How fast can you find fraud? That is the challenge put forth by the RSA Fraud & Risk Intelligence team at RSA Conference 2017.
Why the emphasis on speed? Simply put, the faster an organization can isolate the source of fraud, the faster they can respond. And based on RSA's research, there is a gaping disconnect between identifying and investigating fraud.
As detailed in our new e-book, "Web Threat Detection Trends in E-commerce, A Guide to Improve Fraud Detection and Investigation," finding the source of fraud simply takes too long with more than 72% of organizations surveyed reporting it takes days or longer to determine the inception point of fraudulent activity on their website.
The result of all that undetected activity rapidly snowballs for retailers and related businesses. In the specific case of retailers, the risk/reward ratio is substantial, especially with e-commerce sales projected to eclipse $3.5 trillion globally within the next five years. Even a small percentage of incidents among retailers are cause for concern, as is the case for card-not-present fraud, currently expected to hit over $7 billion by 2020.
The threat of account takeover as a result of password breaches and credential replay attacks also looms large. Over three billion user accounts and passwords were compromised in 2016. With the practice of password reuse so common among consumers, any organization with a significant web presence is open to the risk of credential replay attacks that result in fraud.
Credential replay attacks are being helped along with automated account checking tools. In mere minutes, a fraudster can check thousands of stolen credentials, customize the list of targeted entries, and tailor the way each site is approached and checked. In fact, RSA has seen up to five percent success rates in account takeover attacks where stolen credentials from one site are used on a second site, meaning that a list of one million credentials will result in 50,000 hijacked accounts.
To counter these sobering outcomes, web behavior analytics can be used to dramatically improve fraud investigation. Web behavior analytics is an emerging technology designed to identify exactly these types of attacks and provide near real-time visibility into potentially malicious web and mobile sessions.
At RSA Conference, we will be featuring an interactive game which allows attendees to compete against others to see how quickly they find the source of high-impact fraud threats such as account takeover, API abuse and fraudulent payments. Leveraging a live, interactive demo of RSA Web Threat Detection, attendees can see for themselves how easily (and quickly) it can be to identify and investigate potential incidents of fraud.
There's no doubt organizations need better tools and visibility to act at the speed of fraud. Cybercriminals are fast, so organizations need to be similarly equipped to respond better and (even) faster.
So, how fast can you find the source of fraud? Come compete against your peers at RSA Conference.
We hope to see you in San Francisco!
Author: Heidi Bleau
Category: RSA Fundamentals, Blog Post
Keywords: Cybercrime, Cybercrime and Fraud, Fraud, Passwords