Boost your security with a few simple actions
March is Fraud Prevention Month and what better time to do a little online spring cleaning?
In the past year, among the many brands that made the headlines we have Macy’s, Marriott and other Starwood Hotels, and Kay Jewellers. These companies have something in common, and it is not the size: they all store customer data. So, if you think you are off the hook because your company is not meaty enough for hackers, ask yourself this simple question: “Do we store customer information?” Or as a consumer, does anyone store your data?
And by this, we mean any kind of information. If the answer is yes, keep reading to learn how you can boost your security with some quick tips:
1. Passwords are not enough.
Account takeover (ATO) is the most widely spread form of fraud. It takes advantage of those security systems that rely on static PII information: if the answers provided by the fraudster are correct or the device or IP the fraudster is spoofing seems legitimate, there is no reason for a company to decline a transaction. However, given all the major data breaches in the last months, cybercriminals will have all the stolen static data ready for the next shopping season. You need to find a way to devaluate the individual stolen data entered on the screen and ensure you can trust the human behind the device. Dynamic layers such as passive biometrics and behavioral analytics are leading the battle against ATO and other forms of fraud in the CNP channel.
2. There is more than checkout or transaction fraud.
Often times bad actors have no intention of using a victim’s account for a purchase event. Instead, they are looking to steal stored value such as rewards dollars, loyalty points, or tickets from accounts, never actually processing a payment card. If you are only monitoring purchases and transactions, you are leaving yourself open to a whole world of risk you have no visibility into. In one highly published event from 2016, a bad actor who was later caught, was able to cycle through $1.4 million of unclaimed rewards receipt numbers to collect the points online. Having all points of risk monitored and secured, not just the purchase, will ensure your web and mobile traffic is not a target for bad actors.
3. Rules are made for a reason.
During peak shopping seasons, some companies tend to adapt rules to lower friction, reduce the number of customer insults, and increase conversions – and that’s just what cybercriminals are waiting for. Hackers use these seasonal security changes to hide among the crowd, take advantage of companies’ eagerness to sell, and leave them with exorbitant losses. Don’t stumble twice over the same stone and leave your rules alone. There are other ways to provide the same frictionless shopping experience without sacrificing security.
4. Low risk is still risk.
Hackers don’t wake up one morning, bump into your site, and decide to execute an attack right there and then. They take their time. They will first do their homework and begin by probing your site for gaps and unprotected areas. If you or your team are analyzing the traffic on your site, it is easy to overlook those signs, as they don’t pose a big threat per se. However, they are a good indicator of an approaching risk. Now is the time to develop a strategy that looks at these low-risk events and save yourself from future regrets. It is critical to have a system in place with real-time intelligence that allows you to react as the attacks happen, instead of having to be reactive to disaster.
5. Two channels are better than one.
Don’t focus on monitoring the web channel only. Remember, hackers are smart and if you think that protecting one channel is enough, there is a good chance hackers will figure that out. Develop a strategy to protect your mobile channel as well. The mobile channel, in particular, is often overlooked and has become the path of least resistance and highest profit for fraudsters. The Mobile Payments & Fraud 2017 Report revealed that 92% of merchants saw an increase of mobile fraud as a percentage of their total transactions.
Through our NuData aggregated consortium of billions of anonymized data points, we have been able to identify a trend: there is always a calm before peak shopping seasons. Last year was no different: we saw a drop in fraudulent events in the last weeks of 2019 that responded to the preparation time before Black Friday and Christmas. The hacker will target you only if you are easier to penetrate than your neighbour. So, with that in mind, make sure you are not caught off guard, and review your anti-fraud strategy to make it, at least, better than your competitors’.
Related to this post: Do you trust your customer?
Want to learn more about biometric authentication? Download our co-sponsored Aite Group report, Biometrics: The Time Has Come.