Blog

Blog

When is Fraud Friendly? E-commerce Fraud 101

locked padlockIn the e-commerce world, there are three common types of fraud: First Party Fraud Third Party Fraud Seller Fraud First Party Fraud This is when the customer is legitimately trying to scam you. In e-commerce this might be: Claiming a product wasn’t delivered Reading a book and requesting a refund Claiming they didn’t make the charge on the credit card What makes this difficult to combat is that it may be seasonal; recession time sees an increase in first party

Read More >

Increase E-Commerce Profits using Risk Based Authentication

Security Token Risk Based AuthenticationMost websites use the combination of usernames and passwords. Both are items that a user knows.  Asking “what street did I grow up on”, is just asking more things that a user knows, firms that do this are just implementing more KBA’s. Economics of Authentication To use some basic economics, the addition of the password as opposed to not requiring validation has a huge marginal benefit to the company. Implementing a second, and third and forth has an ever decreasing

Read More >

4 Big Problems with Knowledge Based Authentication

security_questionsLet’s look at the traditional method of Knowledge-based authentication to understand its shortfalls.BackgroundSince the dawn of the web, online account authentication has barely changed. A user would input their username (email or screen name) and follow up with a password.This is the foundation of knowledge-based authentication (KBA)For companies that aim to appear more secure, it isn’t uncommon for them to use knowledge-based authentication questions in addition to your password. I bank with two different bank accounts; both ask me what

Read More >

What is Risk Based Authentication? (KBA)

OTP-token Risk Based AuthenticationRisk-based authentication process applies varying levels of strictness to the authentication process based on the probability that a given application can be compromised. The authentication process becomes restrictive and casts a wider net based on the increase in risk.Understanding the Types of AuthenticationAuthentication methods are usually grouped into a few different factors.1.    Ownership FactorsBank cards, security tokens, mobile phone. Physical objects which a user is required to be in possession of. The risks to these types of authentication are theft

Read More >

Account Takeover – How Do Criminals Do It?

scripted-replayWe do not condone or support this and only aim to describe how easy it is for criminals to steal user account details. In 2013 alone we have seen the New York Times, Associated Press’ Twitter and the Ubutu forum hacked. These were all made possible by password theft. When a criminal tweeted as Reuters, the stock market dropped. The consequences are huge. We describe in 4 steps, how easy it is to perform these devastating attacks with very little

Read More >