March Is Fraud Prevention Month! Fraud continues to be an increasing problem for businesses. In Canada, it has led to hundreds of millions of dollars in losses each year. So how do you protect your business from fraudsters? It starts with awareness and the right tools. In this month’s episode, Al speaks with Aviva Klein, VP Digital Payments and Cyber & Intelligence at Mastercard. Aviva talks about what Mastercard is doing to keep their cardholders and businesses secure.
March Is Fraud Prevention Month!
Fraud continues to be an increasing problem for businesses. In Canada, it has led to hundreds of millions of dollars in losses each year. So how do you protect your business from fraudsters? It starts with awareness and the right tools.
In this month’s episode, Al speaks with Aviva Klein, VP Digital Payments and Cyber & Intelligence at Mastercard. Aviva talks about what Mastercard is doing to keep their cardholders and businesses secure.
Also in this episode:
Links of Interest:
Chapters:
Al Grego:
Coming up on Shop Talk.
Aviva Klein:
And what's interesting is that small businesses sort of feel like, "Oh, I'm too small, nobody's going to hit me. I'm just a small business." And that's untrue. These types of cybersecurity breaches for a small business can decimate a small business. So we really do urge a small business community to think about cybersecurity.
Al Grego:
Hello, everyone. I'm Al Grego.
Jacob Goguen:
And I'm Jacob Goguen.
Al Grego:
And this is the March 2023 edition of Shop Talk with Moneris. Welcome to the Shop Talk podcast, Jacob.
Jacob Goguen:
Thanks Al. It's great to be here.
Al Grego:
Well, Jacob, it is fraud prevention month.
Jacob Goguen:
That's right.
Al Grego:
And you are a Manager of Fraud Detection and Investigation at Moneris.
Jacob Goguen:
That I am.
Al Grego:
Fraud detection and investigation. Do you ever just refer to yourself as the FDI?
Jacob Goguen:
No, not ever.
Al Grego:
You could wear T-shirts with like FDI in big bold letters and wear sunglasses and say cool things like, "Just the facts, ma'am."
Jacob Goguen:
I think you watched a little too much Dragnet growing up, Al.
Al Grego:
Oh, or you can say stuff like, "The truth is out there."
Jacob Goguen:
As much as I'm a fan, this isn't the X-Files.
Al Grego:
Okay, well what do you investigate?
Jacob Goguen:
Payment fraud.
Al Grego:
Well, do you at least get a badge?
Jacob Goguen:
No, not yet at least, we investigate, then we-
Al Grego:
Arrest the bad guys?
Jacob Goguen:
... well, try to recover losses, report fraudulent activity to the proper authorities and implement measures to mitigate future losses.
Al Grego:
Right. Well, I guess that's important work too.
Jacob Goguen:
It is. We need to make sure our merchants are as protected as possible from these fraudsters.
Al Grego:
All kidding aside, the work your team does is very important.
Jacob Goguen:
It certainly is. And it's always becoming more complex.
Al Grego:
I can imagine.
Jacob Goguen:
So who do you have lined up for this month?
Al Grego:
Well first, our feature interview will be with Aviva Klein. She's the VP of Digital Payments and Cyber and Intelligence at MasterCard.
Jacob Goguen:
Oh, she'll have some great insights.
Al Grego:
Indeed. And then we're going to get you to share some fraud related data in the, Behind the Numbers segment.
Jacob Goguen:
I've got lots of interesting data for that.
Al Grego:
I'm sure. And then finally, we'll have your boss, the Director of Portfolio and Process Risk Management at Moneris, Maria Cameron, as our Ask The Expert, to provide some tips on how you can keep your online business secure from fraudsters.
Jacob Goguen:
She certainly is an expert. Great lineup.
Al Grego:
Thanks. So let's begin with my chat with Aviva.
Announcement:
Featured Interview.
Al Grego:
I'm joined by Aviva Klein. She's a VP of Digital Payments and Cyber and Intelligence at MasterCard. Aviva, thank you for joining me today.
Aviva Klein:
Well, thank you so much Al, for having me. It's a pleasure to be here.
Al Grego:
It's fraud awareness month, and MasterCard is about to publish a research white paper on the state of fraud.
Aviva Klein:
That's right. We decided to conduct a study across North America because we know that the cybersecurity risks continue to evolve, as does the vulnerability to fraud. And we really wanted to take a step back and understand, what is the impact of cybersecurity on businesses today across North America? Now, obviously for us as Canadians, with a particular focus on Canadian businesses. And what we found was actually quite interesting. We found that cyber crime has increased by 600%, due to the pandemic.
