Thursday, July 28, 2016

Evaluating Corporate Defense through Different Lenses

An interview in Forbes with Sean Lyons, author of a new book entitled "Corporate Defense and the Value Preservation Imperative: Bulletproof Your Corporate Defense Program." Lyons is globally recognized as a corporate defense pioneer and thought leader. As the architect of the cross-functional discipline of corporate defense management (CDM), he is widely regarded as the foremost authority in this emerging field. With almost three decades of experience in corporate defense activities he is a firm advocate of the requirement for corporate defense to play a more prominent role in corporate strategy.

Wednesday, July 13, 2016

Fraud, Inc.

Fraud, Inc.
by Robert Capps, VP at NuData Security

July 13, 2016 - Eskenzi PR - While fraudsters are getting more sophisticated and organized, they are also growing in numbers. The relative ease in which an individual can commit credit card fraud, along with the sheer volume of cheap card account data available on the black market, makes it a highly lucrative business to be in. When combined with the number of vulnerable merchants, and the lack of accountability, well, every day is Christmas day.

Here's the math:
Ease of attack +
Bountiful cheap credit card data on the black market +
More opportunity to commit fraud +
Very lucrative +
Little down side of penalties/accountability
= more people who are willing to commit the crime.

So, why the US is the king of card fraud online? It's the ubiquity of eCommerce merchants that accept credit cards for payment, coupled with a lack of preparation on the part of most eCommerce merchants to combat fraud risks, and made worse by a lack of consistent cooperation between merchants, card brands, and issuing banks, to take a holistic stand against the card fraud risks.

Contrary to some reports, EMV adoption in the US is not currently driving the increase of Card Not Present (CNP) transaction fraud online, although in time it will eventually reduce CNP fraud from counterfeit cards being created and used in store.

Consumers as Unwitting Accomplices
Consumers are victims of financial/card fraud over and over, because they continue to shop at the same places, and use their cards in the same ways, even after cards have been replaced. Often, falling victim to the same ongoing skimming and data theft attacks against a compromised retailer.

Even our own devices are sometimes complicit in the theft, with malware and other threats often resident on them, leading to immediate re-compromise after a card is replaced by a financial institution.

We've seen that new account/application is fraud rising due to the ubiquity of rich consumer data available on social media, and via other sources. Making it easier for those with malicious intent to go out and apply for a loan or credit card in your name, or even engineering their way in to controlling your existing accounts. This puts good cards and accounts in the hands of the bad guy, allowing them more time, and greater access to the credit line of a legitimate consumer, often before the crime is detected and can be mitigated. In some cases, access may persist for months before it is detected, often because the overdue notices begin to arrive in the legitimate customer's mailbox.

Close the Door, for Good
There are solutions that protect merchants and consumers from identity and credit card fraud risks. One solution that is seeing broad adoption is based on the science of behavioral biometrics, which provides continuous, multi-factor authentication that goes beyond the typical static data matching used to identify consumers to their creditors, merchants, and banks.  Behavioral biometrics accomplishes this task, by evaluating the entire customer behavior profile, built up over time. Providing true insight in to how a customer behaves, and comparing these behaviors to other interactions by this user, it accurately identifies them in future interactions - all without adding friction to the user experience, and without opening up the legitimate user to impersonation and account takeover.

Studies like this continue to highlight what we’ve all been thinking for a long time, namely that true authentication demands a higher degree of scrutiny of the end user at the keyboard, not just device in use, or the static data entered into a web page.

Friday, July 1, 2016

Strengthening Security with Password Managers

July 1, 2016 -- USTelecom dailyLead -- Given the abundance of Internet-based activities focused on financial and other sensitive transactions, poor password habits place consumers in a highly vulnerable position. For the majority of Americans who admit their password habits are lacking, password managers and apps could be a game-changing tool and an important resource that protects their personal information. Creating and regularly updating complex passwords are among the top recommendations security experts suggest. Password managers allow users to remember just one password while managing several.