Home » Fraud Prevention » ID Systems & Services in Fraud Prevention

Fraud to peak this month, devices a weak spot

Fraud is a challenge for merchants as Thanksgiving gives criminals much to celebrate but legacy systems mean even biometrics is a risk. Passwords don't provide enough security but even biometric authentication isn't that much better in many cases.

Research from ACI Worldwide suggests that fraud attempts will increase by 14 per cent during the upcoming holiday season, with a peak between Thanksgiving Day and Cyber Monday. The report says that, in addition to traditional online channels, 'buy online, pick up in-store' and call centres will be areas of focus for fraudsters.

While the volume of purchases is expected to increase by 18 per cent between Thanksgiving Day and Cyber Monday this year, and the value by 19 per cent, compared to the same period in 2017, the volume and value of fraud attempts is also predicted to rise – by 14 per cent and 17 per cent respectively.

The report lists a number of actions to limit fraud including:

  • ensuring a secure wifi connection when making mobile/online payments;
  • be careful of public charging stations, some of which are rigged to steal personal data from devices;
  • use biometric authentication; and
  • ensure the same email and password combination are not used for multiple merchants.

72% of SMBs think they're protected

Research from Kaspersky Lab also shows the vulnerability of small and medium businesses (SMBs) to data breaches. It found that, in 2017, almost half (42 per cent) of SMBs experienced at least one data breach even though the majority (72 per cent) were sure they were reliably protected from such incidents. The firm also says that, when it comes to IT security, one of the main concerns for 40 per cent of businesses is the loss of access to internal and customer-facing services. Its study found that most companies (94 per cent) store financial reports as well as personal customer data — such as account numbers (80 per cent), and bank card data (78 per cent) – on employee devices, internal servers and in public clouds. This makes the threat of fraud and data breaches from devices a huge priority for companies as the peak holiday period approaches.

Ditch legacy systems and passwords

However, George Avetisov, CEO and co-founder of HYPR Corp, a provider of decentralised authentication solutions for enterprises, argues that even though biometrics seem to offer far more security than passwords, this is not always the case. Writing on the Medici website, he explains the reason for this:

“Most biometric authentication is added on top of legacy systems where the consumer and enterprise share a secret, a password, stored centrally on servers with all other consumers’ passwords. When a bank customer uses Touch ID, he/she uses their fingerprint to unlock the device or paste in a password from the device’s keystore. The end state is still that the user and enterprise depend on centralized password-based security...”

Part of the problem that Avetisov points out is that biometric authentication is being used on legacy systems – using centralised password security. He adds: “And none of this will subside until large service providers start migrating to systems entirely free of passwords.” Avetisov concludes that “device biometrics are a step in the right direction”. In other words, the use of mobile and app-based biometric authentication, without links to a centralised database of passwords.

CTMfile take: Passwords don't provide enough security but even biometric authentication isn't that much better in many cases. As merchants and consumers approach peak fraud time, also known as holiday season, this is a challenge many will wish they had addressed earlier. The precautions suggested by ACI Worldwide are important but until organisations move away from legacy systems, a high level of fraud risk will remain.   

This item appears in the following sections:
Fraud Prevention
ID Systems & Services in Fraud Prevention
Minimizing Fraud Procedures
Minimizing Payment Fraud

Also see


No comment yet, why not be the first?

Add a comment