'Net Features : online security

'Tis the Season for Cyber Fraud Screening

Linc Wonham — Fri, 18 Nov 2011 18:30:00 GMT

With an increased volume of online transactions during the holidays, retailers have less time for manual screening and review of transactions – whether they are coming from a laptop, desktop computer, tablet or smartphone. It makes automated fraud screening vital during this high-volume period.

Fraud-prevention platform ThreatMetrix has identified the following fraud threats to especially consider this time of year:

1. Mobile-device spoofing – Merchants are put at increased risk with mobile transactions simply because it’s more user-friendly for fraudsters. Today, most fraud coming from the mobile channel actually originates elsewhere; the device acts like a mobile device.

2. Use of botnets and malware – This is a prominent concern on both traditional desktop and laptop computers, as well as mobile devices, as malware can steal passwords and payment account information. On top of that, many of today’s consumers fail to install appropriate fraud-prevention software on their mobile devices, according to Faulkner. Analyzing anomalous behavior and checking third-party IP reputation can help detect malware.

3. Cookie-wiping – Merchants could previously track repeat visitors through cookies, yet many of today’s consumers and fraudsters remove cookies by using add-ons and private browsing modes. This makes it difficult to recognize suspicious repeat visitors and identify returning good customers; cookieless device identification is more important than ever.

4. IP address cloaking – It has also become easier for fraudsters to spoof or mask IP addresses today. This makes it harder for merchants to know the “true” IP of the visitor and distinguish the good transactions from the bad. Identifying proxied visitors is crucial; this can be done by inspecting HTTP headers, maintaining a blacklist of known proxy sites, dynamically detecting proxied requests and piercing the proxy with a callback request.

5. Use of Virtual Private Networks (VPNs) – VPNs use separate software on the originating device to place it on a different network, showing that traffic is originating from a different address than its true network. To identify fraudsters who are using VPNs, it’s important to monitor time zone and language settings, as well as global anomalies.

For more information about these holiday-season threats, and tactics to defeat fraudsters during this peak transaction period, check out ThreatMetrix videos The Mobile Fraud Threat, Malware and Mobile: How Big of a Threat is It?, and Top Three Tactics to Consider for Mobile Fraud Detection.

Don’t Let a DDoS Attack Hijack the Holidays

Linc Wonham — Tue, 01 Nov 2011 19:30:00 GMT

Even though Halloween has passed, the next eight weeks can be a particularly scary time for all online businesses but especially retailers. E-Commerce companies are particularly susceptible to Distributed Denial of Service (DDoS) attacks during the fourth-quarter holiday season, as attackers like to cause the most chaos and make the largest possible financial impact.

Because a significant percentage of most retailers' annual revenues are made in the fourth quarter, a serious DDoS attack can be financially devastating.

“Last year we saw attack durations spike in the last three weeks of the year,” says Neal Quinn, vice president of operations at Prolexic Technologies, a leader in DDoS protection services. “Our data shows that the two highest average attack duration figures for the entire year – six days and almost eight days – were recorded during the last two weeks of the year. Typically, we see average attack duration of one to three days, so with longer attacks you can expect more downtime and more financial impact.”

To raise awareness of the increased potential for attack, Prolexic has launched a marketing campaign that suggests retailers put DDoS protection in place or re-evaluate the protection they already have, as it may not be sufficient to stop increasingly large and complex attacks.

“Many e-commerce firms obtain DDoS protection from their ISP, hosting provider or content delivery network,” says Michael E. Donner, chief marketing officer at Prolexic. “What many companies fail to realize is that against the more complex Layer 7 and SSL attacks that target Web applications, these mitigation services consistently fail to work. The campaign raises awareness of this little-known fact.”

The campaign is supported by a number of marketing assets that are available for download. In addition to two new white papers, “’Tis the Season – for DDoS Attacks” and “The Executive’s Guide to DDoS”, a case study on SpaFinder.com, a global online resource for spa and wellness services and products, is also available. Despite having DDoS mitigation services in place from its hosting company, the SpaFinder.com site was taken offline by a Layer 7 DDoS attack over the summer before Prolexic stepped in to mitigate the attack.

