Page 19 - GS190701
P. 19
Viiews
The 2019 CNP Expo Shifting fraud landscape
have gotten better at fraud detection and are now focused
By Brandes Elitch Today, fraud is moving to the account level. Some retailers
CrossCheck Inc. on false declines and improving revenue. I counted nine
areas of concentration at the event. Those working in this
n May of this year, I attended the CNP Expo in San space need to be familiar with all of them:
Francisco, and I will state flat out that this event 1. 3-D secure/consumer authentication
should be mandatory attendance for every mer- 2. Chargeback management
I chant with a significant online presence, as well
as for payment professionals responsible for safeguard- 3. Data security services
ing card-not-present (CNP) transaction data. That's a 4. Device identification and or behavioral biometrics
bold statement, but don't take my word for it. Postpone
finishing this article, if you like, and go to the Online 5. Fraud case management tools
FraudCast podcast hosted by anti-cybercrime experts 6. Identity documentation authentication
Karisse Hendrick and Brett Johnson. I recommend these 7. International payment processing/PSPS
three podcast episodes:
• "Live from CNP Expo" (recorded during CNP Expo's 8. Logistics and/or call center support, including
fraud-prevention services specific to call centers
opening keynote presentation)
• "Merchants are from Mars, vendors are from Venus" 9. Managed fraud services
• "The 'C'-word for online merchants: Chargebacks." Serious fraud-management professionals could easily
spend the better part of the day just speaking with vendors
Relentless, pernicious attacks of these products and services.
The current headlines about fraud will be no surprise.
Here are some examples: Expo planners put significant thought into the sessions
offered at the Expo, too. Several topics that resonated
• "E-commerce skimming attacks evolve into iFrame with me are: What is the true cost of fraud to your
injection" business? (benchmarking survey); Fake is the new fraud;
• "Since 2016, over 4,000 ransomware attacks have Partnerships R Us: What is a fraud strategist and what
taken place daily, or about 1.5 million a year, do we do?; Compelling evidence: the key to winning
according to the Department of Homeland Security" first-party chargebacks; Managing your own career in
• "Server software poses soft target for ransomware" payments and fraud; You've got to be shipping me (re-
routes and re-shipping, and did-not-receive claims); and
• "Firmware bug in CCTV software may have given Know your frenemy" (fighting friendly fraud).
POS hackers a foothold"
• "Attacks from rogue mobile apps jump 300%, and AI, behavioral biometrics and machine learning will
CNP fraud continues to boom, RSA finds" play a greater role in this sphere as time goes by, but
right now, there is an organized body of knowledge that
You get the idea. One of the most pernicious types of fraud professionals and those tasked with safeguarding
assault is the Magecart "digital skimmer" attack. Fraudsters sensitive data need to master. That is what this annual
target Magento ecommerce software and plant malicious show is all about. It is desperately needed, too, and not
code inside the victims' websites. As one expert said, "It just because of data theft, but also for false declines and
really shows that any ecommerce site is fair game" for an loss of revenue.
attacker. If you are selling in ecommerce ‒ and who isn't?
‒ this means you. The most common attack is account takeover (ATO).
Thieves steal legitimate payment credentials via data
CardNotPresent.com was founded by Casco Media Corp. breaches or phishing. Then they use bots to verify user
in 2011, an online publication that subsequently founded credentials and identify which ecommerce stores their
the CNP Expo, an annual conference that launched in victims use (this is called "credential stuffing"). Next, the
2012. In 2015, the organization and its expo were acquired thieves sell the credentials to other fraudsters on the Dark
by Reed Exhibitions, a member of RELX Group. Web or commit ATOs themselves. When merchants think
about this, they quickly come to the realization that they
CNP's focus is on ecommerce fraud prevention and global need help, and that's what is available in abundance at the
payment acceptance. The show has achieved maturity, Expo.
with approximately 500 attendees, more than 50 hours Takeaways from the show
of educational offerings, and about 40 fraud-prevention
providers and payment processing vendors in the Here are some take-home points I want to share with
tradeshow exhibit area. readers of The Green Sheet:
19
