The fight against fraud continues. Latest ideas in the many reports and analyses received over the last few months included focusing on email, system vulnerabilities, understanding the black market in fraud attacking software, use of biometrics, etc.
Careless use of emails is one of the biggest risks in business today. Emailage’s recent report highlighted, in their Fraud Strategies: The High Cost of Friendly Fraud, that:
- You need to watch out for users who return every item due to receiving the wrong item
- Fighting fraud on all fronts requires a layered system that monitors for all types of behaviour
- You need a clear understanding of customer behaviour and transactional history
- The cost of introducing additional security measures is much lower than the losses caused by friendly fraud.
Defending corporations against payment fraud
FIS’s Luc Belpaire recommends in his blog, which stresses that cyberfraud is expected to costs $6 trillion/year by 2021, that companies need to:
- Centralize wherever possible: Targeted attacks on treasury and finance departments are frequently directed at subsidiaries and local offices
- Learn and test: People learn best by doing and seeing for themselves. In addition to providing training modules, manuals and online tutorials, simulate attacks of different types
- Look within the organization: Fraud is not only an external phenomenon. In addition to enforcing and testing controls such as dual-level authorization, staff need to be alert to and feel comfortable reporting suspicious behaviour
- Look beyond the business: Treasurers operate in a complex ecosystem that extends beyond the banking, supplier and customer community. It is important that this community understands and plays its part in tackling fraud.
Beware of 3D Secure in PSD2
Ravelin’s analysis of millions of global business transactions reveals 22% of payments are lost when authenticated using 3D Secure. Improved user experience alone won’t cut it - online sellers and payment providers need to get smart about how to manage PSD2 requirements from September.
3D Secure (3DS) is an additional layer of security for online credit and debit card payments - the most well-known examples being Verified by Visa, Mastercard SecureCode and American Express SafeKey. At the final stage of the checkout, it asks the buyer for a password so the bank can authorise the payment.
Ravelin found that across millions of transactions between February and March:
- 3DS authentication took an average of 37 seconds
- 91% of payments cause friction taking over 5 seconds to authenticate
- Acceptance rates of the top 20 global banks by volume range from 68-92%
- 3DS with improved user experience still lost 19% of payments
Revelin believes that “for all its good intentions, 3DS is notorious for bad user experience and the clunky interface can even make customers feel less secure paying online. The frustration of an extra password carries dangerous risks of customer drop off and lost revenue for online sellers.”
The Ravelin Accept service “combines machine learning powered risk analysis with issuer intelligence and 3D Secure authentication as a complete toolkit to comply with the upcoming revised Payment Services Directive (PSD2). This empowers merchants and payment providers to maximise payment acceptance while keeping fraud rates low.”
Genesis: The underground e-shop
Kaspersky Lab has published the results of an investigation into Genesis, an e-shop that is trading over 60,000 digital doppelgangers, stolen and legitimate digital identities, making successful credit card fraud that much easier to conduct.
This marketplace, as well as other malicious tools, involve abusing the machine-learning based anti-fraud approach of ‘digital masks,’ a unique, trusted customer profile based on known device and behaviour characteristics.
How to stop chargebacks before they stop you
Verifi’s published a list of the 10 signs of a fraudulent order to help merchants minimise chargeback costs, see.
Understand how fraudsters behave
See 10 fraud myths show how they behave.
Fraudsters’ new modus operandi
SWIFT today published a new cyber report, ‘Three years on from Bangladesh: tackling the adversaries’ which provides new insights into the evolving nature of the cyber threats facing the global financial community.
CTMfile take: The fraud business evolves and refines itself. Corporates cannot rest easy.
Like this item? Get our Weekly Update newsletter. Subscribe today