As we have talked with many banks over the past few years, I continue to be surprised at the inconsistency amongst banks regarding account takeover fraud. Most banks as a rule have expressed that they have observed very little account takeover, while for others - they are seeing an epidemic of takeover fraud. This is counter-intuitive to most fraud types that tend to hit the industry as a whole (eg. phishing, new account fraud, etc.)
We believe that the culprit responsible for this level of inconsistency is due to "internal compromise". To commit account takeover typically requires the thief to not only have the identity credentials, but also bank specific information such as PINs and account numbers. Gaining access to both identity data and bank specific data is not trivial, with the best source being the bank itself. I was speaking at a recent conference, and a top 10 retail bank described how they had recently been compromised by an internal employee - who sold the information to another entity who then took over the accounts by changing address and requesting new cards.
We see that tightening up internal access to confidential data, as well as monitoring being extremely critical to stamping out account takeover fraud.
If anyone has any thoughts or experiences on the subject - we'd love to hear from you.
A.E>>>
Monday, April 28, 2008
Wednesday, April 9, 2008
When's the Next Wave of E-commerce Fraud Coming?
The FBI recently announced that online fraud increased 20% since 2006. While this may seem large - I am perplexed that it is not larger. As we have have talked to many online merchants, we are finding that they have a variety of tools deployed, mostly using logical screens such as looking at the IP address, the browser languages, the country of origin, time of day, difference between Bill TO and Ship TO address, etc.....
As we are getting into the analytics, however, we are observing that it is still relatively simply to get through the screens. As long as you use an IP that doesn't ring the bell, get the right Bill TO address, and don't order in obvious fraudulent patterns (eg. 10 orders for the same high end electronics product), etc. it is fairly easy to get through the hooks. When we study the known frauds that are getting through - we see this all the time. The good news is that there are ways to combat these tougher frauds by looking not only order related data , but third party data and analytics that can take fraud detection to the next step.
However, what we are also seeing is that the fraud incidence for online merchants is still at historic lows. This is telling me that the fraudsters have not yet figured this out. They are still routinely trying their old tricks, and are having their orders blocked more and more. While this is great - it is also suggesting that it is just a matter of time, before they change tactics and begin figuring out how to get through. As we like to say "Once you shut down one device for the fraudsters - they don't tend to give up and go get day jobs". Instead, they tend to keep pushing to open up that next vulnerability.
I believe we are going to once again begin seeing a substantial increase in fraud rates, as this next migration occurs. Thoughts?
As we are getting into the analytics, however, we are observing that it is still relatively simply to get through the screens. As long as you use an IP that doesn't ring the bell, get the right Bill TO address, and don't order in obvious fraudulent patterns (eg. 10 orders for the same high end electronics product), etc. it is fairly easy to get through the hooks. When we study the known frauds that are getting through - we see this all the time. The good news is that there are ways to combat these tougher frauds by looking not only order related data , but third party data and analytics that can take fraud detection to the next step.
However, what we are also seeing is that the fraud incidence for online merchants is still at historic lows. This is telling me that the fraudsters have not yet figured this out. They are still routinely trying their old tricks, and are having their orders blocked more and more. While this is great - it is also suggesting that it is just a matter of time, before they change tactics and begin figuring out how to get through. As we like to say "Once you shut down one device for the fraudsters - they don't tend to give up and go get day jobs". Instead, they tend to keep pushing to open up that next vulnerability.
I believe we are going to once again begin seeing a substantial increase in fraud rates, as this next migration occurs. Thoughts?
Subscribe to:
Posts (Atom)