Meltdown and Spectre Chip Flaws Raise Fraud Flags
2017 saw its fair share of rollercoaster moments in online fraud, including hacks at Equifax and Uber that potentially placed the personal data of millions of customers right into fraudsters’ hands. Unfortunately, it looks like 2018 might be shaping up to be just as eventful: As soon as the year began, news broke that security researchers found major flaws — called Spectre and Meltdown — in chips used in billions of computers, mobile phones and tablets around the world. Since then, companies like Apple, Google, Microsoft and other major tech players have scrambled to issue patches and software updates to prevent hackers from taking advantage of the vulnerabilities. But are they too late?
The Spectre and Meltdown chip flaws affect most devices on the market (in fact, Apple has announced the flaws affect ALL of their iOS and Mac devices) by allowing unprivileged code to read data it should be not be able to, including secret keys and other sensitive data. At this time, there is no evidence that fraudsters have exploited the flaws. But experts warn hackers could soon attempt to exploit devices that haven’t been updated.
Consumers who keep their web browsers, apps and devices up-to-date should be protected from potential fraud attempts. However, millions of users remain vulnerable either due to ignorance, refusal to make device updates due to related device performance issues, or by falling victim to the slew of phishing attacks already connected to the Spectre and Meltdown fiasco.
Hackers looking to take advantage of these chip flaws need access to a device before they can steal information from it, but once they are able to gather the personal information they need, they can use it for fraud attempts. The most notable fraud type consumers and businesses may need to be concerned about in conjunction with the Meltdown and Spectre chip flaws is account takeover fraud.
Also known as ATO, account takeover is defined by a fraudulent entity using hacking, phishing or other illegal methods to gain access to a legitimate account and then using the account holder’s registered payment information or other privileges connected to the account to purchase goods and/or take out loans. ATO fraud has seen a drastic rise in recent years due to frequently changing technology and increased security breaches, and the Spectre and Meltdown debacle will no doubt add to the concern regarding this type of hard-to-detect fraud.
Businesses that wish to protect themselves and their reputations in a crime-laden world depend on fraud prevention software companies like RISK IDENT. Device fingerprinting solutions like DEVICE IDENT and machine learning fraud prevention solutions like FRIDA work quickly to detect when ATO fraud is happening and deliver the results in real-time so fraud managers are able to stop fraudulent activity before losses occur.
Though it’s still too early to tell whether or not Spectre and Meltdown will have an impact on ATO fraud rates, the chip security issue is just one more reminder that businesses would do well to protect themselves from possible threats in this ever-changing technological world.
To find out how your business may be able to benefit from RISK IDENT’s collection of fraud prevention products, contact us at firstname.lastname@example.org.