Page 23 - Cyber Warnings
P. 23
Little imagination is required to understand the possible devastating effect of
failing to prevent orders or bank transfers . While these systems are still relevant in terms of
apprehending other forms of fraud and some instances of account takeover fraud, they can only
examine payment and some device information, not the user’s behavior at the time of login.
ATO is popular, but new account fraud is on the rise as well. According to a 2016 report by
Javelin Strategy & Research titled “2016 Identity Fraud: Fraud Hits an Inflection Point,” there
has been a 113 percent increase in incidence of new account fraud, which now accounts for 20
percent of all fraud losses. In most cases, the information obtained is enough to apply for new
financial accounts, many times without the victims being aware for months.
New account fraud and ATO are being automated for greater efficiency. Hackers write scripts
that can be run by bots en masse to attack systems using that data. Scripted attacks can be
tricky to detect, as the perpetrators have studied the account creation and login pages of their
target company to ensure that each field is completed correctly and appears legitimate.
Standalone fraud prevention systems are merely looking at the information provided in the order
or application, not the behavior displayed when logging in to or creating an account.
In an ironic twist, businesses can go so overboard with security that they lose more money by
their own efforts that by fraud. Here’s how: if companies apply excess caution when reviewing
orders, they sometimes mistake good orders for bad.
When this occurs, the merchant is not only losing the immediate sale, but also in most cases the
lifetime value of that customer. Javelin Strategy & Research evaluated this issue in a sponsored
study entitled “Overcoming False Positives.”
Roughly 33 million—or 15 percent of all—cardholders had a transaction denied because of
suspected fraud in the past year. That’s resulted in a nearly $118 billion loss. In contrast, actual
ecommerce fraud in the U.S. only reached $9 billion. Merchants need a better way to save
these legitimate sales while still preventing the potential dollar loss due to sophisticated fraud
tactics.
New Fraud Methods Require New Detection Methods
This overreaction is costing businesses, yet ATO and new account fraud are growing at a rate
of 60 percent over three years – what can be done? It is time that financial institutions and
online companies consider new detection methods.
With many traditional fraud prevention tools, only the data entered into a shopping cart or
account creation form is analyzed. Some will look at device or connection, which can be
spoofable.
23 Cyber Warnings E-Magazine – June 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
