In a crisp explanation of account takeover and authentication risks, George and Robert Capps, Vice President, Market Innovation, at NuData Security. They discuss the findings of a recent NuData report and its experience with the sophistication of online fraudsters. NuData’s techniques are all about foiling cybercriminals as they bang at the front door of financial institutions, merchants, streaming services, and more.
Payments on Fire® listeners know that we’ve been taking a steady look at fraud issues over the past few years. Fraudsters have been pouncing on every opportunity, taking advantage of pandemic relief payments as well as the shift from card present to card not present, remote commerce transactions. If this topic didn’t matter, we wouldn’t be talking about it.
Measuring and detecting what the fraudsters are up to and their impact is critical. To better understand what’s going on, we speak with Robert Capps, Vice President, Market Innovation, at NuData Security, a company that specializes in behavioral biometrics.
NuData published in Q3/2020 its e report on cybersecurity trends. And the findings are really interesting.
What They FoundThe current scourge is account takeover. ATO is a concern for financial institutions, for retailers, streaming media companies, and more.
Attack method sophistication goes well beyond reuse of stolen user IDs and brute force password guessing.
It is an arms race of increasingly complex and sophisticated attack and detection techniques.
NuData and others have expertise in behavioral analytics, tools that detect, among other things, bots that are build to emulate human interactions at the account login page. The use of CAPTCHA is one technique to deter these attacks. But the fraudsters have responded, going so far as to establish call center-scale operations with staff endlessly filling in CAPTCHA forms to add the human touch and smarts in what are otherwise highly automated ATO attacks. This is human farming to get around CAPTCHA and other rudimentary defenses.
Financial institutions and retailers aren’t the only targets. In this age of stay at home orders, streaming services have become targets of opportunity. Parasitic use of streaming service accounts has risen as the fraudsters sell streaming service account credentials.
The Defender’s Balancing ActThere are dedicated professionals working on both sides. But the defenders have the harder job. Besides having to protect every door and window, they also have to keep it simple for good users to transact. Adding friction to a transaction flow increases the shopping cart abandonment rate. That’s bad for the ecommerce merchant and insults the customer. It’s a tough balancing act.
Part of that balance is handled by “step up” authentication based on the level of risk. A bank might let a session proceed to a balance inquiry without asking for further customer input. But if a new payee is added to the account, the bank might insist on sending a one time code to the customer via email or SMS.
Getting to Good ASAPProviders of authentication services see activity from a lot of devices. Building profiles based on these devices and the many variables surrounding each transaction, they use the profiles to efficiently track the behavior of each in order to separate the known good profile from the questionable.
A technique to “get to good” faster is to pool that profiling information in anonymized form from across all of the clients who agree to participate.
COVID ImpactRobert discusses the shifts in fraud given the pandemic. As a percentage of transactions, fraud increased substantially in the travel segment. And for those retailers operating in the physical world the shift to e-commerce was sometimes overwhelming. That’s a story we’ve heard a lot at Glenbrook. Check out our COVID Series book.
Podcast transcript
Episode 159 - The Top KPI of International E-Commerce - Ralph Dangelmaier, CEO, BlueSnap
Episode 158 - The High Pain of Push Payment Scams - PJ Rohall, Featurespace
Episode 157 - Experts Deep Dive on Financial Health and Inclusion
Episode 156 - How to Make Financial Health a Reality - Mimi Joy, Financial Health Network
Episode 155 - Enabling Payments Operations and the Multiplayer Fintech Ecosystem - Dimitri Dadiomov and Rachel Pike, Modern Treasury
Episode 154 - Fighting Disruption in Merchant Services with Payments Tech - Kyle Pexton and Nick Starai, NMI
Episode 153 - How to Make B2B Payments in a Few Lines of Code - Brady Harris and Adam Steenhard, Dwolla - Payments on Fire® Fintech Series
Episode 152 - The Fast Payments Imperative - Elizabeth McQuerry, Glenbrook and Craig Ramsey, ACI Worldwide
Episode 151 - The Fintech Network Built for SMB Payments - Marwan Forzley, Veem
Episode 150 - How a Fintech Speeds the Logistics Industry - Robin Gregg, RoadSync
Episode 149 - Bringing Data to Secure A2A Transactions - Eli Polanco, Nivelo
Episode 148 - The Fintech Bringing Crypto and Diem to Payments Users - Ran Goldi, First
Episode 147 - The Apps of the Card World: Closed Loop Prepaid - Dom Morea, Fiserv
Episode 146 - Multiplayer Fintech Builds a Winning B2B Service - Robin Gandhi, TripActions
Episode 145 - GPay's Impact on Every Stakeholder: Way More Than a Wallet - Steve Klebe, Google
Episode 144 - Innovation in Fast Money: 4th Annual RTP Network Update - Steve Ledford, The Clearing House
Episode 143 - The Buy Now Pay Later Challenge to Credit Issuers - Chris Bixby, Sezzle - Payments on Fire® Fintech Series
Episode 142 - Don’t Miss Out on Faster Payments, The Next Big Shift in Digital Payments - Russ Jones, Glenbrook Partners
Episode 141 - The Data Driven Money Supply Chain - Keith Smith, CEO, Payability - Payments on Fire® Risk Series
Create your
podcast in
minutes
It is Free
The Commercial Edge: Unleash the Power of People
The emPOWERed Half Hour
U.S Property Podcast
Aligned Money Show
Gorse Culture PODcast : The H.R. Detective Agency!
The Ramsey Show
Planet Money