Another party has unlawfully acquired a legitimate pre-existing account, this is the definition of account takeover
fraud. It occurs when someone other than the true customer changes an address
on an account and then obtains cards, a PIN and/or checks. They then use the
account for purchases or cash advances up to the credit limit. By making payments
with NSF instruments or transferring balances the fraudster is able to use the account beyond the pre-set credit limit.
There are
steps you can take to control losses from this type of fraud. It is, unfortunately,
almost impossible to prevent completely. When a substantial amount of this type
of fraud occurs, it is not unusual to find an employee as the source of the information that was used to bypass the security
measures to validate the identity of customers.
To be successful
the steps you need to take to control losses must be designed to alert your institution that addresses have been changed fraudulently
and it must be done before the thief is able to commit any fraud. The next step
is to have in place methods to detect and stop the source of the compromised data. This
includes a formal data security program and control over issuance and use of operator codes, control of reports containing
privileged information and a knowledge of the sensitive data your employees have access to.
Do they need the entire SS# or have access to CVV2 codes.
