Category Archive for online security

Online Fraud Detection on 5 ecommerce fraud predictions for 2017

5 ecommerce fraud predictions for 2017

Ecommerce fraud is on the rise as more consumers turn to online shopping. Luckily, by being vigilant, merchants can fight fraud and win.

As the number of consumers turning to online shopping increases, the rise of online fraud is also rising.

Those committing internet crimes are depriving their victims of either funds, interests, personal property and/or sensitive data. As the threat escalates, consumers and companies alike are seeking various methods to tackle the phenomenon.

Ecommerce fraud has a long and controversial history. Thus, providing a forecast for the months ahead can help retailers adopt an adequate solution to confront the many challenges in 2017.

1. Identity theft and friendly fraud

The main threat will remain identity theft. Fraudsters will seek your personal information. Their main goal is to use a different identity and, for example, place an online order. Identity theft also includes a concept known as man-in-the-middle attacks where credit-card data is intercepted and copied as it is transferred online.

In the practice of friendly fraud, a customer pays for ordered goods and/or services through a direct debit or a credit card. The second step involves a deliberate chargeback from the issuing bank, taking place only after receiving the purchased goods or service. The involved fraudster then goes on to claim the credit card or details of customer’s account has been stolen. While the “customer” is reimbursed, they decide to keep hold of the goods.

2. Merchant and triangulation fraud

In merchant fraud, the goods are provided at extremely low prices yet no shipment takes place. There is also a wholesale version of this fraud. No specific method enjoys any exclusivity, yet it is common knowledge that no-chargeback payment methods come to life in this practice of fraud. This also involves a majority of the push payment types.

Considered as one of the more complex ecommerce attack methods, triangulation fraud involves quite a bit of collaboration, as three points are involved. Role #1 belongs to an ordinary customer placing an order through a type of credit, debit or PayPal tender. Role #2 involves a fraudulent seller receiving the placed order, then requesting the actual product from a legitimate ecommerce website while using a stolen credit card. Role #3 is the part played by a legitimate ecommerce website completing the order requested, completely unaware of the criminal nature.

3. Affiliate and clean fraud

Two types of affiliate fraud are popular these days, while both seek one objective. By manipulating sign-up data or traffic, fraudsters are pursuing the objective of collecting more money. Options include actual people using fake accounts who log into sites of merchants or simply employing an automated process.

Clean fraud also involves the use of a stolen credit to make an order. In such a method, criminals resort to complicated practices, such as using sound analyses equipped in fraud detection systems, and obtaining in-depth data on the owners of stolen credit cards. This information is needed to deceive the payment process and bypass the fraud detection solution.

4. The counterattack

Online piracy and the sale of counterfeit goods will face new challenges, as the U.S. Department of Justice has declared a new initiative teaming up state and local law enforcement agencies in this struggle. Washington has already pumped $3.2 million into this campaign.

New state-of-the-art advances are also making life more difficult for fraudsters, especially with the introduction of EMV chip card technology. This is a significant leap forward in enhancing credit card security, providing a strong incentive for small and large companies to jump on the bandwagon.

5. Fighting fraud

Fraud prevention and chargeback guarantee for ecommerce merchants, Riskified works on establishing genuine financial security between online customers and ecommerce merchants. This company delivers ecommerce fraud prevention solutions for merchants to certify previously avoided transactions.

At a time when the relationship between a buyer and a seller is in search of trust more than ever before, customer experience and the bottom line is protected through the services provided by this firm in pioneering the charge-back guarantee.

“We founded Riskified with the retailer in mind and have grown adept at servicing the needs global retailers have as they expand their e-commerce and m-commerce operations to provide more personalization to consumers,” says co-founder and CEO Eido Gal, signaling the high demand and importance of such services in today’s digitized world.

As calls for digital goods increase, we are witnessing a rise in the necessity of protection against fraud.

“Digital goods, such as electronic gift cards and e-tickets, are becoming increasingly popular. In the U.S., over $127 billion is spent on gift cards annually,” Shalhevet Zohar explained in a blog post about ecommerce fraud trends.

Such statistics, growing as we speak, demonstrate the huge market fraudsters seek to tap into—and the utmost necessity for consumers to be adequately prepared.

Final thoughts

The fraud landscape is a constantly changing and evolving phenomenon, demanding an adaptive approach to remain at top of your game. Retailers in the U.S. have suffered $109 billion more due to suspected fraud costs resulting from false declines of legitimate orders. This is far beyond actual fraud losses. The ecommerce industry is increasing its demand for fraud prevention platforms, and there is a new revenue opportunity for those companies able to provide such high-valued expertise.

