19th Ave New York, NY 95822, USA

Breaking the chain of fraud

The biggest concern of retailers is the rise of electronic commerce fraud – including data breaches, targeted attacks and fraud by card not present – according to a
report from the Federal Reserve Bank of Minneapolis.

Online fraud is one of the biggest challenges facing retailers, with non-present card fraud (NPC) being one of their main concerns.

CNP fraud will reach $ 71 billion over the next five years,
Juniper Research has planned because it is an easy way for cyber criminals to access money, products and services.

There has been a 100 percent increase in attempts to purchase credit cards marked – suspicious, according to NuData Security.

With these numbers, it is not surprising that merchants have allocated most of the resources to secure NPC transactions.

Retailers were also affected by point-of-sale systems – physical machines that accept card payments. Some retailers have discovered that their devices have been infected with malware that records the payer's card information. Point-of-sale hacking has a low barrier to entry, as cyber criminals simply need to connect a $ 25 Raspberry Pi to download malicious code that can penetrate the network.

These are not the only threats. Third-party vendors outsourced by retailers may become another fraud target. Third-party vendors, in turn, hire other companies, creating a long list of vendors that process sensitive data. It is in the context of these relationships that cyber criminals target the weakest link to steal personal data such as credit card information.

Link Fraud Chain Link Review

Retailers and merchants can close the loop on point-of-sale systems through continuous monitoring of point-of-sale terminals and regular installation of security patches. It is crucial to apply new patches to all devices to avoid attacks like Forever 21: The company had installed the latest security patches in all but a few of its terminals – and these have been attacked.

Identifying all your third, fourth and even twentieth providers is the first step towards establishing a risk management strategy.

Bad actors use any chance to steal payment data that will then reverberate on the CNP channel, where merchants can not tell the difference between legitimate customers and imposters.

Break the chain

The most effective weapon against CNP fraud is to devalue stolen data. Options for stealing sensitive information have evolved constantly, but if the stolen data is not useful for profit, fraudsters will lose interest.

Following this approach, many companies have implemented multi-layered solutions applied to CNP transactions that evaluate users by several key points:

  • what they have – type of device, for example; and
  • what they are – physical biometrics that may include scans of the face, retina or fingerprints.

There is an underlying layer that facilitates identification by examining the passive biometrics of a user. Passive biometrics can analyze the inherent online behavior of the user. If suspicions are raised, the company may trigger an additional verification request depending on what the user has or is.

This approach to security, based on passive biometrics and behavioral analysis, secures an illegal online transaction card without relying on data that could be stolen, such as a name of a person. user and password.

Passive biometrics and behavioral analysis can recognize clients through hundreds of identifiers, such as how they grab – their input speed and their typing deviation – or the how they hold a device. These are powerful indicators of interaction between humans and non-humans, and they can help ensure that the right person accesses an account.

Release the chains that bind

Passive biometrics and behavioral analysis give retailers a context for digital transactions and the ability to stop abnormal transactions before they occur. Users enjoy a seamless experience, while organizations benefit from an additional guarantee of authentication.

Retailers and e-commerce organizations that use multi-layered security strategies with passive biometrics and behavioral analysis can effectively confirm legitimate users with extreme accuracy, without relying on identification information that could have been stolen. User patterns and behaviors can not be replicated by cybercriminals using stolen identification information or card details, which devalues ​​stolen data and breaks the chain of fraud.


Robert Capps is Vice President and Strategist in Authentication for
NuData Security, a Mastercard company. He is a recognized technologist, opinion leader and advisor with over 20 years of experience in designing, managing and protecting complex information systems – leveraging people , processes and technology to counter cyber risks.