May 1, 2018
[Editor’s Note: May is Account Protection Month at Card Not Present (sponsored by NuData Security). Account takeover and new account creation fraud are indicative of a growing trend. Merchants whose fraud protection is focused solely on transactions are missing a growing number of difficult-to-detect attacks occurring at login. Check back here throughout the month for updated content aimed at helping merchants understand how attacks at the account level are affecting their business and how to stop them.]
You can spend hours looking at an abstract painting and think of a hundred different interpretations, but unless you get inside the artist’s mind, you will hardly scratch the surface of what they really mean.
Understanding your fraud without the right data can be just as frustrating. The good news is that, same as art, you can learn to comprehend it and use that knowledge to stop attacks before they hurt your business and customers.
When companies look at their fraud, they normally focus on chargeback requests, customer claims, or the mysteriously vanishing rewards and wonder how they happened. These are only symptoms of a bigger threat. Attacks lurk under your traffic for days, weeks and even months before they damage you.
Stopping fraud before it gets to the transaction level—that is, blocking it upstream—is becoming the best strategy to protect your environment while you offer a seamless experience to your customers. This can be done because fraud can be spotted well before a transaction takes place.
Bad actors roam around login and account creation interfaces well before they make a purchase or other fraudulent transactions. These placements provide crucial information to fraudsters—and most companies don’t have visibility into this activity. For instance, the account creation interface tells a fraudster if an email address is in use, so they can make sure an account exists before they put any effort into it.
A suspicious password update or a sudden shipping address change are some of the activities you can monitor before a potentially fraudulent activity causes any damage to you and your legitimate customer.
Fraudsters also can test if a password they purchased on the dark web works or not in just milliseconds. These pre-transaction activities are normally automated and happen at a large scale without leaving any trace—unless you have the right tools in place to find those traces.
In the 48 hours before this article was posted, we saw ten million credential-testing attempts against the login interface of one of our clients. Credential testing and other credential-based attacks yield an average of 1-2 percent working username and password combinations. If these ten million testing attacks had gone through, they would have provided the right credentials to open 20,000 fraudulent accounts—just think of how many chargeback losses that can translate into.
Most businesses only measure their successful logins and don’t have visibility into the unsuccessful ones. Unsuccessful logins, however, can yield actionable information. For example, before one account was finally opened, it was attempted 240 times in 24 hours and from 178 IPs. A business that was aware of that could block that login attempt before it was successful.
Fraud is more than chargebacks and customer claims. It starts upstream, beneath the water, where most companies don’t have visibility.
This month, and during our webinar, we will be talking about how you can stop fraud before it affects your customers: blocking it upstream before the bad actor gets to the transaction and offering a seamless experience to your good users.