NuData Security
  • Solutions
    • NuDetect for Account Takeover
    • NuDetect for Good User Validation
    • NuDetect for Continuous Validation
  • How It Works
    • Layers
      • Device Intelligence
      • Behavioral Analytics
      • Behavioral Biometrics
      • Trust Consortium
    • Interdictions
    • Integration
    • Mastercard Trusted Device
    • Connected Intelligence
  • Use Cases
    • Account Takeover
    • Good User Validation
    • Card Testing
    • Automated Attacks
    • New Account Fraud
    • Loyalty Fraud
    • Success Stories
  • Industries
    • Banking & Financial
    • eCommerce
    • Digital Goods
    • Healthcare
  • Resources
    • Articles
    • Blog
    • Brochures & Datasheets
    • Case Studies
    • Infographics
    • Videos
    • Webinars
    • Podcasts
    • Reports
    • FAQ
  • Company
    • Privacy by Design
    • Awards & Accolades
    • Careers
    • Events
    • News
    • Partners
    • Press Releases
  • Contact Us
  • Demo
  • Search
  • Menu Menu
  • Twitter
  • LinkedIn
  • Youtube
Wild animal giraffe standing indoors merging with spotted background with a pattern of the skin of a giraffe. Creative conceptual illustration. 3D rendering.

The not-so-obvious cost of fraud to your company’s bottom line

It’s no longer a matter of if your business data has been breached; it’s a matter of how much has been stolen and who has it.

The dark web — a part of the internet only accessible through special software and authorization mechanisms that enable users to browse anonymously — is, in essence, a data supermarket. Fraudsters breach online consumer accounts, then sell stolen data to other bad actors who use that information for illegal activity. Hopefully, this is not news to you, but not many realize that the losses from fraud travel far beyond the fraud itself, severely impacting your bottom line in unexpected ways you may have labeled as an “operations problem.” We are going to break those down here.

But first, how is data stolen and how do fraudsters use it?

For fraudsters, criminal activity is their full-time job — and they’re pretty good at it. A fraudster needs only minutes from the point they purchase stolen data to when they use it. In 2020, 36 billion online user records were exposed, with the average price of customer credentials selling for $5 to $25 on the dark web.

Bad actors then leverage that purchased data to execute customer account takeovers through credential stuffing — using stolen user login credentials in attempt to access millions of websites such as banking, eCommerce, travel, and entertainment accounts. And given that 70% of consumers use the same password for all of their online accounts, fraudsters often have success logging in with the same credentials on various sites. Many incidents occur from automated methods like botnets, replay attacks, wireless keyboard and mouse hacking, and velocity variations (i.e., executing attacks at different frequency rates to avoid detection).

Due to their patterns, automated attack methods are usually easier to pin down. However, once those methods are blocked, many fraudsters turn to human-driven attacks. Bad actors execute these methods manually through repetitive copy and pasting of customer information to create new accounts or solve CAPTCHA questions redirected from bots to the human worker.

The not-so-obvious cost

This is where many fraud losses hide:

Authorization rates: Also known as bank acceptance rates, these are the rates that banks approve a customer purchase from your business. When customer accounts at your business are compromised, banks are notified of the fraud and either automatically or manually lower your acceptance rate. This change can affect every single purchase from other customers with safe accounts and restrict sales opportunities until you clear the issue up with the bank or credit merchant — an arduous process.

Misleading conversion rates: Fake noise created by bad actors with new account fraud like free trial downloads, fake reviews, inventory hoarding, and fraudulent purchases can skew the perceived success of a product or program in your business. As a result, you could make important decisions to continue or end a product or program without completely understanding the validity of its performance. For example, a sign-up promotion you think was a failure because the conversion rate was 1%, could actually be a success because 90% of the traffic was bot traffic.

Cost of finance: When your customer’s account with your business is hacked, there’s a good chance they’ll be less trustworthy to use a credit card with your business. Consequently, the customer may instead use other purchase means like gift cards or prepaid purchase cards when shopping with your company. These payment forms typically cost more in transaction fees for your business than a regular credit or debit card. For example, even if 1% of a high-revenue business’ customer base were to switch payment methods, this change could potentially add up to millions of dollars in extra costs per year.

Technology impact: Technology may make business more efficient, but it comes at a cost. And that cost can be altered by bad actors. According to our own data, for every legitimate login, there are 3 to 5 fraudulent ones. Any traffic, such as login attempts, is a transaction that takes up server bandwidth and power. So each illegitimate account that engages with your business also equates to more server space, licensing costs, hosting costs, and labor — all adding up to more money spent.

These potential ramifications are why it’s imperative to defend your business and customers against bad actors. Ensuring proper protection comes down to your company’s defensive strategy.

Break the cycle from dark web to bottom line

To stop fraudsters in their tracks, you need to make attacks more expensive for them. Just like your business, fraudsters also care about their bottom lines and the ROI of their actions. The tougher you can make it for bad actors to attack, the more likely they are to give up. There are two critical steps to breaking fraudsters’ attack lifecycles:

1. Find the hidden impact

While breaches like account takeovers and new account fraud are typically easier to spot, you must find the underlying damage fraudsters are doing to your business. Bringing these costs to light also helps other decision-makers in your company better understand the true severity of fraud, ensuring buy-in for necessary security tools.

