Online Fraud Detection

Online fraud detection-what can you do about it?

You venture into various online platforms every day making several online transactions—unaware of all the trouble that looms in those websites.

The card fraud losses incurred by banks and other merchants are expected to sum to a total of $31.67 Billion worldwide by 2020—which is a 45% rise from the loss incurred in 2015 according to Forbes. So, it suffices to say that online frauds are showing no signs of slowing down and with the rapid growth of digital communication and online payments, you are constantly at a threat to be a victim of fraud.

But, you don’t have to be. With the right awareness, security protocols, Identity and Access Management solutions—you can empower yourself with the right tools for online fraud detection.

How do online frauds take place?

1.  Online payment fraud:
   This is indeed an era of card payments, be it swiping your card at a store or making a Card Not Present (CNP) transaction on an online portal. While card payments provide feasibility, it is also susceptible to fraudulent actions. Some of the common card frauds are as below:
   i. Lockout transactions: Using an online card number generator, credit card numbers are typed onto a website and when a valid card is found, huge sums of money are charged to it.
   ii. Chargebacks: an online transaction is made using a credit card/debit card, and after delivering the purchased item, the user makes a chargeback request from the bank. This causes huge losses to businesses that cannot reverse the chargeback irrespective of their verified online transaction.
2. Data breaches:
   Data breaches have become a common reality today with a headline reporting one every other day. There are multiple causes for a data breach within an organization which can further lead to several online frauds.
   In an organization where many employees are provided access to several applications containing sensitive information, breaches can occur when an employee with wrong access decides to violate his privilege of information.
   Credential stuffing is another major contributor to data breaches where hackers try to login to your network with a bunch of credentials at their disposal and finally manage to crack open an account.
   Malware that infects digital devices can crawl into your systems and mine the information critical to you.
3.  Identity theft:
   Identity theft is when a hacker poses to be someone you would trust to extract sensitive information from you.
   This can occur in several ways. Phishing has been a rising technique where the hacker may send an email claiming to represent a bank or someone from your office whose email ID would be similar to the legitimate email ID and demand necessary information from you—which you may give away due to the factor of trust that exists with the said user.
4. Unsafe websites:
   We live on the internet today and interact with websites on a daily basis. Sometimes, unknowingly you may interact with an unsafe website. A common indicator of such a website is the lack of a TLS layer wherein the web address starts from HTTP: // instead of HTTPS: //—as a result of which the information shared on it is not encrypted.
   This means the website can possibly store your personal details like social security number, card details and other details sensitive information which can land up on the dark web for sale for further attacks.

What can you do to prevent it to become an online fraud detection ninja?

Follow best practices with card payments.

• If you are a merchant who enables your customers with the option of card payment then few services like AVS and CVV verification can help you authenticate the legitimacy of the user. In an Address Verification System, the user must provide the billing address for the transaction which is cross verified with the address of the bank.
• Card Verification Value is a 3 or 4 digit present of the card and only the one who has the card can know the number. This measure of safety ensures that even though it is a Card Not Present (CNP) transaction—the transaction is made by the person who has the card.
• When a large transaction is made on a card, it must go through an additional authentication process as this is a common reflex of a fraudster to extract as much amount as possible from the stolen card before it comes under scrutiny.
• 3-D secure which is also known as Payer authentication allows verification of a user’s identity using a PIN which is unique to them.
• All online payment systems must comply with the Payment Card Industry Security Standards Council (PCI SSC) council which provides policies on how to handle the information of a cardholder and thereby protecting the user against any data theft or misuse of information by the merchant.

Identity and Access Management solutions can pave the way towards safe online interactions:

Identity and access management initiatives: Identity and access management solutions strive to secure identities while making providing the right access in the right way. IAM has now evolved into a space that applies intelligent solutions to determine possibilities of fraud using machine learning and provide security to users.

According to Gartner,

By 2025, the primary role of 60% of fraud leaders will shift focus from simply adhering to governance, risk, and compliance toward creating an environment of trust and safety where customers can transact, interact and communicate, up from less than 5% today.

This shows the shift that is happening in the industry towards a more digital approach.

Solutions that can help you prevent and detect online fraud:

• Password managers: An efficient password manager, eliminates the hassles of remembering multiple passwords. This also eliminates unsafe password habits like noting them down on paper which can be easily stolen and used to launch data breaches using your own account.
• Authentication: Only because a transaction is an initiation from a known username using the correct password, does not imply safety. The identities of the users have to be verified using multi-factor authentication which leverages what you know (PIN), what you have (token), what you are (biometrics), where you are (location), what you do (picture password)—these add an extra layer of security—now the hacker will not be able to access data with just the credentials!
• Authorization: Once the user is authenticated, governance policies are set based on which the accesses to applications are provided. These policies are set based on a user’s role and assigned by managers such that only entitled users are provided the accesses as defined. Co
• Lifecycle management: Lifecycle management enables provisioning accesses from day one, deprovisioning the accesses and managing them based on the user’s movement within the organization. Orphan account management is an important aspect of this. Here the accounts which have no claim can possibly lead to a takeover by an imposter who may violate the accesses present in it.
• Contextual analysis: Here, the accesses of all the users are constantly monitored such that an unfamiliar behavior which may be login at an unusual time, from an unusual location, can possibly indicate an act of breach. These are presented as risk scores and based on predefined levels, multiple levels of authentication have to be carried out to ensure the user’s identity.
• Dashboards that help you remain compliant and audit-ready. These dashboards provide a comprehensive platform to view the accesses. According to Gartner, it is imperative organizations have a centralized decision platform to ensure that data attributes and patterns of behavior can be correlated across all channels.

Don’t let online frauds crawl into your safety, empower yourself with the right solutions and remain secure.

Preethi Anchan