the cost of
the ID theft phenomenon
cost $1.2 billion last year.

All this has not been lost on federal authorities who have
taken action against the phishers. The FTC recently
settled charges
against two phishers in a federal case, with one defendant facing a possible
46-month jail term for related offenses that were filed by the U.S.
Attorney General.

MasterCard’s Pinon said an educational effort is also part of the partnership, which
includes a Web site that will post information to help consumers spot fake
or spoofed messages from purported financial services providers. The most
obvious, banks say, is that they would never ask customers to come to a
Web site just to input their personal information.

“This has been covered in many news channels,” said Pinon.
“We think it’s getting to the consumer. We
want to be part of that effort, but at the same time, we felt a new approach
needed to be made.”

News Around the Web