Fraud, Inc.
by Robert Capps, VP at NuData Security
July 13, 2016 - Eskenzi PR - While fraudsters are getting more sophisticated and organized, they are also growing in numbers. The relative ease in which an individual can commit credit card fraud, along with the sheer volume of cheap card account data available on the black market, makes it a highly lucrative business to be in. When combined with the number of vulnerable merchants, and the lack of accountability, well, every day is Christmas day.
Here's the math:
Ease of attack +
Bountiful cheap credit card data on the black market +
More opportunity to commit fraud +
Very lucrative +
Little down side of penalties/accountability
= more people who are willing to commit the crime.
So, why the US is the king of card fraud online? It's the ubiquity of eCommerce merchants that accept credit cards for payment, coupled with a lack of preparation on the part of most eCommerce merchants to combat fraud risks, and made worse by a lack of consistent cooperation between merchants, card brands, and issuing banks, to take a holistic stand against the card fraud risks.
Contrary to some reports, EMV adoption in the US is not currently driving the increase of Card Not Present (CNP) transaction fraud online, although in time it will eventually reduce CNP fraud from counterfeit cards being created and used in store.
Consumers as Unwitting Accomplices
Consumers are victims of financial/card fraud over and over, because they continue to shop at the same places, and use their cards in the same ways, even after cards have been replaced. Often, falling victim to the same ongoing skimming and data theft attacks against a compromised retailer.
Even our own devices are sometimes complicit in the theft, with malware and other threats often resident on them, leading to immediate re-compromise after a card is replaced by a financial institution.
We've seen that new account/application is fraud rising due to the ubiquity of rich consumer data available on social media, and via other sources. Making it easier for those with malicious intent to go out and apply for a loan or credit card in your name, or even engineering their way in to controlling your existing accounts. This puts good cards and accounts in the hands of the bad guy, allowing them more time, and greater access to the credit line of a legitimate consumer, often before the crime is detected and can be mitigated. In some cases, access may persist for months before it is detected, often because the overdue notices begin to arrive in the legitimate customer's mailbox.
Close the Door, for Good
There are solutions that protect merchants and consumers from identity and credit card fraud risks. One solution that is seeing broad adoption is based on the science of behavioral biometrics, which provides continuous, multi-factor authentication that goes beyond the typical static data matching used to identify consumers to their creditors, merchants, and banks. Behavioral biometrics accomplishes this task, by evaluating the entire customer behavior profile, built up over time. Providing true insight in to how a customer behaves, and comparing these behaviors to other interactions by this user, it accurately identifies them in future interactions - all without adding friction to the user experience, and without opening up the legitimate user to impersonation and account takeover.
Studies like this continue to highlight what we’ve all been thinking for a long time, namely that true authentication demands a higher degree of scrutiny of the end user at the keyboard, not just device in use, or the static data entered into a web page.
Showing posts with label online risks. Show all posts
Showing posts with label online risks. Show all posts
Wednesday, July 13, 2016
Monday, July 2, 2012
3 Risks of Failing to Monitor Internet Usage
Could your business cope without Internet access? Would you still be able to do business? It is unlikely that you could survive for long without an Internet connection. Yet, few businesses understand the risks of failing to monitor Internet usage.
Employees downloading files, social engineering attacks, bandwidth consumption and negatively impacted productivity can all result from the misuse of employee Internet access privileges. Many of these risks can be mitigated by using software to monitor Internet usage over your network, and to apply proactive security measures to stay secure.
Let’s take a look at the three most common pitfalls and how they can be avoided by Internet monitoring software.
Decreased Productivity
Not all employees understand the concept of “Internet privileges”, and some may interpret it more loosely as “carte blanche to surf the web all day.” In addition, some employees like to use high-speed corporate networks to download large files, such as movies. Not only does this activity put the company at legal risk, but large downloads can also devour bandwidth and cause a loss of productivity across your network.
Good software can allow you to monitor Internet usage, providing the granular management of Internet access controls for your employees. This allows you to control their browsing habits and prevent abuse to ensure your system runs at peak performance. In addition, Internet monitoring software can also allow you to set bandwidth thresholds and block streaming media to ensure you retain control of Internet traffic passing through your network.
Malicious Files and Viruses
Unauthorized downloads and malicious websites can result in infected PCs. Not only does that put your confidential data at risk, but it can also result in system downtime to clean out the infection and restore your network to a secure state.
Employees may also attempt to download and install patches for work-related software, which could destabilize your network if those patches are not tested and approved. Compatibility issues can arise with your existing setup, resulting in administrator resources being used to fix a problem that shouldn’t have arisen in the first place.