If your security measures need to be improved, it could be beneficial to analyze your network for abnormalities. Are there free trials your company is running that are overperforming compared to past initiatives? Is there a user leaving hundreds of negative reviews that look suspicious? Are chargebacks surging? It’s critical to work with all departments involved in your company to solve these potential issues. For instance, talk to your customer service team to see if they’ve encountered any questionable behavior or customer requests. Or consult your marketing department to identify any strange patterns in free trial or conversion platforms.

By identifying the potential holes in your network’s infrastructure, you can consider where you need to investigate potential bad actors. And when you know the hidden costs behind the fraud, you can better understand where the true damage is occurring and adjust security accordingly.

2. Use a multi-layered security approach

Ideally, for each layer a fraudster tries to compromise, your security should have an answer.

For example, you can block simpler attack methods with an advanced firewall, which fraudsters may then counter with more sophisticated botnet and replay attacks. So, you’ll also need a bot mitigation solution and multi-factor authentication to counter those attack methods. Tools such as automation detection, account validity checks, and transaction verifications can help stop fraud attempts in deeper security layers. Overall, your security approach should disrupt fraud lifecycles and increase friction to make the “cost to hack” too high for a bad actor.

Given the constant evolution of fraudsters’ attack methods, your security approach should exist on a continuum and change with the trends. Protection is not a one-time purchase — it’s a constantly evolving puzzle. But by staying vigilant and on top of your security strategy, you can pivot before fraudsters inflict irreversible damage.

Establish value with proactive protection

When times are good and your business isn’t seemingly experiencing attacks (extremely rare, I know), it can be difficult to get universal buy-in on necessary security tools from fellow leaders. But just because you haven’t detected weaknesses or attack patterns doesn’t mean bad actors aren’t at work behind the scenes. When you demonstrate the impact of unseen problems like illegitimate product performance and technology costs from new account fraud, you build the case for why it’s critical to address problems before they arise. In the end, your bottom line may depend on it.

To learn more about this topic, listen to our podcast.

Tags: authorization, conversion, dark web, fraud costs, fraud losses, operational costs
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Reddit
  • Share by Mail
https://nudatasecurity.com/wp-content/uploads/2021/02/iStock-1199033121.jpg 810 1296 NuData https://nudatasecurity.com/wp-content/uploads/2017/12/Nudata_logo-300x112.png NuData2021-02-01 08:08:452021-12-06 13:10:40The not-so-obvious cost of fraud to your company’s bottom line

More Like This

business-shaking-hands-bank

Here’s how NuData helped one bank improve user experience without compromising security

July 21, 2022
Does effective security have to come at the cost of user experience? Here’s how behavioral biometrics improves both.
https://nudatasecurity.com/wp-content/uploads/2022/07/iStock-business-shaking-hands.jpg 1414 2121 NuData https://nudatasecurity.com/wp-content/uploads/2017/12/Nudata_logo-300x112.png NuData2022-07-21 09:43:202022-07-21 09:43:20Here’s how NuData helped one bank improve user experience without compromising security

3 key takeaways from our Consumer and Risk Trends Report

June 29, 2022
How can businesses improve cybersecurity efforts in 2022? By understanding the tactics fraudsters use most.
https://nudatasecurity.com/wp-content/uploads/2022/06/Groupwork-team.jpg 1414 2120 NuData https://nudatasecurity.com/wp-content/uploads/2017/12/Nudata_logo-300x112.png NuData2022-06-29 14:48:342022-07-11 08:05:243 key takeaways from our Consumer and Risk Trends Report
Sinking-Piggy-Bank-Image

How much do fraudsters invest to take down your company?

June 14, 2022
Over our past few blogs, we’ve explored how device intelligence and behavioral analytics stop fraud in its tracks. But what type of fraud are we talking about, exactly?
https://nudatasecurity.com/wp-content/uploads/2022/06/Sinking-Piggy-Bank-Image.jpg 1414 2121 NuData https://nudatasecurity.com/wp-content/uploads/2017/12/Nudata_logo-300x112.png NuData2022-06-14 14:53:522022-06-14 14:53:52How much do fraudsters invest to take down your company?
22 Jul

Read here: The proof is in the pudding. Here’s how …

20 Jul

Read here: More fraud means stricter fraud protection measures, right? …

20 Jul

Read here: Start Something #Priceless @SU2C @MLB #AllStarGame 2

20 Jul

Read here: Whose watching the @MLB All-Star Game tonight? @MastercardNews …

18 Jul

Read here: Is your #cybersecurity strategy airtight, or could something …

Solutions

  • Solutions
  • NuDetect for Account Takeover
  • NuDetect for Good User Validation
  • NuDetect for Continuous Validation

Company

  • Company
  • News
  • Press Releases
  • Events
  • Awards & Accolades
  • Partners
  • Careers

Use Cases

  • Use Cases
  • Account Takeover
  • Good User Validation
  • Automated Attacks
  • New Account Fraud
  • Loyalty Fraud
  • Success Stories

Industries

  • Industries
  • Banking & Financial
  • eCommerce
  • Digital Goods

Resources

  • Resources
  • Articles
  • Blog
  • Brochures & Datasheets
  • Infographics
  • Videos
  • Webinars

Contact us

Still have questions?

Call: +1 (604) 800-3711
Twitter Linkedin Newsletter Youtube
© Mastercard Technologies Canada ULC 2022 - Terms of Service - Privacy Policy
Scroll to top