Online Security Review Steps to Protect Yourself from Tax Identity Fraud

By William F. Whelan, guest columnist and Senior VP, Branch/Government Banking, Capital Bank.

As the 2017 tax season gets underway, Capital Bank of New Jersey is urging all customers to take extra precaution when filing their return to prevent their exposure to tax fraud.

“Fraudsters are using very clever tactics to get a hold of your personal information and submit false tax claims,” said David J. Hanrahan, Sr., President and CEO. “Consumers must be suspicious of any communication from the IRS—through e-mail, text or social media—that requests personal information, and should keep a watchful eye out for missing W-2s and mail containing sensitive financial information.”

Tax identity fraud takes place when a criminal files a false tax return using a stolen Social Security number in order to fraudulently claim the refund. Identity thieves generally file false claims early in the year and victims are unaware until they file a return and learn one has already been filed in their name.

To help consumers prevent tax ID fraud, Capital Bank of New Jersey is offering the following tips:

  1. File early. File your tax return as soon as you’re able, giving criminals less time to use your information to file a false return.
  1. File on a protected Wi-Fi network. If you’re using an online service to file your return, be sure you’re connected to a password-protected personal network. Avoid using public networks like a Wi-Fi hotspot at a coffee shop.
  1. Use a secure mailbox. If you’re filing by mail, drop your tax return at the post office or an official postal box instead of your mailbox at home. Some criminals look for completed tax return forms in home mailboxes during tax season.
  1. Find a tax preparer you trust. If you’re planning to hire someone to do your taxes, get recommendations and research a tax preparer thoroughly before handing over all of your financial information.
  1. Shred what you don’t need. Once you’ve completed your tax return, shred the sensitive documents that you no longer need and safely file away the ones you do.
  1. Beware of phishing scams by e-mail, text or phone. Scammers may try to solicit sensitive information by impersonating the IRS. Know that the IRS will not contact you by e-mail, text or social media. If the IRS needs information, they will contact you by mail first.
  1. Keep an eye out for missing mail. Fraudsters look for W-2s, tax refunds or other mail containing your financial information. If you don’t receive your W-2s, and your employer indicates they’ve been mailed, or it looks like it has been previously opened upon delivery, contact the IRS immediately.

If you believe you’re a victim of tax identity theft or if the IRS denies your tax return because one has previously been filed under your name, alert the IRS Identity Protection Specialized Unit at 1-800-908-4490. In addition, you should:

  • Respond immediately to any IRS notice and complete IRS Form 14039, Identity Theft Affidavit.
  • Contact your bank immediately, and close any accounts opened without your permission or tampered with.
  • Contact the three major credit bureaus to place a fraud alert on your credit records:
  • Continue to pay your taxes and file your tax return, even if you must do so by paper.
  • More information about tax identity theft is available from the FTC at ftc.gov/taxi theft and the IRS at irs.gov/identity theft.

Capital Bank opened for business in Vineland in 2007.  Currently, it has four locations—two in Vineland, one in Woodbury Heights, and one in Hammonton. Capital Bank lends money to businesses and individuals throughout South Jersey, is an Approved SBA Lender and a New Jersey EDA Premier Lender. It is also 5-Star rated by BauerFinancial (BauerFinancial.com). For more information about Capital Bank, visit capitalbanknj.com.

Security and Risk Complaints Online on Building a ‘human firewall’

A recent research study Mimecast conducted with Vanson Bourne revealed that 66% of the surveyed South African businesses said that they thought it likely that their organization would suffer from cyber-criminal activity in 2017.

So said Mimecast MD Brandon Bekker, adding that there are three major threats his organization believes SA businesses are facing in terms of IT security.

Ransomware

“Ransomware will explode to become one of the biggest threats, fuelled by smaller ‘opportunist’ attackers using off-the-shelf kits to deploy malware. This is an easy and cheap attack method that produces fruitful results. Few organisations have effective defenses against this type of malware and now with bitcoins enabling the perpetrators to increase distance from their victims further, it has never been so easy to get away with it,” he adds.

When asked how to prevent or mitigate attacks of this nature, he says cyber criminals are becoming increasingly more sophisticated and insidious, and are continually revising, updating and re-inventing their tactics and technologies to carry out an attack.

