Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
December 20, 2010
You better watch out! ...Santa goes cyber
Happy holidays from the Retail Payments Risk Forum!
As this world has drifted away from traditional written communication to a fully electronic communications process, we see that Santa Claus has finally moved into the 21st century. On a network news show this week, we saw that there are still plenty of letters being written to Santa in the conventional way, but data from the industry consultant Javelin Gifts has shows that only 26 percent of all Christmas lists are in paper form. Most kids now want to communicate with Jolly Ol' Saint Nick electronically. The benefits appear to be extraordinary for both the wide-eyed children and the man himself, not to mention the beleaguered elves that can now use automated list sorting tools, name and address directories, and list matching to ensure the elimination of duplicate orders. A new feature labels each entry with a GPS locator that cuts down tremendously on useless flying around, thereby dramatically improving the overall "bales-of-hay-per-mile-flown" reindeer efficiency measure.
Santa's new website unveiled
Recently, we explored Santa's new site, where you can choose a variety of options, including the usual descriptions and pictures of Santa's house, Mrs. Claus, all the important workshops, the latest Elf of the Month, and live video of the reindeer in their stables. The main tab Christmas Lists is, of course, the place for all boys and girls to go to enter their wish lists, following a brief application process (name, address, age, chimney/no chimney, naughty/nice, etc.) and the usual OFAC—Office of Foreign Assets Control—screening to ensure that those kids requesting bomb-making material are not terrorists. Recent attempts to hack the site have revealed that Santa's firewalls are pretty darn good, ensuring that there are no last-minute denial-of-service attacks from the Grinch or other such hooligans intent on spoiling Christmas for the rest of us. The site also appears to have pretty strong SPAM filters to counteract the recent attempts of high end retailers trying to get Santa to provide only their brand of products.
Two other tabs are prominently shown. First, there is a live chat room where the customer can chat with specialist elves to get expert opinions on some of the hottest toys, including the current backlogs in production. Second, a tab called Value-Added Services encourages the customer to take advantage of things like gift wrapping, special notes from Santa, gift recall lists, and roof/chimney repair services. The fees associated with such services help keep the site maintained and contribute to the necessary overtime pay that inevitably piles up the last week before Christmas. One of the more interesting services is a data privacy service that provides for a Christmas list to be encrypted, thereby preventing prying eyes from seeing what they are getting under the tree. Of course, this also helps Santa stay out of legal trouble and avoid cumbersome government-mandated data breach reporting.
Wrestling with Christmas Criminals
Recently, the North Pole has had to address a growing number of account takeover concerns about Ukrainian hackers posing as children who might try to compromise the website on Christmas Eve, changing the addresses associated with some of the more attractive gift lists. The most effective malware to date rode in on a piece of spam entitled "Cookies and Canes" that the jolly old elf couldn't resist opening. My understanding is that Santa has fixed this problem by moving his site to a separate computer from his personal e-mail laptop.
Before logging off, we clicked on another tab called Flight Tracker that allows concerned parents to track the progress of their children's deliveries on Christmas Eve. This can be particularly helpful if Santa gets to your house at, oh, say 5:00 a.m. and you need to barricade the hallway to forestall the progress of some particularly geeked-up kids who wake up way too early and want to check out the tree.
And to all a good night!
Upon reflection, we were really impressed with Santa's new website, but disappointed that he had to implement so many fraud detection and prevention tools. However, there seems to be even more features to come. A news line scrolling across the bottom of the page promised upgrades next year to text messaging and Facebook for those kids who just don't have the time to send e-mail.
While the point of all this may seem to be to let you know that no one, including Kris Kringle himself, is exempt from fraud in the electronic world, it really is just a way to give our staff a week off from serious blogging and to wish all our dedicated readers a very Merry Christmas and Happy Holidays! See you next year!
By Rich Oliver, Cindy Merritt, and Ana Cavazos-Wright
TrackBack URL for this entry:
Listed below are links to blogs that reference You better watch out! ...Santa goes cyber
Happy holidays from the Retail Payments Risk Forum!:
- EMV Comments That Make Me Cringe
- Taking a Quantum Leap into Payment Security
- Looming Questions with the Rollout of NACHA's Mandated Same-Day ACH Rules Change
- AdmiNISTering Passwords: New Conventional Wisdom
- Mobile Banking and Payments—What's Changed?
- Risk Mitigation Isn't Just for Banks
- The Simple Consider Three but Four is the Key
- As with Nuclear Disarmament, So with ACH: Trust, but Verify
- The Personal Cost of Fraud
- When Fraud Hits Home: Questioning Today’s Authentication Methods
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud