Despite a growing awareness of cybersecurity issues, fraudulent activity remains a challenge for all organisations and businesses. Ryan Wilk, Vice President at NuData Security, a Mastercard company, talks to Intelligent CISO about some of the biggest risks and how to defend against them.
With so much security awareness, along with new regulations like GDPR and the California Consumer Privacy Act, it’s clear that the digital landscape is changing.
Problem is, despite new rules, regulations and a higher level of awareness, fraudulent activity remains a growing challenge. The issue is so pervasive that out of 400 billion events monitored worldwide by NuData, 28% were high-risk fraudulent activity, according to information from NuData Security’s 2018 fraud trends datasheet.
The same datasheet shows that the volume of fraudulent activity is actually increasing by emulating the way consumers interact with an organisation’s pages. To put it simply, bad actors mask themselves alongside a company’s good traffic, rendering it more difficult to identify a potential threat.
Given these findings, it’s more important than ever before that companies of all sizes and across all industries not only practice better security awareness but also put it into action by adopting and implementing improved policies and tools.
Mobile mayhem
As companies scramble to get up to speed with bad actors’ ever-evolving tactics, it’s important to note that not all fraud is created equal. NuData’s 2018 fraud trends during a webinar highlighted that distribution between mobile and desktop is vastly askew with mobile seeing 78% of traffic, while desktop had just 22%.
This is important to mention because mobile malware is a major threat to businesses across various industries, especially those in e-commerce and banking. Kaspersky Lab indicated that the number of attacks using malicious mobile software nearly doubled in 2018 over the previous year.
Magecart, for example, has already wreaked havoc on several notable e-commerce companies including British Airways, Newegg and Feedify, among others, and is still going strong in 2019.
New account fraud and risk
There’s a lot of abuse in the merchant world but one of the things that’s high on that list involves trial fraud (think free-trials or coupons for signing up or being a loyal member).
Bad actors will use credentials to create new accounts and will sell these free trials for a minor pay-out. Over time, however, these ‘free’ sales can add up to hefty amounts.
New credit lines with instant approval are also a major target that quickly add up to unbearable losses. According to NuData’s report, in 2018 alone it took more than 53 million hours to clean up the mess of new account fraud.
Defending your systems
This might seem like a no-brainer but having great tools is an absolute must. Even the most skilled security teams need equally smart equipment. The bottom line here is that every business needs functionality that allows its security protocols to evolve with the bad actors’ techniques.
Behavioural biometrics plays a key role in this area by allowing organisations to better understand where threats are coming from. This reinforces real-time risk mitigation behind the scenes. By continually monitoring activity with these tools, security teams can actually see where threats are coming from and be prepared for an attack when it does happen.
Maintaining tools that increase visibility into the attacks assists in showing red flags. For instance, the average attack has occurred on Windows 7, 8 and 10. This means that analysing device intelligence can help detect fraudulent sub-populations.
Rules and policies are also vital. Security leaders need to ensure that all local laws and regulations are accounted for when creating automated processes with their security tools – but it shouldn’t end there. Because there is no one-size-fits-all approach when it comes to running a secure business, it’s essential that these policies are tailored to meet the organisation’s specific needs.