Plaintext: Fighting Online Payment Fraud
Welcome to Dark Reading in Plaintext, where each day we bring you insights around one topic important to cybersecurity professionals. Today, we talk about online payment fraud and steps organizations can take to minimize fraudulent transactions. Enjoying the newsletter? Share with a friend!
Fraud is Expensive. Also on the Rise.
Payment fraud – when someone makes an illegal transaction -- is the type of fraud most people are familiar with. Examples include transferring funds from a legitimate (victim) bank account to a fraudulent account controlled by the fraudster, social engineering the victim into wiring funds or sending cash to the scammer, and stealing information about the payment account and monetizing that information.
Online payment fraud is expected to cost $343 billion over the next five years, according to Juniper Research.
According to accounting firm Crowe, overall fraud costs the global economy in excess of $5 trillion per year, and payment fraud makes up a significant portion of this category. In?KPMG's survey of senior risk executives earlier this year, 67% said their companies have experienced external fraud – which includes credit card fraud and identity theft -- in the past 12 months, and 38% expected the risk of fraud committed by external perpetrators to somewhat increase in the next year. There was a financial impact for most of these executives: 42% said their organizations experienced 0.5% to 1% of loss as a result of fraud and cybercrime. [Read more Fraud is on the Rise, and It's Going to Get Worse]
More consumers taking a "digital-first approach to everything from shopping, dating, and investing" makes fraud even more attractive to criminals, Experian said in its annual Future of Fraud Forecast earlier this year. One area that fraud is growing is in the buy now, pay later (BNPL) space — where customers make a purchase and receive it immediately but pay for it at a later time, usually over a series of installments.
BNPL Fraud is Growing. Retailers like BNPL because letting shoppers buy something when they otherwise would not be able to creates a larger group of potential buyers. BNPL provides criminals with new avenues for fraud, such as creating illegitimate accounts to cash out, using stolen identities in financial transactions, and intercepting credentials to take over existing accounts and conduct fraudulent transactions. Retailers and BNPL platform providers need to harness the data they have to spot fraudulent transactions. [Read more at How Retailers Can Address ‘Buy Now, Pay Later’ Fraud]
It’s not just BNPL platforms that are under attack, though. Real-time payment services like The Clearing House and Zelle are also popular among criminals because of how quickly transactions get cleared. "The instant or near-instant nature of RTP means that in many cases, when money is removed from an account, it's going to be very difficult to get it back," said Richard Henderson, the former head of global threat intelligence at Lastline.
"The rapid clearing of payments mean that banks are really going to have to shoulder the risk burden when it comes to protecting customers when the worst happens and a kind, retired lady gets hoodwinked out of tens of thousands of dollars."
--Richard Henderson, formerly of Lastline
Beware of FaaS. Fraud-as-a-service takes several forms, all with the goal of making it easier for both experienced and novice criminals to commit fraud, writes Bruno Farinelli, fraud analytics manager at ClearSale. Fraud service providers now offer bot networks capable of launching large-scale fraud campaigns against websites and to phish victims. They also offer OTP (one-time password) bot services to phish victims for their one-time passwords for financial institutions and other accounts. Merchants should include the following elements into their anti-fraud programs: limiting data entry attempts and velocity; screening every order; running batch analyses to detect fraud at scale; avoiding automatic declines; and manually reviewing potentially fraudulent transactions. [Read more How Can Your Business Defend Itself Against Fraud as a Service?]
领英推荐
Rise of Synthetic Identity Fraud. The Federal Reserve defines synthetic identity fraud as a fraud attack in which cybercriminals combine real information with fabricated information, such as addresses, dates of birth, or names to build a fake identity that can be used to make purchases. Synthetic identity fraud cost US banks and financial institutions $20 billion in losses in 2020, compared with just $6 billion in 2016, according to FiVerity’s 2021 Synthetic Identity Fraud Report. [Read more How Criminals Are Using Synthetic Identities for Fraud]
Fraud Red Flags. Security teams should look for a high volume of transactions coming from a device within a short period of time, says Kimberly Sutherland, vice president of fraud and identity strategy at LexisNexis Risk Solutions. If one device is attempting a transaction multiple times, perhaps thousands of times per second, it’s likely an attack, Sutherland says. [Read more Security Lessons from a Payment Fraud Attack]
Headlines on Tap
Subscribe to get the latest headlines delivered to you each morning with Dark Reading Daily.
On That Note
A issue of Plaintext a few weeks ago looking into favorite hacker movies. There are some TV shows and movies that do a great job depicting the world of cybersecurity, and some that … do not. In the second edition of Seen and Heard, Mandiant’s Chris Sistrunk and Decipher’s Dennis Fisher discusses the various ways popular entertainment depicts hacking and how they shape mainstream perceptions of the industry. Tune in this Thursday, July 14 on LinkedIn Live.
Source: Ethan Hu via Unsplash.com
Founder & CEO, Group 8 Security Solutions Inc. DBA Machine Learning Intelligence
6 个月Your post is valued, thanks!
PM/CM Executive (Emeritus)
2 年It is unusual for a website to require registration simply to view staff bios. It seems to me that that information is antecedent to deciding to register. Just my opinion of course. https://www.darkreading.com/about-us
Selling, buying or franchising a business requires the expertise of a 43-year old company with offices in the US and worldwide. sellmychattanoogabusiness.com
2 年Great read!
Bluelanevision The vibe and the wave out here living for better day today
2 年I'm going through that now?
Student at Dharma Realm Buddhist University
2 年But your my associates in the business I'm associates with my color friend I'm leading to a say I'm ask them if the wants to associates with me I'm some stores and my team associates in deals Toyota