Five Important Trends for Every Business in 2011

Mike Phillips — Thu, 30 Dec 2010 19:00:00 GMT

As 2010 draws to a close, it’s time to turn our attention to another year. Another decade, actually, that will bring new challenges and new opportunities. Here are five important trends you can expect to see in 2011 and a few ideas to get you started on the right foot. Happy New Year.

Security. Consumers are worried about online security, and for good reason. Increasingly, security is an issue not just on our own websites but wherever our brands can be found on the Web. As we increase visibility across properties – mobile, Facebook and Twitter, online forums, location-based apps like Foursquare – and encourage our users to share information with us on those sites, we increase the risk of losing control over sensitive data.

McAfee reports that mobile will be a big target for cyber criminals in 2011. The increase in usage, combined with “historically fragile cellular infrastructure and slow strides toward encryption”, will put user data on mobile phones at high risk for an attack. McAfee Labs says that Google’s Android, Apple’s iPhone, Foursquare, Google TV and the Mac OS X platform, are all expected to be targets in the New Year. Also reported is that URL-shortening services will be a significant target in 2011.

Take these threats seriously and make security – both for users and internally – a top priority. Also, make sure your users know that their safety is a top concern. Make privacy policies and security measures easy to locate on your website.

Mobile. I think it’s safe to say that “the year of mobile” was finally realized in 2010. And it won’t slow down in 2011. Every business must have a mobile strategy in 2011, no matter how small it might seem. That could range from a mobile-friendly website or mobile app to simply advertising on mobile devices for lead generation or SMS campaigns.

But use caution – not every mobile strategy will work for every business. Mobile apps are expensive to produce and maintain and should be developed only when research has been done and you can really bring something useful to the table.

Understand your mobile audience. For example, a recent article by Kathryn Koegel states, “Who knew that the BlackBerry Curve and Pearl are hot phones among girl teens? Kind of counterintuitive, but when you realize that their parents are on BlackBerries, BlackBerry gave them a sweet deal to add on to their own plans and those girls, they do like to text on buttons...”

Digital Couponing. One of the biggest stories of the year was Groupon turning down Google’s $6 billion buyout offer. Groupon is officially the Internet’s fastest growing company in history, but online couponing is not limited to Groupon; not in any sense. Local newspapers are in on the action and even very small websites are pairing up with local businesses to offer targeted coupons to their users. Get in.

Of course, nobody wants to give away the store. The good news is that you don’t have to. While the current environment has trained consumers to expect a deal on almost anything, that “anything” is flexible. Think about coupons as an upsell more than a discount. Offer add-ins when spending thresholds are met, for example. Whatever your strategy, these coupons are here to stay for the foreseeable future and it’s important that your customers feel they are getting in on the deal.

Search Remains Universal. Of all the headline-grabbing material in 2010, search was not one of them. However, search is still a major factor of every online business. Take a look at any website, and you’ll find a search bar – even Facebook and Twitter have prominent search bars at the top of their pages.

Google still rules search but understand that search happens everywhere and for different reasons. That means optimizing for search on different formats and for different keywords, depending on the venue. A mobile search, for example, could lean toward location (the nearest coffee shop – for which you would optimize using location keywords and parameters) while a desktop search might be for product images. Social search will increase in relevancy for users, meaning that your social graph – your connections to consumers and other businesses, and the information you share and publish on these networks – will become a form of SEO in its own right. Stay relevant.

Expanding Business Models. Finally, think beyond your current business offerings for 2011. The online business world is more competitive than ever. Very few businesses can thrive with the same model or the same product year after year – especially pure-play online businesses.

One of the great advantages of doing business on the Web is its speed and flexibility. As quickly as an idea arrives it can be placed and promoted on the Web. And just as quickly, websites can be shut down or sold. Ideally, you would like to open new opportunities related to your current business. Think value-added for your current customers. But don’t be afraid to develop something completely outside the box – that’s why microsites exist.