Page 10 - GS161102
P. 10
News
Holiday season brings Top industries, retailers targeted
tidings of CNP fraud
Security experts are especially concerned for big-box
S hoppers, retailers and cybercriminals no longer retailers, which they claim will be primary targets
wait for Black Friday and Cyber Monday to get throughout the holiday shopping season and immediately
into the holiday spirit. Security analysts saw a thereafter. There could be as many as 50 million attacks
spike in legitimate and fraudulent retail transac- to ecommerce sites in the peak shopping week alone, they
tions throughout the third quarter of 2016, a traditionally warned.
quiet period. Felonious attacks are becoming more frequent
and sophisticated, experts warned. Chief among their con- ThreatMetrix has been stopping an average of one
cerns is the use of artificial intelligence and social engineer- fraudulent new account creation every 10 seconds and sees a
ing to mimic legitimate customers. widespread use of stolen identity credentials. Pandey called
these attacks "multifaceted, global and ever-evolving," as
"The challenge for businesses is that if fraudsters behave criminals strive to steal, validate and sell stolen identities.
more and more like genuine customers, and automated Increasing crime levels necessitate staying a step ahead
bot attacks are testing identity credentials on a mass "with innovative approaches that derail fraudsters and
scale, what hope is there of detecting the genuine good strike the right balance between protecting businesses and
transactions from the sea of bad ones?" wrote Alisdair minimizing friction for users."
Faulkner, Chief Products Officer at ThreatMetrix. The
ThreatMetrix Cybercrime Report: Q3 2016, published Nov. 1, Srinivasan added that many retailers hire temporary
2016, found a 40 percent increase in card-not-present (CNP) workers to help manage shipments, returns and inquiries.
crime between July and September 2016, compared with Merchants need to combine preventive tools and strategies
the same period in 2015. The analysis was based on close with human oversight to protect against fraud, and
to 5 billion transactions and 130 million blocked intrusions, information technology departments need to plan for
the company noted. excessive network traffic, she stated.
Cybercriminals have graduated from brute attacks to Following are at-risk categories cited in the ThreatMetrix
more advanced, nuanced methodologies, according to report:
Vanita Pandey, Vice President of Strategy and Product
Marketing at ThreatMetrix. "Attacks have evolved from • E-commerce: Bot attacks are growing in proportion
being one-dimensional with a singular purpose to being to digital ecommerce transactions. Attacks on logins
a Frankenstein's monster of attack vectors, using bots, and payment transactions grew 30 percent and 70
social engineering and remote access stealth in various percent, respectively, in 2016.
combinations," she said.
• Financial services: Online financial services transac-
Physical, virtual fraud tions continue to be driven by mobile usage. Login
attacks in fintech increased due to a large bot attack
"True fraud exponentially rises during the holiday season," on an e-lender.
said Srii Srinivasan, co-founder and Chief Executive
Officer of ChargebackGurus. "Many criminals hack into • Digital media/social networks: Fraudsters are test-
retail networks earlier in the year, planning attacks well in ing stolen credentials on sites with modest signup
advance of peak retail season. Some of their most insidious and authentication requirements. Attacks on new ac-
strategies involve mimicking legitimate customers." count creations increased by almost 400 percent com-
pared with the third quarter of 2015.
Pandey and Srinivasan urged retailers to plan ahead
for high-volume transactions and implement real-time • Cross-border transactions: Representing one in five
detection strategies. "Fraud prevention is no longer simply transactions in the digital network, these transac-
about timely detection but about getting under the skin tions are considered riskier than domestic transac-
of evolving attack patterns to better thwart the rise of tions and rejected twice as often.
cybercrime," Pandey said. Srinivasan cited a number of
reasons for increased chargebacks around the holidays. Changing consumer, fraudster behavior
"Fulfillment centers may ship the wrong product or
duplicate an order, and there is more physical theft during Mobile and in-app payments have created a new frontier
holiday season, because thieves know high ticket items are for fraudsters, according to the ThreatMetrix study. "As
being ordered," she said. digital transactions have grown, so have the attacks," the
authors wrote. "This quarter saw the highest number of
attacks on ecommerce with more than 76 million blocked
transactions, a 60 percent increase over 2015." Fraudsters
are targeting mobile and online accounts where consumer
credentials are stored, the authors noted. They expect these
login attacks to continue through the 2016 holiday season as
10
