Adding Value by Mitigating Risks in E-commerce

How can security add value to e-commerce fraudulent activity mitigation?

Brian Fuller; Director of Operations, Ridge College; Mercyhurst University ( Brian Fuller Jr. )

It is estimated that over 2 billion people worldwide buy goods and services online. The e-commerce environment is rife with security risks for businesses and customers operating within it.?Without a strong security operations center with the expertise and focus on taking a proactive approach to mitigate and deter fraudulent e-commerce practices, e-commerce users will consistently be targeted and find themselves in a reactive state of trying to conduct damage control, resulting in revenue loss, brand damage, and loss of customer confidence.?The most successful companies in reducing these risks will be the ones who have or develop a strong cyber or digital Security Operations Center.

Security Operations Centers should be tasked and equipped with risk analysts and cyber threat analysts conducting research and collection on the tactics, techniques, and procedures (TTPs) utilized in targeting their company’s e-commerce operations. Identifying the risks before they occur can provide your cyber security professionals the ability to help mitigate or prevent e-commerce fraudulent activities for both the company and the customer. This, in turn, will reduce revenue loss, brand risk, and customer lawsuits. These security operations should also include conducting Open-Source Intelligence and Cyber exploitation activities to identify fraudsters for legal action, which can be challenging without the expertise of security professionals.?

There is no central database for housing data or information regarding the threats, TTPs, or identifiable information on fraudsters or criminal networks.?What does Company X do with the information they have uncovered that could be useful to Company Y??How is this valuable security information shared across an industry or e-commerce environment??This type of security information sharing is crucial to de-stabilizing e-commerce fraudulent activities.

Joseph Parker; Sr. Director, Global Security Division; Abbott

A security plan can be developed for all the ecommerce platforms where illicit trade or false advertising campaigns can occur: marketplace platforms, websites/domains, social media platforms, application provider platforms, and search engines.

All these ecommerce platforms need to be scraped on a routine, ongoing basis. Create filters to look for products by name, by packaging, by description, items listed as expired, not for retail sale, institutional use only, depending on your product category. Look for cheap prices and large inventories and load in the lot numbers of stolen products.

The Security Department can lead or participate in the following ecommerce strategic priorities and success measures in the following ways:

Brand Protection

• Investigating and removing illicit products that pose a risk to consumers.
• Targeting counterfeit and diversion activity related to your products.
• Working with stakeholders to create a total business solution and approach to protect the brand effectively and efficiently.

Consumer Trust

• Identifying and acting on instances of impersonation and/or fraud related to your brands/products, particularly via domain infringement and social media impersonation.
• Addressing and removing illicit products that are not safe and do not meet regulatory/quality control requirements to ensure consumer safety.
• Protecting consumers from malicious apps, websites, and phishing schemes designed to expose and steal PII to be used to further other criminal activity.

Supply Chain Channels

• Ensuring that security language is in place in contracts involving your third-party manufacturers, distributors, logistics, and warehouse providers.
• Reviewing third-party seller activity on ecommerce platforms and enforcing against inappropriate activity where your products are involved.
• Monitoring use of domains and social media pages by third parties used to move illicit products.
• Conducting undercover buys of nefarious products to establish the break in the supply chain and to build cases towards enforcement action with authorities.

Revenue/Market Share

• Disrupting infringement activity on business-to-consumer platforms that reduce visibility of your company’s genuine products.
• Recording removed products’ volume and price to calculate the cost avoidance security efforts were responsible for.
• Logging the volume and value of seized items from raid actions initiated from investigative measures.

Security’s work in mitigating fraud and illicit trade involving company products provides both tangible and intangible returns. It helps reduce the sale of illicit products that pose health and safety concerns, resulting in increased brand trust, genuine sales and genuine website traffic.

Security Leader Insight is a new LinkedIn exclusive column from The Security Executive Council. Follow us at Security Executive Council for more insights from our Tier 1 leaders and subject matter experts.