Al Grego:
Wow.
Aviva Klein:
And that while new technologies improve our lives, they also do elicit a certain amount of uncertainty, both in terms of the businesses that use those technologies, as well as consumers that are forced to interface with those technologies. And we're really, it's a fine balance because as consumers, we want everything fast and frictionless.
Al Grego:
Right, yeah.
Aviva Klein:
But on the flip side of that, business leaders who want to meet consumers need for fast and frictionless experiences, also really need to balance security with that convenience.
Al Grego:
There's always that fine balance between convenience and security. I mean, everyone wants things now and when they want them and are willing sometimes to trade off on security. Now 600%, that's a big increase. Can that all be attributed to businesses going more online because of the pandemic?
Aviva Klein:
As we look at how we digitize our day-to-day lives, and if we take the pandemic into play there, it's not just about online commerce anymore.
Al Grego:
Right.
Aviva Klein:
There's a lot of digital transactions. They don't have to be payment transactions. They can be account open, account servicing, even things like changing your address if you've moved online.
Al Grego:
Sure.
Aviva Klein:
All of those types of activities are now being done in a self-service way, and fraudsters are really, really good at manipulating environments to eke out financial gain.
Al Grego:
Right. Now, part of this white paper, you mentioned ransom attacks. Can we talk about that for a little bit? What are ransom attacks?
Aviva Klein:
Ransom attacks are when a bad actor will hold a system hostage and ask for a ransom in return.
Al Grego:
That's crazy. It's like stuff movies are made of, but I feel like I've been hearing more and more news about these attacks, more recently.
Aviva Klein:
Yes, they are definitely on the rise. We've seen a number of large Canadian companies be affected by ransomware lately. And really, what we want to make sure that all businesses understand is that, it's really not a matter of, if they're going to get breached, it's really a matter of, when they're going to get breached.
Al Grego:
Right.
Aviva Klein:
Because if you think about cyber breaches, they're largely perpetuated for financial gain. So it's much more efficient for a criminal to hack a business than to hack an individual. If you do not have good cybersecurity posture, you're going to be hard pressed to keep customer information, employee information, secure. And when fraudsters get that information, they use that information to perpetuate fraud. Typically, this information is taken by cybersecurity hacks, that's how it's harvested, by a cybersecurity attack and is pulled together by taking all different sources and used collectively to create a synthetic ID or fraudulent payment transactions, that are being put on the network, unbeknownst to the card holder.
Al Grego:
You use a term that I've never heard before, cybersecurity posture. Explain that a bit?
Aviva Klein:
It's basically your cybersecurity hygiene. Interestingly enough, in this study, what we learned was, that 92% of business leaders do have some sort of digital security solution implemented at their business. And so that can be things like two-factor authentication. It can be regular patching of software, it can be all sorts of different tools, processes, operating procedures, that really do help the business maintain their cybersecurity posture. So 92% is great, but what also we found that was quite interesting is that, while 92% of business leaders have some form of digital security solution in place, only about 39% of business leaders have ongoing vulnerability assessment tools, implemented at their business. And even less, actually look at the risk that their third-parties could have on their customers. I don't know if your listeners remember this, but there was a very large breach many years ago on a large US retailer that came in through their HVAC supplier. So there wasn't somebody like physically crawling through the HVAC machine system.
Al Grego:
No, not like in the movies.
Aviva Klein:
Not like in the movies. But there was a vulnerability at this HVAC system, a company, and they were able to penetrate this large retailer's network and were able to get their hands on a whole series of credentials. So really understanding what your cybersecurity, hygiene or posture looks like, not just one time, but continuously looking at it and making sure that your employees are understanding of when to click on links, when to not click on links, password updating, software patching, those types of things are super important. But also, your really only as strong as your weakest link. And so if you have digital interconnectivity with third-parties and they have poor cybersecurity posture, you're just as vulnerable. So there are large organizations and small and medium organizations who do take a very active stance on understanding what that posture looks like, both for themselves as well as the network of companies that they interact with on a day-to-day basis.
Al Grego:
So I think the important lesson there is, cybersecurity isn't an end game, it's an ongoing process, you're always having to update.
Aviva Klein:
It's an ongoing process. And I'll say, when people talk about cybersecurity, people get, I think nervous because it sounds really complicated and I'm sure there's parts of it that are very complicated, but there are very easy activities that business owners and individuals should undertake to really protect themselves against cybersecurity.
