fraud • eTailing Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Posts Tagged :

fraud

Finally, a real alternative to cards for e-commerce and contact centre payments – Open banking payments

640 427 Stuart O'Brien

By Ordo

As businesses have digitised, payments had to follow suit.  The only option for taking these remote payments, to date, has been with credit and debit cards.  But cards are expensive and increasingly complex to support operationally, and fraught with fraud.  New open banking payments regulation and technology has allowed innovative regulated payments institutions like Ordo, regulated by the FCA, to deliver attractive new alternatives.  These services allow businesses to collect payments for only a small, fixed fee, and without the customer experience difficulties of cards, the exposure to fraud, or the waiting days for collected funds to clear.

Innovative e-commerce and real time request for payment (contact centre) solutions are exploit the following key features of open banking:

  • Faster Payments Service low cost base – unlike global card schemes, bank charges are only a small fixed fee per transaction irrespective of the value of that transaction;
  • reduced flow of account details between parties; and
  • irrevocable Faster Payments – once a payer pays, there’s no reversing or clawing back the payment, eliminating the risks of fraudulent payments for the collecting business.

And it virtually eliminates fraud. Push Payment Fraud – frauds against the senders of payments, usually sent through the Faster Payments Service, where a payer has been persuaded, tricked or misled into either sending a payment for a fraudulent service, or a legitimate payment to a fraudster’s account – in the first half of 2020 caused £207.8m of losses.  Only £73.1m was returned to customers, meaning £134.7m had to be absorbed by the impacted consumers and businesses.

Isn’t it time you protected your business, and implemented an efficiency drive that delivered results?

Try Ordo for free at https://www.myordo.com/landingPage or find out more here https://ordohq.com/enterprise/

Risky business – Why tackling cyber-security and fraud is key to post-pandemic retail success

960 640 Guest Contributor

By Angel Grant, Director of Digital Risk Solutions at RSA Security

Retail has always been one of the most popular targets for fraud and cybercrime. Hardly surprising, given their complex supply chains, cyber-immaturity relative to other sectors, and the huge volumes of customer data they often possess. But the rush to digitalise during the pandemic may have inadvertently exposed retailers to even more cyber-risk than normal. From new mobile commerce applications to employees working remotely, the attack surface today is larger than ever.

In the UK alone, retailers are said to have spent £186 million on “cutting edge” cyber-security over the past year. But the headline figure may be misleading: how this money is spent is as important as how much is being allocated. For maximum results, retailers must go back-to-basics and reassess their security posture, covering everything from IT infrastructure to customer awareness.

Disruption is a cyber-criminal’s best friend

COVID-19 has provided the bad guys with a big opportunity. Cyber-criminals thrive in chaos; they’re masters at adapting quickly while their victims are still floundering, and disruption doesn’t come much bigger than a global healthcare and financial crisis. The sudden closure of “non-essential” stores at the start of the year forced many retailers to work rapidly on two fronts: supporting mass remote working for their employees and accelerating digital transformation to ensure they could continue to serve their customers. In many cases that meant upgrading POS and retail management systems, designing new applications, re-invigorating social media, and redesigning business processes to, for example, encourage BOPIS (buy-online-pickup-in-store).

The problem with these much-needed changes is that in many cases they were actioned without proper attention to risk management, compliance, and security best practice.

Where are the risks?

From an IT perspective, security gaps have arisen from poor integration between newer digital infrastructure and legacy systems. In the home working space, for example, some reports suggest VPNs were overwhelmed by the demand from users, causing security bottlenecks that may have persuaded some users to bypass security controls altogether. This was especially risky as it came at a time when those same users were being bombarded with COVID-19-related phishing emails and may have been using personal devices for work needs.

Changes to retail supply chains have also introduced extra cyber-risk. Retailers outsourcing parts of their IT to streamline infrastructure during the pandemic must keep a keen eye on compliance and security standards. GDPR regulators will simply not allow you to push responsibility for an incident onto a supplier.

As more consumers flooded online, so have the cyber-criminals. Those touting digital card skimming code have been particularly prolific; most notable was a coordinated campaign in September that saw an unprecedented 2,000 e-commerce sites compromised in a single weekend. It’s unknown how many customer card details were silently stolen as a result.

Hitting the customer

These risks extend to the customer sphere. As many retailers launched mobile apps or new functionality to their sites, our threat researchers noted a spike in fake apps masquerading as various real brands. Due to resource constraints, many retailers weren’t monitoring for this kind of activity, which is designed to harvest customer card and personal details.

On other occasions, scammers targeted the apps themselves, impersonating legitimate customers to make fraudulent purchases. Account takeover is a particularly popular strategy here, as it’s more difficult for a retailer to spot malicious activity if a user has already logged in and appears legitimate. In reality, scammers use ‘credential stuffing’ techniques, which means they try previously breached log-ins across a range of different websites until they find one they can unlock because the person re-used the same password. One report claims the retail sector accounted for over 90% of the 64 billion credential stuffing attempts detected between 2018 and 2020.

At a basic level, the pandemic provided fraudsters and cyber-criminals with a new group of tech novices who may be more susceptible to scams and social engineering, and whose IT hygiene may not be up to scratch. Consumers have also been more distracted, vulnerable, and emotional than ever—a perfect combination for attackers.

Fraud schemes have included simple fake sites set up to ‘sell’ hand sanitiser and face masks, but which harvest card and personal details instead. They have also stretched to more sophisticated plans to capitalise on omnichannel retail and the growing popularity of BOPIS to get goods to customers. In recent months, cyber-criminals have been known to buy card details that align geographically with the location of their ‘money mules’, so that these individuals can physically collect high value items fraudulently purchased for BOPIS.

Looking ahead

Faced with these varied threats, how can retailers continue to succeed without impacting staff productivity or introducing friction to the customer experience?

From an enterprise IT security perspective, it all comes back to risk management. Now is the time to take stock of your digital transformation efforts over the past few months and understand exactly where your data flows, where gaps in protection are, and which controls should be applied to plug them, both to shore up security and stay compliant with any relevant regulations. Visibility and governance must of course extend to any new cloud and mobile environments, third parties/suppliers, and potential ‘shadow IT’ (unauthorised IT applications) lurking in remote working environments. At the very least, working through these challenges can help security teams bring the conversation into the realms of the senior management team – having them bought-in will be essential to ensuring the necessary support and funding is available.

From a customer-facing perspective, now is a great time for retailers to take it upon themselves to educate consumers, so that they can better differentiate between legitimate marketing and phishing attempts. Enhance this with improved monitoring of social media and app stores for brand impersonation; new risk-based authentication measures for customers; and transaction fraud prevention via systems like 3D-Secure. Remember, fraud prevention should span across all commerce channels to ensure there is no potential single point of failure.

As we approach a vitally-important holiday shopping season, the bad guys are primed and ready to take advantage. In anticipation of this battle, retailers must act now to ensure they can limit the cyber and fraud risks they will inevitably face.

Coronavirus: Consumers ‘ignoring online fraud risks’

960 640 Stuart O'Brien

Consumers in the US and UK aren’t taking the necessary precautions to protect their online identity, instead prioritising convenience and speed of access to online goods and services over personal security.

That’s according to research conducted by YouGov in April 2020 on behalf of Callsign that surveyed more than 4,000 consumers in the US and UK, showing evidence of overconfidence among consumers in relation to their perceived strength and level of protection their credentials provide, with 77% believing their banking credentials to be the most secure, followed by online shopping (74%) and work network logins (71%).

Callsign says this overconfidence may also explain why many consumers failed to update their login details with more than half (52%) of online shoppers admitting they have no plans to update their login details, with this figure rising to 55% with online banking customers and 54% for employees that are working from home, remotely accessing their work’s networks and systems.

Key Survey Findings:

  • Risking It All for Toilet Paper – When in isolation and under pressure to buy scarce, staple items e.g. toilet paper, nearly one in four (26%) consumers in the U.S. admitted to overlooking online security concerns – using third-party online merchants – while one in five (13%) UK consumers admitting taking similar risks.
  • Remote Workers More Mindful of Business Credentials Over Own – U.S. and UK consumers (21%) were also found to be more likely to update work network login details over their own online banking (19%) and shopping (19%) credentials. While the disparity was marginal, this could be explained by employers’ willingness to provide staff with information and tools to update their login details, with almost half (45%) of respondents saying they had received this information when the pandemic hit – a figure that is higher (60%) for full-time workers.
  • Frictionless Digital Reality Still in Question – The research also highlights that nearly two thirds (61%) of respondents are struggling with business networks and systems access, while 60% of online shoppers confirmed a similar experience in the past month. This results in many hours of lost time for employees; it also leads to customers needing to call customer service representatives to resolve their issue – a group who are already contending with a limited crew due to social distancing. However, it appears that bank-grade security and authentication should set the precedent, with over half (52%) of people not having had an issue logging in over the last month.
  • Unemployed Struggling Most With Access – People out of work are finding it even harder than their peers to access services online in the last month, with 65% finding it challenging to log in and pay for their online shopping and 54% struggling with logging into their online banking – a concern when vulnerable groups such as this are the people who need these services most.  
  • Pandemic Weighs on Patience Increasing Churn – With consumer anxiety at an all-time high, there is little patience for a poor online user experience. In the last month alone, 20% of consumers switched to other brands due to a bad online shopping experience (e.g. failed payments, complicated log-in, etc.). While numbers were not as high for banking, churn was still considered significant, with 14% of U.S. consumers already agreeing they would make the switch. Although this was only 4% in the UK.
  • Vigilance Varies Among Markets – Americans were found to be more vigilant than their British counterparts, with one in four Americans updating their banking logins compared to just 13% in the UK. This is further compounded by the fact that two out of three (66%) UK banking customers have no plans to update their banking credentials, compared to 44% in the US.
  • Consumers Indifferent Despite Risk When asked ‘Has the COVID-19 pandemic and increased fraud influenced you to use alternative banking or shopping apps or websites with more secure measures?’, over three quarters (78%) of U.S. consumers stated ‘no or they didn’t know’ with 85% of UK consumers sharing a similar indifference about security.

