Cyber criminals use a plethora of ways to make money from their criminal activities. They may steal the data from an online merchant and sell it on the black market. Another trend is to take over your customer’s account and demand product replacement under a warranty claim.
The criminal can find customer information on the dark market that was previously stolen from the merchant’s network and then impersonate the customer when they contact the company’s customer service department. Or data may have been stolen directly from the customer’s personal computer.
If the online merchant has a high customer satisfaction culture, the company may readily accommodate the imposter customer and send the replacement merchandise. After all, the customer service rep has little reason to doubt the imposter, since the imposter knows so much about the customer’s account with the merchant.
The business loses two ways. It is providing replacement products for free to a noncustomer which equals zero revenue. It has also jeopardized its customer relationship. The customer’s data may have been stolen from its own network. Even if the data was stolen from the customer’s computer, no business can 100% guarantee the business is not at fault.
What a business can do
A business should include safe guards on replacement requests. Adding 2 factor authentication can help. While a fraudster may be able to change the customer’s email address in the online account, it is harder for the fraud to occur if the customer has to also enter a security code sent to his phone number on record.
Customer service reps can be trained to ask questions that may alert them if it is a fraudster, such as how the imposter damaged the item and how much they used it. Some of these answers may not sync with the purchase period and allow the customer service rep to postpone immediate replacement. A call back to the customer’s phone number on record may be useful.
Customer service reps should be cautious about warranty claims on accounts where the customer recently changed all contact information – email address, street address, and mobile number. Most people move with at least their email address and many take their mobile number as well.
Another action is to have your cybersecurity specialist regularly check customer names against data posted on public data dump sites. If there is a high number of matches, have him create a file of the names and contact information. Have replacement requests run against the file. If a potential fraud is occurring, have procedures for the customer service rep.
Keep yourself informed on current aspects of cybersecurity by receiving our daily blogs!…..join us on Twitter and Facebook!