CNP Expo: Hostile Takeover
May 19, 2015
Account takeovers pose a major threat to online businesses. Panelists at a Tuesday afternoon session of the 2015 CNP Expo said spoofing someone’s identity in an effort to use their account represents 4.3 percent of all login attempts. Account takeovers have “become a tremendous risk to any institution,” said moderator Seth Ruden, a senior fraud consultant for payments processor ACI Worldwide.
“We have this information sold on the Internet at very cheap prices,” said Ruden. “And, half of all consumers use the same account numbers more than once.”
Merchants need to come up with strategies to attack this emerging threat, said Denise Pollock, a senior fraud manager at Walmart Global E-Commerce.
“When you’re deploying both your web and mobile programs, make sure you’re in sync with each other,” said Pollock, whose company hosts 45 million visits a month to Walmart.com. “Monitor the good and bad activity. Web analytics tells us a whole lot. You can leverage it. We want our good consumers back on the site,” she said.
Panelists cited phishing as a major attack vector and, according to Brad Malloy, a fraud investigator for video-game publisher Riot Games, the company issues repeated warnings to consumers about giving out personal information via email. Account takeover has evolved into a major fraud type for the same reason other fraud has come to the fore: it has become easier than the alternatives.
“Fraud is big business. They’re out to make money,” Ryan Wilk, director of customer success for NuData Security said. “The criminals are going to look for the cleanest path.”