NuData Security’s Ryan Wilk discusses the two most popular fraud methods and how to move beyond spoofable data in this American Security Today article.
The Two Most Popular Fraud Methods
A favorite type of fraud these days is account takeover (ATO), in which cyber criminals access an existing user’s credentials (personally identifiable information) that allow consumers to log onto online banks, retailers, gaming sites or social media. Using an existing genuine account allows a criminal to masquerade as a genuine customer to transfer funds, use the payment method on file to make a high-value purchase or simply mask fraudulent transactions. Accessing these accounts has become easy through one of three common practices:
- Using brute force automated attacks for account takeover, which are systematic assaults (also referred to as “bots”) that use a script to continually “guess” a user’s password
- Attempting combinations of usernames and/or passwords obtained through data breaches, both large and small
- Cycling through easily remembered passwords, like “Password123,” or words like a child’s name, street name, birth dates or other data socially engineered from public profiles
There are two primary reasons that ATO will remain popular among fraudsters. First, passwords can no longer be relied upon to keep a user’s account secure. Second, traditional fraud prevention systems that primarily use rules-based systems to analyze payment and personal identification information (PII) do not have the ability to determine if a user accessing an account is in fact the real user of that account.
For the complete article, go here.