Amir Nooriala, Chief Commercial Officer at Callsign, said: “With fraud escalating at a staggering rate, businesses cannot afford to sit back and watch. Consumers have enough to worry about regarding the pandemic; their security shouldn’t be one of them. As more and more people shift their lives online, businesses need to take responsibility while encouraging customers and employees to prioritize personal security – without adding in extra cumbersome identity checks. Companies must use technology that allow consumers to log in without having to deal with pesky one-time-passwords via text messages or long forgotten security questions which could result in them switching provider. With businesses on the brink they cannot afford to lose customers that way. Instead, they need to make identification and authentication as safe and easy as possible.”

Protect yourself against fraud with Utrust

960 640 Stuart O'Brien

Credit card fraud lost $24.26 billion in 2018 alone, and it has been growing leaps and bounds. You can never be entirely safe when your payment system depends on sharing private information online.

Utrust’s payment system relies on blockchain, an innovative technology that means never having to share private information. Your customer’s key stays safe with them.

Fraudulent chargebacks are also impossible. Transactions are final, managed solely by yourself and your customer. With decentralised digital currencies, there is no middleman.

Digital currencies were built for the digital age. Our security mechanisms are tailor made for ecommerce.

Join the future now.

http://utrust.com/fraud_management_lp

Frost & Sullivan names Forter ‘leader’ in e-commerce fraud prevention

960 640 Stuart O'Brien

Forter was named the leader in e-commerce Fraud Prevention and rated the highest for Innovation in the 2020 Frost Radar in the U.S. e-commerce Fraud Prevention Market.

Compiled by analyst Frost & Sullivan, the report highlights Forter’s real-time fraud protection technology that protects merchants while delivering an optimal experience at all consumer touchpoints.

“As e-commerce fraud continues to grow, the traditional approaches to fraud prevention that focus on transactions are no longer effective in stopping today’s sophisticated fraudsters,” said Vikrant Gandhi, Industry Director, Information & Communications Technologies, Frost & Sullivan. “Forter stands out in the industry for its ability to deliver a broad array of fraud prevention solutions, including account protection, payment protection, and policy abuse, protecting the entire consumer journey with an enterprise-class platform.”

Global e-commerce sales are expected to surpass $4 trillion in 2020, with the online environment as the preferred channel for fraudulent activities.

In addition to credit card fraud, the Radar notes that data breaches increasingly expose sensitive, personal information of millions of consumers, which is being used for account take over (ATO) fraud.

According to the report, “protecting retailers from e-commerce fraud by identifying high-risk transactions and supporting and protecting newer service delivery experiences are the two key focus areas,” with a critical emphasis on “the right balance between fraud management, business revenue enhancement and customer experience.”

Forter says it has pioneered the industry’s only solution assessing trust at every point in the consumer journey. The Forter platform, which annually processes more than $150 Billion in e-commerce transactions, provides the most comprehensive view of both legitimate consumer and fraudulent behaviour across enterprises and industries worldwide.

“The future of commerce is transforming from transactions into relationships, every time, everywhere. By assessing trust at every point of the customer journey and leveraging our global merchant network, only Forter can provide retailers with the real time intelligence needed to stop fraudsters in real time and enable the best consumer experience,” said Michael Reitblat, co-founder and CEO, Forter. “Being named as the leader in the Frost Radar further validates our approach in delivering the industry’s only enterprise-class platform that helps retailers build deeper customer relationships, eliminate fraud and unlock the promise of commerce based on trust.”