First, the headline successes. Fraud conducted in the face-to-face retail environment continues to show a healthy decline trend (down 14% on the previous year) with card ID theft (down 19%) and cheques (down 35% off a rapidly decreasing base) also showing notable declines.  These figures show an industry that continues to tackle some of the key fraud issues head-on, however, there are still significant challenges that need to be addressed, writes Vaughan Collie, Partner, Accourt – Payments Specialists.

On the downside, e-commerce and online banking continue to be areas of material concern.

E-commerce fraud has increased by 14%, continuing its worrying upward trend. These figures show an above average fraud-to-sales ratio (i.e. a common industry indicator of how much fraud loss is experienced for every unit of sales) in an industry where online commerce continues to grow exponentially and, with the increasing popularity of commerce through mobile devices such as smartphones and tablets, this remains an area of significant concern.

Annual fraud losses on UK-issued cards 2008 to 2014 (Source FFA UK)

Online banking fraud has also shown an eye-watering increase of 48%.  One of the key drivers of this is a criminal element adept at basic, low-tech social engineering, preying on unsuspecting, sometimes gullible and vulnerable consumers – making this type of fraud relatively difficult to defend against (especially with legacy fraud management products and techniques).  This is primarily due to the ability of the criminals to bypass the safeguards put in place by the banks and other financial institutions once they’ve stolen sensitive information and/or credentials from consumers via these social engineering techniques.

It is not difficult to see the common element between the highest impact fraud losses is the underlying online ecosystem.  This ecosystem remains popular with criminals due to its inherent detachment from face-to-face interactions (often perceived as more risky) and relatively easy attack scalability coupled with, perhaps most importantly, the relative ease of exploiting human fallibility, especially in technology-enabled channels.

Fortunately, there are a number of advanced tools and techniques that service providers in the online ecosystem can employ to detect, mitigate against and, ultimately, stop future attacks.  However, there are so many products and services available in the market place and this makes it extremely difficult to determine which products, services, tools and techniques are most appropriate and effective at addressing the prevailing threats.  Many of the products and services have been available for a long time and have failed to adapt to the rapidly changing landscape of threats.  Technology and products that used to be good not that long ago are now less effective.

Annual online, telephone banking and cheque losses 2008 to 2014 (Source FFFA UK)

Furthermore, the P&L challenge to fraud managers is (rightly) changing dramatically.  Whereas fraud management was traditionally seen as a necessary cost of doing business, with very limited ability and budget to materially and positively impact an organisation’s fortunes, modern technologies and best practices enable dynamic fraud managers to positively contribute to the bottom line, but without adversely impacting the organisation’s fraud profile.  Done right, this means that an organisation is able to, for example, enable authorisation of more good sales volume and/or decrease the friction of consumer interactions – all without adversely impacting that organisation’s risk and fraud profile.

How can Accourt help?

• As a vendor/product independent organisation, Accourt advises on and conducts many vendor and product evaluations, particularly in the payments fraud management ecosystem.
• Accourt is at the forefront of the emerging and break-through fraud detection and management technologies across all geographies.  With a bedrock understanding of payments across the entire payments value chain, Accourt is consistently able to cut through to and isolate the core value and differentiators of market products, thereby objectively distilling market-leaders from the rest.
• Accourt’s focus is always an integrated approach, most effectively combining the product and operational aspects of the undertaking to its clients’ benefit.
• Recognising that many organisations cannot decommission existing products, Accourt has significant practical and pragmatic experience in how to engineer a complementary fit of newer products and technologies alongside the existing legacy.
• The focus on omni-channel commerce and customer service has further challenged legacy products in the fraud management ecosystem.  Accourt is able to independently identify and advise on those products that have managed to overcome and address this challenge.
• Coupled with industry-leading fraud management knowledge and experience, Accourt is steeped in deep operational knowledge and experience of chargeback optimisation and implementation.  An integrated approach to fraud and chargeback management generally returns greater operational and financial benefit than a ‘silo’ approach.

The post Online fraud – an unrelenting, unforgiving battleground… appeared first on Accourt Payments Specialists.

• Cybercriminals used the names of well-known banks in 16.3% of attacks; in 2013, the level of bank phishing was 22.2%
• In the Payment Systems category, cybercriminals mostly targeted data belonging to users of Visa cards (31.02% of detections in the Payment Systems category), PayPal (30.03% of detections) and American Express (24.6%)
• The names of well-known online shopping sites were used in 7.3% of attacks (6.5% in 2013)
• In 5.1% of cases, Kaspersky Lab’s protection technologies were triggered by phishing pages mentioning payment systems, which is 2.4 percentage points more than in 2013
• The proportion of financial phishing detected on Mac systems increased by 9.6 percentage points compared to the previous year, representing 48.5% of all instances in which the anti-phishing component of Kaspersky Lab security products for Mac OS X was triggered

Distribution of instances where anti-phishing technologies were triggered in Kaspersky Lab products in 2014

Phishing is a type of Internet fraud that is used by cybercriminals to lure users into providing their data (account logins and passwords and other personal information) by creating fake web pages to imitate popular online resources.

Last year, the proportion of financial phishing to all phishing attacks fell by 2.7 percentage points compared to 2013, primarily due to a decrease in the level of banking phishing. At the same time, there was proportionally more phishing targeting other financial categories.

In the Payment Systems category, cybercriminals mostly targeted data belonging to users of Visa cards (31.02% of detections in the Payment Systems category), PayPal (30.03% of detections) and American Express (24.6%). A the same time, in 2014 detections for phishing pages mentioning PayPal saw their share fall by 14.09 percentage points compared to 2013.

Distribution of instances where anti-phishing technologies were triggered in Kaspersky Lab products in 2014 – Payment Systems

Amazon remains the most commonly-attacked brand in the Online Shopping category – 31.7% of attacks in this category used phishing pages mentioning Amazon. However, this is 29.41 percentage points less than in the previous year.

“The rise in financial phishing that we saw in the past has naturally drawn a response from the brands most frequently abused in phishing scams – they are beginning to tackle phishing distribution channels, especially email spam, more actively,” says Nadezhda Demidova, web content analyst at Kaspersky Lab.

“That leads to a reduction in the levels of phishing that targets some of the larger brands. However, cybercriminals immediately responded by targeting new ‘markets’. For example, in 2014 we saw a large number of phishing scams based on websites that sell plane tickets. These are targets that used to be seen fairly infrequently in phishing scams.”

Kaspersky Lab experts have also recorded an increase in the proportion of financial phishing attacks against Mac OS X users. Overall, about 48.5% of all phishing attacks detected on computers with Kaspersky Lab security products for Mac installed on them were designed to steal financial data. In particular banks were mentioned in 29% of attacks, payment systems in 11.21% and online shopping sites in 8.32% of attacks.

You can find information on other changes in the 2014 financial cyberthreats landscape in the full text of the report on Securelist.com

Modern phishing websites are getting more and more sophisticated, making them very hard for users to recognise. That is why we recommend using an Internet security solution with an advanced anti-phishing technology in place.

The anti-phishing module is included in key Kaspersky Lab products for home and corporate users, as well as Kaspersky Fraud Prevention – a platform created specifically to protect banks from online financial fraud. Its three components – anti-phishing databases, Kaspersky Security Network and heuristic analyser – provide robust protection against phishing. The module’s effectiveness has been confirmed by independent test labs.

The post 25% of phishing attacks in 2014 targeted financial data appeared first on Accourt Payments Specialists.