Fraudsters don’t take holidays – They wait to take advantage of them
While fraud and security pros were packing shades and sunscreen for some 4th of July holiday fun, fraudsters were quietly preparing and waiting for an entirely different kind of burn.
Leading up to this year’s July 4th festivities, bad actors were ready and waiting to target U.S. banks, eCommerce entities, major retailers, and others with massive fraud attacks.
While people were off and partying, commencing at 3 pm Eastern on July 3rd, NuData Security experts observed, tracked, and thwarted a critical uptick in attack volume against some of the major retailers, eCommerce entities and banking and finance institutions it protects.
NuData found that one U.S. bank was hit nearly 1,900 times per second at their login (~7M logins per hour), an onslaught that continued steadily for nearly 48 hours.
Fortunately, the bank had aggressively shored up their fraud prevention defenses by implementing NuData technologies and were more than ready for the flood of fraud attempts. While these bad actors may have been hoping for a lapse in security to set off some fraud fireworks of their own, NuData’s solution was actively at work; effortlessly scaling, identifying, and mitigating the massive flood of fraudulent transactions in real-time – without impacting legitimate customers who needed to make holiday transactions of their own.
This shows why banks, eCommerce, and other organizations transacting online increasingly rely on behavioral analytics and passive biometrics to immediately identify and serve their genuine customers and reject fraudulent activities – whether or not their fraud department is on holiday.
Some things to keep in mind before a holiday
Go mobile or go home: The world transacts on the go – tune your defenses to identify mobile-specific attacks. Fraudsters use sophisticated ploys to target iOS and Android software that go unnoticed by consumers and companies need to step up the game to protect their customers. Be sure your organization has layered, preventative measures in place to differentiate between good and fraudulent activity coming from the mobile channel.
Prepare for the unexpected: Know what your system can handle as well as what it can’t handle. Be prepared for unexpected events and contingencies; they will happen and having a contingency plan will save your company additional costs and headaches. Ensure that your website security is in place, and test for security loopholes and account protection gaps regularly.
You will be attacked: Given the breaches and leaks of the last two years, virtually anyone’s stolen credentials are available on the dark web, so if you haven’t been attacked yet it’s just a matter of time. As tempting as it seems during high-traffic periods, don’t lower your user’s authentication barriers to increase conversions – this is exactly what fraudsters expect. Continuously look for anomalous traffic such as unusually high purchasing volumes or dollar amounts. Keep an eye out for multiple failed login attempts on the same account, for new accounts with immediate high-ticket item purchases, and for high volumes of account testing across multiple IPs and device ID’s.
The key takeaway for every organization: don’t get complacent. Tune and tighten your defenses because fraudsters never take a holiday.
—
Related to this post: How to enjoy Amazon Prime Day without the fraud Demogorgon