3.4 Payment fraud - Recommendations
- Law enforcement should set up confidential platforms for businesses to report the theft of sensitive data and other compromises.
- Law enforcement should establish Single Points of Contact (SPOC) to liaise with the financial sector and direct all incoming and outgoing information flow through this channel.
- Law enforcement should establish procedures for notifying financial partners in case compromised data is discovered in order to mitigate potential or further fraud.
- Law enforcement should engage fully with Europol’s EC3 and Focal Point (FP) Terminal. Exchange of operational data with other Member States (MS) and EC3 may lead to identification of common links between the cases and prevent duplication of investigative efforts. Law enforcement agencies should share lists of forums and AVCs.
- Law enforcement should strengthen cooperation and information sharing with other MS as well as with countries where the compromised cards are cashed out.
- Law enforcement should cooperate with search engine operators to prevent carding forums featuring among the search results.
- For skimming cases close cooperation with banks is essential to swiftly identify common point of compromise and to link crimes to the relevant case. Time is of the essence as these crimes are often committed by migrating criminals.
- If not possible to take down identified forums, law enforcement should consider infiltrating these with an undercover presence where national legislation permits.
- Following the successful operations against airline fraud, other areas of payment card abuse should be identified and addressed on a European or national level.
- The financial sector and merchants should implement the existing anti-fraud measures such as Geoblocking and 3D Secure to protect their customers from abuse of their payment card credentials.