Because of this, preventive systems, such as anti-virus and intrusion prevention systems, are rendered inadequate. “Planning exclusively to help prevent cyber-attacks, like ransomware, isn’t enough. It’s time for businesses to implement a total cyber resilience strategy that includes security, continuity and data recovery.”

In his view, the ideal approach is to layer together state-of-the-art preventive systems, point-in-time recovery measures, and a means to maintain business continuity during a ransomware attack. He adds that education, or ‘building a human firewall’ plays a vital role, because the more staff can be aware of attacks such as ransomware, the more educated eyes can be on the problem.

The insider threat

According to Bekker, insider threats are also high on the list, and according to a Forrester Technology Adoption Profile study, these threats impact 99% of organisations surveyed.

In addition, these businesses said they had experienced some form of insider security incident in the past 24 months and 36% discovered insiders e-mailing sensitive data out of the organisation.

“With the POPI Act in the spotlight, organisations need to ensure that sensitive corporate data is not being accidentally or purposefully leaked externally; no business wants to be made an example of by the Information Regulator,” cautions Bekker.

The third threat was revealed to be e-mail impersonation, or whaling, which continues to plague businesses in South Africa. The Mimecast study showed that 51% of those surveyed reported seeing an increase in impersonation fraud where recipients are asked to make wire transactions.

Bekker says impersonation technology, in conjunction with regular employee education, will help business protect themselves from these attacks.

What we’re doing wrong

Speaking of what SA companies are doing wrong in light of these three threats, Bekker says although many SA businesses are developing stronger cyber resilience strategies, and cyber activity is being discussed seriously and regularly in boardrooms across the country, IT budgets still limit organisations that need the advanced, layered protection required to protect them from the evolving threat landscape.

“In their move to the cloud, many organisations believe that sufficient security is being built into their messaging platform. We are finding that the increased pace of development in the cybercrime underworld needs to be matched by a focused security solution that integrates with the messaging platform but focuses on the protection of corporate data.”

In terms of what businesses could be doing better, Bekker says there is a vast amount of information out there and many perspectives about what the future holds. “IT managers need to continue exploring all the options, researching the options and meeting with different providers to better understand how they can build a strong cyber resilience strategy and how to layer the right set of solutions into that strategy.

Security and Risk Online on Amazon Opens Data Centers to Boost U.K. Cloud Services

(Bloomberg) — Amazon Web Services, the cloud-hosting arm of Amazon.com Inc., opened new data centers in the U.K. as it seeks to stay abreast of competitors in offering cloud computing services to government and health-care customers.

The new data centers, announced in a statement on Wednesday, follow decisions by IBM and Microsoft Corp. in the past two months to expand their cloud computing infrastructure in the U.K.

The U.K. data region, which comprises two zones, each consisting of multiple data centers, is the 16th Amazon Web Services operates worldwide and it’s third in Europe. A fourth in France has already been announced and will open next year.

Governments are increasingly moving computing functions into the cloud. But they are often required for regulatory and security purposes to hold data within their national borders. The same applies for sensitive health-care information. Meeting these demands is one reason cloud providers are rushing to open more data centers around the globe.

“This is a great enabler for data that has to remain in the U.K., like health-care,” Chris Hayman, who manages Amazon Web Services’ British government accounts, said in an interview.

Liam Maxwell, the U.K.’s national technology adviser, said in a statement that the government had saved 3.5 billion pounds ($4.4 billion) so far by choosing to host data in the cloud rather than on its own servers.

Financial-service firms are also often concerned with minimizing the time it takes to connect to trading venues, another reason to expand in the U.K., said Teresa Carlson, vice president for worldwide public sector operations for Amazon Web Services. “The U.K. is a really important part of the world, being a center of the financial industry,” she said.

The decision to build new data centers in the U.K. predates the country’s June vote to leave the European Union, Carlson said. But giving customers the ability to store data in the U.K. has taken on increased importance since the Brexit vote as clients worry about whether British data privacy rules will diverge from European standards. “Now, whether the U.K. is in Europe or not, they have their own region,” she said.

Amazon Web Services declined to specify exactly how many facilities it operates in the country, how many people will be employed or how much money it will invest.

Karen Bradley, U.K. Secretary of State for Culture, Media and Sport, said in a statement that Amazon’s action “is a strong endorsement of our approach to the digital economy” and “shows a clear confidence in the U.K. being open for business and one of the best places in the world for technology companies to invest in and grow.”