Al Grego:
If you were to give one easy to remember tip to help keeping your information secure online, what would that be?
Aviva Klein:
I'll go to passwords. I think that's a big one. In the report, we found that not very many people change their password frequently, unless they're prompted to do so or they've been told, "This possibly a hacked username and password, you should change it." I think the number is like 44% of people we surveyed use the same password across all the different sites that they use. So just something as simple as changing your password frequently, having strong passwords, that's something that's very, very easy to do. The other thing that's very, very easy to do, is two-factor authentication. So again, this is where we talk about that inflection point between usability and a frictionless experience and security, that can be at odds with one another.
Al Grego:
Sure. I mean, some of the newer authentication processes involve biometrics and stuff like that. And I got to say, I mean, it's never been easier to log into my bank using my thumbprint as opposed to having to remember that password that I'm having to change every few months. So the trade-off is there, but it's definitely getting a little bit easier.
Aviva Klein:
It is definitely getting easier, but I will say, that there are still people out there who are concerned about biometrics-
Al Grego:
Sure.
Aviva Klein:
... and using biometrics and what can an organization do with the biometric markers of their customers?
Al Grego:
Right.
Aviva Klein:
So there is that fear out there, but I agree with you wholeheartedly, that it is a very slick experience to be able to biometrically authenticate yourself and really is fighting password fatigue. It's hard to keep track of all your passwords across all the different sites and change them. And there are very strong password manager softwares out there, that I would highly recommend people to look at. It acts as a plugin right into your website so you don't have to remember the 49 character, special value password that you have. And of course, that's going to change with every website that you go into. So for your listeners out there, a password manager is a great investment. I think also, not clicking on things that you don't recognize.
Al Grego:
Sure.
Aviva Klein:
That's a biggie, particularly in a corporate setting. And we would urge businesses of all kind, to test their employees and showcase to their employees what phishing looks like, what spear phishing-
Al Grego:
Spear phishing. Is that a thing?
Aviva Klein:
... yes, that absolutely is a thing. Spear phishing.
Al Grego:
Really?
Aviva Klein:
So what spear phishing is, so phishing is just sort of a generalized, non-descriptive phishing attempt.
Al Grego:
Right.
Aviva Klein:
Whereas, spear phishing is when it's extremely customized to you. And they know your name and they know something about you and of course, potentially much, much more dangerous than a regular phishing or smishing attempt. The risk is real.
Al Grego:
Right.
Aviva Klein:
And what's interesting, is that small businesses sort of feel like, "Oh, I'm too small, nobody's going to hit me. I'm just a small business." And that's untrue. There are hundreds of thousands of small businesses who are being hit. These types of cybersecurity breaches for a small business can decimate a small business. So we really do urge the small business community to think about cybersecurity. MasterCard has partnered with the CFIB. We've partnered with Digital Main Street to help raise the collective awareness and understanding of cybersecurity and the threats that it poses to small businesses. And so we are really keen to engage with small business on this conversation and make sure that Canadian small businesses are well protected against this threat that is ever evolving.
Al Grego:
So this white paper's coming out this month for fraud awareness month. If somebody's interested in reading this paper, where would they go to find it?
Aviva Klein:
You can go to mastercard.ca and check out our newsroom and there will be a link to the paper.
Al Grego:
Okay. Thank you so much, Aviva, for your time today.
Aviva Klein:
Thank you so much Al. Have a nice evening.
Mat Belanger:
At Moneris, we empower merchants to keep doing business their way, while we handle the payment processing our way. What way would that be? The safe way, the always connected way, the awesome integrated tools to help you make more money way. We know your business never stops, so you deserve products that never stop working. That's why we are committed to providing our merchants with a payment partner that works just as hard as they do to make every sale. Moneris, proud partner of small Canadian business.
Announcement:
By The Numbers.
Al Grego:
All right, Jacob, you've got some fraud data for us. What are we going to talk about today?
Jacob Goguen:
Well, Al, I've taken a look at data from 2021 to 2022 and noticed some changes in trending overall, as well as I've done some digging into the sorts of fraud that have been quite prevalent throughout 2022 and where merchants are being affected and targeted the most.
Al Grego:
Now, I mean coming out of the lockdowns and the pandemic, conventional wisdom is, as businesses got pushed online, we saw a lot more e-commerce fraud. Does that check out in the data?
Jacob Goguen:
Yeah, I definitely would say so. In taking a look at incidents from last year, I'd wager at least 50% of them, were some variation of card not present fraud.
