Holiday shopping fraud: five steps to sanity

High-profile, large-scale data breaches have underlined the far-reaching consequences of a hack. Cybercriminals aren’t just looking for access to the accounts they’re currently hacking, especially as they may offer little or no immediate financial reward. Relying on the fact that many people use the same username and password pair on multiple sites, they are looking for account credentials that can be used to target those account holders elsewhere – on popular ecommerce, money transfer or gaming sites, for example.

Once stolen credentials have been tested and verified (another abuse of your website), hackers will use them to make fraudulent purchases or transfers, or sell them on to other cybercriminals to do the same. New research shows an abundance of account credentials for sale on the dark market with prices ranging from mere cents up to USD 15 per account. These prices depend on a number of factors including the consumer brand, type of service, and whether there is a payment card saved on file.

This means that one organisation’s data breach can soon become an issue for other businesses too. In order to take to the next level the protection of your customers accounts, follow these five simple steps to sanity:

Understand the market for stolen data

The dark web works in the same way any other market does: it’s highly competitive and market forces influence the price of goods and services. Each type of credential has a price and cybercriminals will diversify when necessary – adding healthcare records to their inventory, for example. It’s not just the dark web though. Much of this data can be found for sale in plain sight on most social media platforms.

Use infinite factors to determine identity

Data breaches have proven time and again how vulnerable static data is as a form of identity proofing. In today’s interconnected world, every trace of metadata we leave behind in our digital journey can be leveraged as a better means to “know your customer.” Think about what you are doing today to validate your customer’s identities and what other attributes you could leverage to improve security. It could be the use of SMS text or biometrics, or even the way a customer navigates through your website.

Be prepared for credential testing

Just like other organisations, criminal networks are constantly looking for ways to operate more efficiently. Credential stuffing tools allow fraudsters to check stolen username and password pairs in moments. To help identify credential testing – which often heralds account takeover attacks – organisations should monitor web sessions for robotic behaviour, multiple login failures, and login attempts from locations that aren’t usually associated with normal traffic patterns.

Monitor for identity theft and account takeover

It is not unusual to see an account takeover outbreak after a large breach as fraudsters use verified stolen credentials to take over existing accounts – and even create unauthorised new ones.

RSA data scientists have studied fraud patterns associated with account takeover and new account fraud and found that new accounts have 15 times greater fraud rates in the first ten days. You can spot suspicious behaviour on existing accounts by watching out for logins from new devices, password and other account profile changes, and for banks and payment service providers, the addition of new payees which is when 70% of fraudulent payments are made (our data science team found that 70% of payments marked as confirmed fraud by customers were made to a new account or mule account).

Educate your customers

Be a “trusted advisor” for your customers when it comes to online security. For example, consider providing safety tips to customers on the homepage of your website or in promotional emails, which offer an easy process for them to report suspicious emails or offers. Demonstrating to customers that you care about their online safety helps to build brand loyalty.

Take a look at the 2018 Cybercriminal Shopping List below to learn more about the most popular account credentials in demand by cybercriminals and their current value on the dark market.

About Tim Ayling

Tim Ayling is the EMEA Director for RSA’s Fraud & Risk Intelligence division, where he is responsible for setting the EMEA strategic vision, sales, channel strategy and ensuring customer success for RSA’s fraud prevention solutions. Ayling has held roles in the information security and anti-fraud sector for over twenty years, with experience in both starting organisations from scratch in new markets, and steering them through a stable path in highly regulated markets. His experience spans the globe, with leadership roles in EMEA, Australia and Asia.

About RSA

RSA, a Dell Technologies business, offers business-driven security solutions that uniquely link business context with security incidents to help organizations manage risk and protect what matters most. RSA solutions are designed to effectively detect and respond to advanced attacks; manage user identities and access; and, reduce business risk, fraud, and cybercrime. RSA protects millions of users around the world and helps more than 90% of the Fortune 500 companies thrive in an uncertain, high-risk world. For more information, go to rsa.com.