Jameco’s Life in the Wild, Wild WestBy Greg Harris
The email looked like every other I get from my boss. In this case, he was asking me to do something I'm not normally responsible for, but that's not unusual. He asked me to wire transfer $45,000. We typically use wire transfers to send large amounts of money when the timing is critical. I wasn’t exactly sure why he was asking me to do this task, but I was happy to comply.
Before acting, I had a few questions so I picked up the phone to call him, but he wasn't at his desk. I checked the email more closely and saw he sent it from his phone and thus assumed that he had to step out of the office. Since I had seen him about 10 minutes earlier and he hadn't mentioned anything, I assumed it was some type of emergency, so I started to pull together what I would need to get it done.
We don't just send out money, of course, we have a process to follow. So, I printed out the email and headed over to the Accounting Department to make it happen. The walk from Marketing to the Accounting Department takes a few minutes. While I walked, with nothing better to do, I found myself re-reading the email. The email I read on the screen looked a little different printed out on paper. Instead of just seeing the person's name, the print out had the full email address spelled out. I read through the whole email a second time and while I couldn’t place it at first, something just felt wrong.
My highly trained marketing sense has been honed through generations of inbreeding. I have super marketing vision that is able to spot a typo at 100 paces. These eagle eyes are the mortal enemy of the typos that try to cling to every catalog we publish, and it was this amazing super vision that spotted a single letter that was out of place. The email from my boss was sent from Jamecco.com. Did you catch that? One too many c's in that email address! Other than that there was no clue that this email was a fake.
On my way to the Accounting Department, I spotted the CEO in the hallway. I shoved the email under his nose and told him I had a question about this email he just sent me to see what kind of reaction I would get. I watched his face first contort and then I saw a hint of fear as he clearly wondered if senility was setting in decades too early as he read an email that he just wrote that he didn't just write. He didn't catch the typo.
When I directed his attention to the spelling of the email address, his face relaxed comforted by the fact he wasn't losing his mind, and that it was just another fraudulent attempt to illegally relieve Jameco of its hard earned money.
The number of fraud attempts in recent months at Jameco is dizzying, and we think it will probably get worse before it gets better. The entire credit card industry is rolling to new counterfeit-proof credit cards, and since historically 37% of all credit card fraud happens with counterfeit cards, many of the crooks are now apparently out of a job. What's a crook to do? When this same transition happened in Europe a few years ago, as counterfeit cards disappeared, other types of fraud skyrocketed.
While I was momentarily fooled by this email, Jameco worked hard to put a range of new processes in place to both protect Jameco and its customers. This means that at times our efforts to catch fraud before it happens are a little too good, and some legitimate, well-meaning customers get caught up in our fraud traps. Thankfully, we're typically able to solve this problem quickly, and most customers realize how difficult it is for companies like Jameco to employ the perfect amount of fraud protection.
The fact that this fraud attempt included lots of research and effort is a little scary. I'm confident that even if I didn't catch the typo, our processes would have protected us in this instance, but I thought it was important to share this story and highlight our attention to security (both yours and ours).
Jameco strictly follows a process spelled out by the Payment Card Industry that establishes data security standards. These standards include a long list of processes and practices designed to safeguard customer data. For instance, it might surprise some to know that Jameco doesn’t actually store customers' credit card information anywhere on our computer servers. Instead, we convert customer credit card information into an encrypted code and use that code to communicate with the credit card companies.
Jameco is not alone in its efforts to protect against fraud. We will work to balance our protection with customer convenience and hopefully find a happy medium. I truly hope only a tiny fraction of our customers are inconvenienced by our tighter security measures, but I suspect most customers will understand these steps are for all of our protection.
Have a fraud story that you would like to share? I would love to hear your story. Write to [email protected] and share your experience.