Al Grego:
Right.
Jacob Goguen:
A fair amount of it would've been for e-commerce. But then you have your brick and mortar stores as well, where they're keying transactions into their terminals and they might be getting calls over the phone or emails in from prospective customers, looking to buy product as well. And unfortunately, it turns out to be fraudulent in the end.
Al Grego:
Let's look at the comparison then between 2021 and 2022. What kind of numbers do we have there?
Jacob Goguen:
Yeah, great question Al. When we compare 2021 to 2022, we had 400 unique incidents that came our way into fraud management and in comparison of 2022, we had 514 incidents last year. So that definitely is a bit of a change, over 20% it increased. What we also saw was, the gross total fraud that merchants were potentially exposed to across all those incidents. In 2021 it was 7.5 million and that went up to 10.3 in 2022.
Al Grego:
Yeah. So a big difference.
Jacob Goguen:
Yeah, definitely a material difference, I would say.
Al Grego:
When we're talking about types of fraud, you're looking at payment fraud obviously, but there's even subcategories under that.
Jacob Goguen:
Yep, that's correct.
Al Grego:
So for example, I'm looking at this chart here that you sent me and card not present fraud, is the highest at 192 incidents. So what does all that mean?
Jacob Goguen:
So what this means is, and this has been par for the course really for a long time too, when merchants manually key transactions, unfortunately they're liable to potential fraud chargebacks, they can be disputed up to X amount of days later and fraudsters like to take advantage of that. And so that's a main sort of fraud that merchants are exposed to and there's very different variations on it. The main one is that, someone approaches a merchant and calls them over the phone and says, "Hey, I can't come in right now, but I need to order X amount of goods. I'll send someone around to pick them up." And so someone comes around to pick up the goods and unfortunately down the line, the merchant receives fraud chargebacks. So that's a very main sort of one.
Al Grego:
Right. So just a couple more things here. Card not present fraud, 254 incidences and an average gross fraud per incident of 23,000. So that's how much loss there was on average?
Jacob Goguen:
How much exposure there was on average.
Al Grego:
Oh, I see.
Jacob Goguen:
Fortunately, there are times where we're able to leverage our resources and affect some sort of recovery for the merchant, and it's very rewarding when we can do that. However, that's to say that, on average, and this is the result of some outliers as well, but on average it can be within this sort of range, when a merchant is targeted, for sure.
Al Grego:
All right, great. Thank you so much. Jacob. If people want to learn more about fraud and fraud prevention, where could they go?
Jacob Goguen:
I would recommend for people to go to our moneris.com support page, where we have many different guides about how to prevent and how to detect potential payment and credit card fraud incidents and attempts. The second thing I would recommend, is for fraud knowledge in general, you can always go to the Canadian Anti-Fraud Center website. You can just put this into Google and it'll be the first thing that comes up. And there's lots of really great stats about how fraud is affecting Canadian businesses and Canadian individuals, and there's also a helpline for victims if they have any questions about next steps.
Al Grego:
Okay, great. Thank you so much, Jacob, for your time today.
Jacob Goguen:
Thank you Al.
Announcement:
Ask an Expert.
Al Grego:
I'm joined by Maria Cameron. She's the director of Portfolio and Process Risk Management at Moneris. Maria, thank you so much for joining me today.
Maria Cameron:
Thank you for having me.
Al Grego:
Maria. We just had Jacob on from your team and he shared with us some pretty dire numbers when it comes to how much businesses lose to fraud every year in Canada. You're here as our expert to talk about how business can protect themselves from being targets of fraud.
Maria Cameron:
Correct. As Canadians are shopping more and more online, more than ever before, there's things that businesses can do to protect themselves from fraud. So I can give you some key considerations and some steps and measures they can do to manage their risk. So the first one would be, incorporate address verification or 3D secure. So unauthorized users may not know the billing address associated with the credit card that they've stolen, making address verification services mandatory on their checkout or 3D verification, will allow you to compare the billing and postal code used in the transaction with the information on file with the credit card issuer. This is a widely used fraud prevention tactic that eMerchants can rely on to safely verify the validity of their orders.
Al Grego:
Yeah, I've seen this happen. When I've ordered a t-shirt on online, for example, and I enter my own address and then it shows me, would you like to use the verified address, which makes me feel better that I'm not sending a new T-shirt to my neighbor.
Maria Cameron:
Correct. They also can try address auto complete, to avoid human data entry errors, as customers sometimes will legitimately place an order and maybe write their address incorrectly.
