http://www.websitemagazine.com/content/blogs/posts/archive/tags/cyber+fraud/default.aspxTags: cyber fraudenCommunityServer 2008 SP2 (Build: 31104.93)http://www.websitemagazine.com/content/blogs/posts/archive/2011/11/18/tis-the-season-for-cyber-fraud-threats.aspxFri, 18 Nov 2011 18:30:00 GMT1e469e21-c924-44fa-a132-47b5d0a8ad47:18172Linc Wonham0http://www.websitemagazine.com/content/blogs/posts/rsscomments.aspx?PostID=18172http://www.websitemagazine.com/content/blogs/posts/archive/2011/11/18/tis-the-season-for-cyber-fraud-threats.aspx#comments<hr /> <p><img src="http://www.websitemagazine.com/images/blog/cyberfraud-mini.gif" style="float:left;margin:10px;" height="75" width="75" alt="" />With an increased volume of online transactions during the holidays, retailers have less time for manual screening and review of transactions &ndash; whether they are coming from a laptop, desktop computer, tablet or smartphone. It makes automated fraud screening vital during this high-volume period.</p> <p><i>Fraud-prevention platform ThreatMetrix has identified the following fraud threats to especially consider this time of year:</i></p> <p>1.&nbsp;&nbsp;&nbsp; <b>Mobile-device spoofing</b> &ndash; Merchants are put at increased risk with mobile transactions simply because it&rsquo;s more user-friendly for fraudsters. Today, most fraud coming from the mobile channel actually originates elsewhere; the device acts like a mobile device.</p> <p>2.&nbsp;&nbsp;&nbsp; <b>Use of botnets and malware</b> &ndash; This is a prominent concern on both traditional desktop and laptop computers, as well as mobile devices, as malware can steal passwords and payment account information. On top of that, many of today&rsquo;s consumers fail to install appropriate fraud-prevention software on their mobile devices, according to Faulkner. Analyzing anomalous behavior and checking third-party IP reputation can help detect malware.</p> <p>3.&nbsp;&nbsp;&nbsp; <b>Cookie-wiping</b> &ndash; Merchants could previously track repeat visitors through cookies, yet many of today&rsquo;s consumers and fraudsters remove cookies by using add-ons and private browsing modes. This makes it difficult to recognize suspicious repeat visitors and identify returning good customers; cookieless device identification is more important than ever.</p> <p>4.&nbsp;&nbsp;&nbsp; <b>IP address cloaking</b> &ndash; It has also become easier for fraudsters to spoof or mask IP addresses today. This makes it harder for merchants to know the &ldquo;true&rdquo; IP of the visitor and distinguish the good transactions from the bad. Identifying proxied visitors is crucial; this can be done by inspecting HTTP headers, maintaining a blacklist of known proxy sites, dynamically detecting proxied requests and piercing the proxy with a callback request.</p> <p>5.&nbsp;&nbsp;&nbsp; <b>Use of Virtual Private Networks (VPNs)</b> &ndash; VPNs use separate software on the originating device to place it on a different network, showing that traffic is originating from a different address than its true network. To identify fraudsters who are using VPNs, it&rsquo;s important to monitor time zone and language settings, as well as global anomalies.<br /><br />For more information about these holiday-season threats, and tactics to defeat fraudsters during this peak transaction period, check out ThreatMetrix videos <a target="_blank" href="http://vimeo.com/31861495"><b>The Mobile Fraud Threat</b></a>, <a target="_blank" href="http://vimeo.com/31558915"><b>Malware and Mobile: How Big of a Threat is It?</b></a>, and <a target="_blank" href="http://vimeo.com/31559669"><b>Top Three Tactics to Consider for Mobile Fraud Detection</b></a>.</p> <div style="clear:both;"></div><img src="http://www.websitemagazine.com/content/aggbug.aspx?PostID=18172" width="1" height="1">ecommerceonline securitythreatmetrixcyber fraud