'Net Features : threatmetrix

Site Security for the Holidays

Allison Howen — Wed, 21 Nov 2012 15:30:00 GMT

E-commerce retailers need to prepare their websites for not only an increase in traffic and conversions this holiday season, but also for online fraudsters.

While retailers should always watch out for cybersecurity threats during the holiday season, the growing usage of mobile makes this more important than ever before. This is because the number of transactions that originate from a mobile device has been on an uptick, and retailers who don’t have a system in place to manually accept or reject suspicious transactions increase the risk of fraud.

“Mobile consumers typically store their credit card information in retail accounts, rather than entering the information during each transaction, making online retail account takeovers more profitable, and therefore, more attractive to fraudsters,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “During the holiday season in particular, consumers find it much more convenient to keep credit card information stored online as they make such a high volume of purchases. This is especially risky if consumers use the same email address and password for several websites – doing so initiates a trail of destruction that is equivalent to unlocking every door in the house, easily allowing criminals to hack numerous accounts at once.”

According to cybercrime prevention solutions provider ThreatMetrix, account takeover is among the biggest security threats attributed to the rising usage of mobile. This is because many retailers don’t have a mobile security strategy set in place and are not equipped to efficiently secure a large volume of mobile transactions during Black Friday and Cyber Monday, which could make consumers’ account and credit card credentials vulnerable. Furthermore, retailers should watch out for “clean fraud,” which often passes security screens and appears to be a legitimate transaction, but is really a fraudster who is hiding behind a virtual private network (VPN) – making it difficult for retailers to identify authentic transactions.

“Cybersecurity should be a top priority for retailers this Black Friday, Cyber Monday and the rest of the holiday season,” said Faulkner. “Especially with so many consumers traveling at this time, retailers need to put forth extra effort to assure transactions are originating from authentic networks. The last thing retailers and consumers want is to wake up on Black Friday with a ‘turkey hangover’ and a compromised credit card.”

'Tis the Season for Cyber Fraud Screening

Linc Wonham — Fri, 18 Nov 2011 18:30:00 GMT

With an increased volume of online transactions during the holidays, retailers have less time for manual screening and review of transactions – whether they are coming from a laptop, desktop computer, tablet or smartphone. It makes automated fraud screening vital during this high-volume period.

Fraud-prevention platform ThreatMetrix has identified the following fraud threats to especially consider this time of year:

1. Mobile-device spoofing – Merchants are put at increased risk with mobile transactions simply because it’s more user-friendly for fraudsters. Today, most fraud coming from the mobile channel actually originates elsewhere; the device acts like a mobile device.

2. Use of botnets and malware – This is a prominent concern on both traditional desktop and laptop computers, as well as mobile devices, as malware can steal passwords and payment account information. On top of that, many of today’s consumers fail to install appropriate fraud-prevention software on their mobile devices, according to Faulkner. Analyzing anomalous behavior and checking third-party IP reputation can help detect malware.

3. Cookie-wiping – Merchants could previously track repeat visitors through cookies, yet many of today’s consumers and fraudsters remove cookies by using add-ons and private browsing modes. This makes it difficult to recognize suspicious repeat visitors and identify returning good customers; cookieless device identification is more important than ever.

4. IP address cloaking – It has also become easier for fraudsters to spoof or mask IP addresses today. This makes it harder for merchants to know the “true” IP of the visitor and distinguish the good transactions from the bad. Identifying proxied visitors is crucial; this can be done by inspecting HTTP headers, maintaining a blacklist of known proxy sites, dynamically detecting proxied requests and piercing the proxy with a callback request.

5. Use of Virtual Private Networks (VPNs) – VPNs use separate software on the originating device to place it on a different network, showing that traffic is originating from a different address than its true network. To identify fraudsters who are using VPNs, it’s important to monitor time zone and language settings, as well as global anomalies.

For more information about these holiday-season threats, and tactics to defeat fraudsters during this peak transaction period, check out ThreatMetrix videos The Mobile Fraud Threat, Malware and Mobile: How Big of a Threat is It?, and Top Three Tactics to Consider for Mobile Fraud Detection.

