Surviving new cybercriminal fraud tactics takes greater stealth and sophistication

Surviving new cybercriminal fraud tactics takes greater stealth and sophistication

 

With data breaches, identity theft and account takeover becoming more the norm rather than the exception, businesses need to re-think their fraud prevention methods.

2017 was bad enough in the world of fraud, with identity theft reaching “epidemic levels”. But 2018 is panning out to be a whole lot worse: identify theft rates have now hit a record high. Gone are the days when shredding letters from the bank and credit agencies before discarding them is enough; more than four in five identity theft cases are now committed online, and nobody is safe from the damage.

Fraudsters have come up with clever and methodical ways to steal personal information on unassuming victims in order to carry out their online scams. Some of their methods include scouring social media sites for password hints and other information (a mother’s maiden name, for example), remotely hacking computers, and outright buying valuable information on the dark web. And these sinister actions are only the beginning.

Rampaging with stolen data

Once identity data has been stolen, fraudsters are able to create new accounts online or, even worse, use the personal information to hijack existing accounts. The latter, known as account takeover fraud (ATO), allows the fraudster to use the registered payment information and other privileges connected to the account to gain access to money and goods.

It’s a very difficult type of fraud to detect because the fraudster masquerades as the legitimate user, hiding behind his or her good history. Add into the mix the fact that the fraudster’s activity is sometimes even interspersed with transactions made by the legitimate owner, and you can see how incredibly complicated spotting ATO fraud can be.

Another tactic fraudsters commonly use is targeting email accounts, which often act as the anchor to victims’ entire online lives. Once a crook gains access to an email account, he or she can then break into multiple accounts across a vast range of online businesses, as email accounts contain everything from addresses to birthdays to saved payment information. These details alone constitute everything one needs for online fraud, and the resulting losses and damage are often irreparable.
Consumers need to tighten their defences

Successfully thwarting ATO criminals who pose as trusted users is becoming one of the largest headaches in the fraud prevention world — especially given how the problem with account takeover fraud originated.

As a way to reduce customer friction and boost sales, businesses around the world started allowing consumers to store payment details online for subsequent purchases. This benefits users, who enjoy convenience, as well as merchants, who enjoy customer satisfaction and repeat purchases. But the user ID/password combination often used to secure customers’ accounts created a vulnerability that fraudsters were quick to exploit.

See the whole article published by information age