By using software to effectively monitor Internet usage you can control which files can be downloaded by users. Software can also be used to scan files that are allowed onto the system with multiple antivirus engines, thus ensuring they are safe. In addition, sites that are off limits can be blocked, keeping your network safe from a variety of attack vectors.
Phishing Attacks
Websites that are masquerading as legitimate sources can lure employees into a false sense of security. They may be tricked into revealing confidential information, or even inadvertently give away access codes that could leave your system open to attack.
By filtering websites and monitoring HTTPS traffic to prevent malware masquerading as safe software, you can keep your network better protected against such risks. In addition some software that can monitor Internet usage will also block access to known phishing websites based on updateable databases of known attack sites.
By failing to monitor Internet usage you can leave your company exposed to considerable risks. Few businesses can afford a loss of productivity, or having their bandwidth resources gobbled up by employees making personal use of the network. Worse still, infection from malware or viruses as a result of failing to control downloads can leave your system completely down.
By deploying software to monitor Internet usage you can keep a careful eye on your network and control its usage to ensure it always runs at peak performance, while also providing an extra layer of protection against attack. The question now is, is it worth the risk to remain without it?
**********
This guest post was provided by Peter Wisner on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about why you need to monitor Internet usage.
Employees downloading files, social engineering attacks, bandwidth consumption and negatively impacted productivity can all result from the misuse of employee Internet access privileges. Many of these risks can be mitigated by using software to monitor Internet usage over your network, and to apply proactive security measures to stay secure.
Let’s take a look at the three most common pitfalls and how they can be avoided by Internet monitoring software.
Decreased Productivity
Not all employees understand the concept of “Internet privileges”, and some may interpret it more loosely as “carte blanche to surf the web all day.” In addition, some employees like to use high-speed corporate networks to download large files, such as movies. Not only does this activity put the company at legal risk, but large downloads can also devour bandwidth and cause a loss of productivity across your network.
Good software can allow you to monitor Internet usage, providing the granular management of Internet access controls for your employees. This allows you to control their browsing habits and prevent abuse to ensure your system runs at peak performance. In addition, Internet monitoring software can also allow you to set bandwidth thresholds and block streaming media to ensure you retain control of Internet traffic passing through your network.
Malicious Files and Viruses
Unauthorized downloads and malicious websites can result in infected PCs. Not only does that put your confidential data at risk, but it can also result in system downtime to clean out the infection and restore your network to a secure state.
Employees may also attempt to download and install patches for work-related software, which could destabilize your network if those patches are not tested and approved. Compatibility issues can arise with your existing setup, resulting in administrator resources being used to fix a problem that shouldn’t have arisen in the first place.
By using software to effectively monitor Internet usage you can control which files can be downloaded by users. Software can also be used to scan files that are allowed onto the system with multiple antivirus engines, thus ensuring they are safe. In addition, sites that are off limits can be blocked, keeping your network safe from a variety of attack vectors.
Phishing Attacks
Websites that are masquerading as legitimate sources can lure employees into a false sense of security. They may be tricked into revealing confidential information, or even inadvertently give away access codes that could leave your system open to attack.
By filtering websites and monitoring HTTPS traffic to prevent malware masquerading as safe software, you can keep your network better protected against such risks. In addition some software that can monitor Internet usage will also block access to known phishing websites based on updateable databases of known attack sites.
By failing to monitor Internet usage you can leave your company exposed to considerable risks. Few businesses can afford a loss of productivity, or having their bandwidth resources gobbled up by employees making personal use of the network. Worse still, infection from malware or viruses as a result of failing to control downloads can leave your system completely down.
By deploying software to monitor Internet usage you can keep a careful eye on your network and control its usage to ensure it always runs at peak performance, while also providing an extra layer of protection against attack. The question now is, is it worth the risk to remain without it?
**********
This guest post was provided by Peter Wisner on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about why you need to monitor Internet usage.
Wednesday, November 9, 2011
Yawn. European Information Security Agency warns about data-profiling risks to minors
Sure there are risks, and risks can be mitigated. So, why is this news? Where are parents in this? Pull the plug, or except and attempt to mitigate the risk.
This isn't so different from the rants that surrounded BoA's announcement of monthly fees for debit card use. If someone doesn't want to pay the fee, don't use the card. Use cash, or charge it, or don't buy.
BoA isn't forcing anyone to use the card, and no one is forcing kids to use the Internet, although, unfortunately, many are pushing pretty hard.
This isn't so different from the rants that surrounded BoA's announcement of monthly fees for debit card use. If someone doesn't want to pay the fee, don't use the card. Use cash, or charge it, or don't buy.
BoA isn't forcing anyone to use the card, and no one is forcing kids to use the Internet, although, unfortunately, many are pushing pretty hard.
Subscribe to:
Posts (Atom)