Survey Reveals Online Fraud Concerns

Allison Howen — Wed, 21 Sep 2011 15:30:00 GMT

According to a new survey, one-third of consumers claim that they will make more purchases online than in stores this holiday shopping season, but many are wary of online fraud.

The “Mobile Payments and Online Shopping Survey of U.S. Consumers” was conducted by ThreatMetrix, a provider of cloud-based fraud prevention solutions, and The Ponemon Institute, an independent research company. According to the survey, 53 percent of consumers have some concerns about online fraud, while 26 percent have serious concerns about it. Additionally, 43 percent claim that they have been a victim of online fraud.

With more avenues such as mobile and tablets through which consumers can shop online this year, merchants must make sure their sites are secure in every aspect.

“While consumers continue to show a preference for the convenience of shopping and browsing online, their concerns about becoming a victim of online fraud is also growing,” says Bert Rankin, vice president of marketing, ThreatMetrix. “With mobile thrown into the shopping mix, which is even more apparent this year, consumers and retailers alike need to be well equipped against fraudsters in every possible channel.”

Shockingly, nearly one in three consumers believe that fraud is less likely to happen on a smartphone or tablet than on a desktop or laptop. Additionally, even more of the “elite” respondents, at 39 percent, think that fraud is less likely on a smartphone or tablet. Elite respondents are defined as consumers that are extremely active users of the Internet.

But should consumers have this sense of security when it comes to mobile and tablets? According to senior fraud and risk analyst from Aite Group, Julie Conroy McNelley, malware is a big business that is growing rapidly. Furthermore, online transactions go two ways. Although a consumer may think they are taking precautions, the merchant that they are purchasing from must also be taking precautions to secure private information.

“Mobile, in particular, is difficult to protect from fraud,” says McNelley. “With around 4,000 different device types to secure, it’s often a daunting task. On top of that, few consumers are using anti-virus or anti-spyware software on their mobile devices. Mobile, just like more traditional e-commerce transactions from a desktop, has the potential to become a hotbed for fraud.”

So how can merchants ease their customers’ fraud fears before Cyber Monday? Aside from making sure their site is as secure as possible, 84 percent of respondents say that merchants can ease their fears this holiday season by communicating a commitment to protect consumers against online fraud.

Study Reveals Surprising Perception of Online Fraud

Linc Wonham — Mon, 16 May 2011 16:00:00 GMT

A new joint study from ThreatMetrix and the Ponemon Institute explores consumer sentiment surrounding the Web industry’s ability to safeguard their personal information online.

Results across four industries showed that consumers are most confident in banks, followed by credit card and payment processors, and then social networks. Consumers believe that online businesses are the least reliable at protecting users’ personal information.

“It’s logical that consumers should have the most confidence in the banking industry’s ability to protect their information online, as banks have a responsibility to protect their customers’ funds,” said Reed Taussig, president and CEO of fraud-prevention firm ThreatMetrix. “Social networks, however, surprisingly, have a higher consumer confidence ranking than online businesses in regards to protecting personal information. That represents a problem for the e-commerce industry, which relies on secure online transactions as the foundation of their business model.”

The survey found that the perception of a company’s ability to prevent fraud weighs heavily in a consumer’s online decisions. Three in four consumers said they would not do business with an online merchant if they had doubts about the site’s security measures. Eighty-eight percent said the same of banks or credit card and online payment processors, and 56 percent for social networks.

“Banks, online businesses, social networks and payment processors are all targets for fraudsters who phish their accounts for emails and passwords,” said Taussig. “Yet when you bring e-commerce transactions into the picture, consumers are still very wary about the security of that data. Banks understand the importance of communicating these fraud prevention measures, which online businesses must also do. It’s the first step to increase that level of confidence to the point where a consumer is willing to complete a transaction.”

Eighty-five percent of the survey’s respondents said online merchants, banks, social networks and payment processors should be more aggressive in preventing fraudsters from stealing consumers’ information. Similarly, 80 percent believe that these industries should leverage technology to improve authentication of consumers.

Visit Consumers’ Reaction to Online Fraud for the full results of the study.