Al Grego:
Right. Yeah.
Maria Cameron:
They also may fail to complete their whole address information, like forgetting to include their suite number.
Al Grego:
Right.
Maria Cameron:
So catching errors like this, may require manual review of orders. So they can use Canada post's address complete tool, which is a good way to validate addresses. Or they can usually use a free website, which is Canada 411, where local people can verify business addresses.
Al Grego:
Oh, cool.
Maria Cameron:
There's also a tool, which is CVV at checkout. This is conducting the security code check. This helps prevent fraudulent transactions again, by verifying the three or four digit number on the back of the customer's credit card, they can confirm that the owner of the card is the one making the purchase. And lastly, they can use Moneris' Count. This is a security application for increased protection. This is a software and technology tool available to help our e-commerce merchants protect their businesses from risky transactions and fraud. This actual application and tool can be used in the context of any e-commerce platform and can help them automatically detect high risk orders, authenticate customers, and block and redirect fraudsters based on geolocation. And right now, Moneris' Count is 30% off.
Al Grego:
Oh, that's perfect. Great timing to have a promotion like that.
Maria Cameron:
Yes, it is and it's a great tool.
Al Grego:
Now, if our listeners wanted to learn more about that promotion or any other fraud tools, where would they look?
Maria Cameron:
For any information, they can go to moneris.com and all the fraud tools and contact information is readily available.
Al Grego:
Excellent. Thank you so much, Maria.
Maria Cameron:
You're very welcome.
Announcement:
Save The Date.
Al Grego:
I'm joined by Amanda Ibrahim. She's the Senior Events and Sponsorship Specialist at Moneris. Amanda, thank you so much for joining me today.
Amanda Ibrahim:
Hi, Al. Thanks for having me.
Al Grego:
So, we're looking at the March calendar of events. What do you have for us?
Amanda Ibrahim:
On March 2nd, Marta, the Moneris VP of Products will join MasterCard on a panel for Express to Impress, powered by MasterCard at DX3.
Al Grego:
Excellent. And for our listeners who want to find out more about this one, where can they go?
Amanda Ibrahim:
To find out more about this event, they can visit, dx3canada.com.
Al Grego:
Okay. And what else do you have?
Amanda Ibrahim:
On March 7th at 12:00 PM Eastern Time, Moneris is hosting a fireside chat to honor this International Women's Day, join the conversation with four trailblazing women leaders from the Moneris sales team.
Al Grego:
Oh, excellent. Anything else?
Amanda Ibrahim:
On March 29th at 1:00 PM Eastern Time, we have our semi-annual Canadian Consumer Behavior webinar, join data expert, Sean McCormick as he shares the 2023 Consumers Spending results.
Al Grego:
That's great. So if anyone wants to register for either one of those two webinars, where can they go?
Amanda Ibrahim:
You can find the registration links in the description of this podcast, if you're interested in registering for either of those events.
Al Grego:
Thank you so much, Amanda, for your time today.
Amanda Ibrahim:
Thanks for having me, Al.
Al Grego:
That's all we have for this month. I hope you found this episode informative. If you haven't already, check out Moneris' other award-winning podcast, Yes, We Are Open. In that podcast, I travel the country, telling the stories of small Canadian businesses, their origins, struggles, and future outlook. If you like motivational stories of perseverance and triumph over adversity, you'll love, Yes, We Are Open. Here's a little taste. I have a question for you. What do the following businesses have in common? A cannabis store, an athletic wear brand, dog biscuits, a tech startup, a travel agency, hairdressers, a kids' dentists, and a manufacturer of silent booths? Of course, the answer is, they all have stories of struggle and perseverance to tell and you can listen to them now on season three of the, Yes, We Are Open podcast. Subscribe now, wherever you get your podcasts.
Jacob Goguen:
If you haven't already, you can subscribe to this podcast and, Yes, We Are Open, wherever you get your podcasts.
Al Grego:
And if you'd like to support this show, share this podcast with your network or review us on Spotify or Apple Podcasts. And finally, if you have a payment related question you'd like to submit to one of our experts, you can email us at podcastmoneris.com.
Jacob Goguen:
Join us again next month for more expert insight and data to help you grow your business.
Al Grego:
Thank you so much for co-hosting, Jacob.
Jacob Goguen:
You're welcome. This was really fun.
Al Grego:
On behalf of Jacob, myself, and the rest of Moneris, thank you for listening to Shop Talk. Talk again in April.