Page 10 - GS161102
P. 10

News

Holiday season brings                                             Top industries, retailers targeted
tidings of CNP fraud
                                                                  Security experts are especially concerned for big-box
S hoppers, retailers and cybercriminals no longer                 retailers, which they claim will be primary targets
              wait for Black Friday and Cyber Monday to get       throughout the holiday shopping season and immediately
              into the holiday spirit. Security analysts saw a    thereafter. There could be as many as 50 million attacks
              spike in legitimate and fraudulent retail transac-  to ecommerce sites in the peak shopping week alone, they
tions throughout the third quarter of 2016, a traditionally       warned.
quiet period. Felonious attacks are becoming more frequent
and sophisticated, experts warned. Chief among their con-         ThreatMetrix has been stopping an average of one
cerns is the use of artificial intelligence and social engineer-  fraudulent new account creation every 10 seconds and sees a
ing to mimic legitimate customers.                                widespread use of stolen identity credentials. Pandey called
                                                                  these attacks "multifaceted, global and ever-evolving," as
"The challenge for businesses is that if fraudsters behave        criminals strive to steal, validate and sell stolen identities.
more and more like genuine customers, and automated               Increasing crime levels necessitate staying a step ahead
bot attacks are testing identity credentials on a mass            "with innovative approaches that derail fraudsters and
scale, what hope is there of detecting the genuine good           strike the right balance between protecting businesses and
transactions from the sea of bad ones?" wrote Alisdair            minimizing friction for users."
Faulkner, Chief Products Officer at ThreatMetrix. The
ThreatMetrix Cybercrime Report: Q3 2016, published Nov. 1,        Srinivasan added that many retailers hire temporary
2016, found a 40 percent increase in card-not-present (CNP)       workers to help manage shipments, returns and inquiries.
crime between July and September 2016, compared with              Merchants need to combine preventive tools and strategies
the same period in 2015. The analysis was based on close          with human oversight to protect against fraud, and
to 5 billion transactions and 130 million blocked intrusions,     information technology departments need to plan for
the company noted.                                                excessive network traffic, she stated.

Cybercriminals have graduated from brute attacks to               Following are at-risk categories cited in the ThreatMetrix
more advanced, nuanced methodologies, according to                report:
Vanita Pandey, Vice President of Strategy and Product
Marketing at ThreatMetrix. "Attacks have evolved from                 •	 E-commerce: Bot attacks are growing in proportion
being one-dimensional with a singular purpose to being                    to digital ecommerce transactions. Attacks on logins
a Frankenstein's monster of attack vectors, using bots,                   and payment transactions grew 30 percent and 70
social engineering and remote access stealth in various                   percent, respectively, in 2016.
combinations," she said.
                                                                      •	 Financial services: Online financial services transac-
Physical, virtual fraud                                                   tions continue to be driven by mobile usage. Login
                                                                          attacks in fintech increased due to a large bot attack
"True fraud exponentially rises during the holiday season,"               on an e-lender.
said Srii Srinivasan, co-founder and Chief Executive
Officer of ChargebackGurus. "Many criminals hack into                 •	 Digital media/social networks: Fraudsters are test-
retail networks earlier in the year, planning attacks well in             ing stolen credentials on sites with modest signup
advance of peak retail season. Some of their most insidious               and authentication requirements. Attacks on new ac-
strategies involve mimicking legitimate customers."                       count creations increased by almost 400 percent com-
                                                                          pared with the third quarter of 2015.
Pandey and Srinivasan urged retailers to plan ahead
for high-volume transactions and implement real-time                  •	 Cross-border transactions: Representing one in five
detection strategies. "Fraud prevention is no longer simply               transactions in the digital network, these transac-
about timely detection but about getting under the skin                   tions are considered riskier than domestic transac-
of evolving attack patterns to better thwart the rise of                  tions and rejected twice as often.
cybercrime," Pandey said. Srinivasan cited a number of
reasons for increased chargebacks around the holidays.            Changing consumer, fraudster behavior
"Fulfillment centers may ship the wrong product or
duplicate an order, and there is more physical theft during       Mobile and in-app payments have created a new frontier
holiday season, because thieves know high ticket items are        for fraudsters, according to the ThreatMetrix study. "As
being ordered," she said.                                         digital transactions have grown, so have the attacks," the
                                                                  authors wrote. "This quarter saw the highest number of
                                                                  attacks on ecommerce with more than 76 million blocked
                                                                  transactions, a 60 percent increase over 2015." Fraudsters
                                                                  are targeting mobile and online accounts where consumer
                                                                  credentials are stored, the authors noted. They expect these
                                                                  login attacks to continue through the 2016 holiday season as

10
   5   6   7   8   9   10   11   12   13   14   15