By Doug

Although scams are heightened during the holiday season, they are truly present year round.  Here is a link to an article about a situation in which a local grocery store, that has money transfer services, was defrauded for nearly $1000.  This particular type of scam is called 'social engineering.'  Social engineering is when a scammer is able to trick a legitimate employee, or even business owner, into providing information or taking actions that will put the business at risk for losing funds in a fraudulent manner. 

Social engineering is often targeted at getting the employee or owner to either conduct the necessary actions which will allow the scammer to defraud the business, or to trick the employee or owner into providing login information for financial accounts or other online access which would allow the scammer to move funds once obtained.  An example of this is merchants that use virtual terminals to process credit card transactions.  If the scammer is able to obtain an administrator's login information to the portal on which a merchant maintains their customer credit card information, the scammer may be able to transact fraudulent credits to prepaid debit cards (gift cards) under their control and use the funds for purchases or cash advances before the merchant is aware of the fraud.

The ways in which the scammer tricks the employee or owner or many, but often center around a theme of being a legitimate employee of the credit card terminal manufacturer or processor, financial institution, or other legitimate entity.  A business can protect themselves from this by training employees to never give out sensitive information via telephone, or even in person, unless they initiated the communication via validated phone numbers (as opposed to phone numbers provided by questionable individuals), and to check the identification of any on-site service people.  A legitimate service organization will normally schedule an appointment as opposed to simply showing up.

History has shown us that this type of scam is often conducted by merchants that use simple terminals as well.  Terminals can be taken off line or put in training mode which will make any "transaction" run through them to appear to have been authorized (to the extent of providing a fake approval number) when the terminal never dialed out for authorization.  The transaction later comes back as a chargeback from the card issuer as 'No Valid Authorization' and cannot be fought.  The funds are gone. 

This is very common at financial institutions where the scammer tricks the teller employee to take the terminal off line and then conducts a cash advance.  Scammers often have counterfeit credit cards made up with the cell phone number of accomplices printed on the back of the card instead of a valid customer service phone number.  The accomplice instructs the teller how to "get an approval" when they are really instructing on how to take the terminal off line.  Organized rings travel the U.S. conducting this type of fraud and often have fake identification to match the name on the counterfeit credit card.  The rings are often sourced from California, Florida, or Georgia.

If ever in question about whether a situation involving your credit card processing is legitimate, please contact Wind River Financial at (800)704-7253.