Protecting the services and ecommerce sites your customers interact with is critical to your digital business. With data breaches up 164% in the first half of 2017 and holiday shopping season nearly upon, there is no better time to tackle the issue of digital fraud and cybercrime.
Hence, this two-part blog series about defending your digital universe is all about what businesses can do to better understand and identify cybercriminals—how they think, how they work, when they're after you—and top tips on how to defeat them. Part 1 showed you how to get to know your enemy, and now we’ll look at how to defeat them.
Five Tips to Defeat Your Digital Adversaries
1. Understand and Avoid Business Logic Abuse
Fraud does not only occur at the transaction level. It has the potential to occur the moment a user hits your web page. Many precursors to fraud, such as DDoS attacks, web scraping, and HTML/script injection, occur at the pre-login stage and that can indicate a high potential for business logic abuse—the hijacking of normal application flows for illegitimate purposes.
Business logic abuse is not easily identified by traditional security software, so it’s essential to prevent these attacks from occurring in the first place. A good example of a business logic abuse attack is coupon stacking in the ecommerce world. Combining good coding practices with a solid understanding of your application flows and transaction processes is essential to prevent cybercriminals from abusing your website to commit fraud.
2. Put your Omni Goggles On
When building your omnichannel strategy, you’ll be thinking first and foremost about the new business models you can achieve. But you also need to think about omnichannel fraud management from the outset, especially in connecting with partners and aggregators.
If there's one thing we can be certain of, it's that cross-channel attacks will grow. This is why visibility into device reputation (e.g., has this particular mobile, tablet or computer previously been used to commit fraud) and user behavior across channels is critical. Now is the time to invest in centralized fraud management that can leverage input from all anti-fraud tools used across your channels.
3. Use the Buddy System
Visibility isn’t just about what’s going on in your own organization—it also means understanding fraud activity within the context of global, cross-industry threats. For example, fraud intelligence feeds can tell an organization if an IP address or account has been involved in confirmed fraud, or if a shipping or email address has been used by a known reshipping mule.
Collective intelligence is a powerful tool—sharing helps everyone improve their fraud detection and means we win as one.
4. Recognize the Value of a Whole-Organization Approach to Security
Change the internal conversation. Rather than looking at cybersecurity and fraud management as an overhead, think instead of the positive contribution they make to your bottom line by reducing fraud losses, improving the customer experience to drive revenue, and protecting your business reputation.
Once you do that, it’s much easier to get buy-in from the whole organization and establish close cooperation between different departments (after all, what looks like benign activity to one group may be a significant problem when viewed holistically). Combining the information security team’s technical knowledge with the fraud team’s view of criminal behavior, for example, could bring valuable insights.
5. Step It Up… Carefully
Effective fraud management is a balancing act between minimizing losses and reducing customer friction. Be clear in establishing your organization's tolerance to risk, then tailor your interventions to your threshold.
Whether your risk tolerance is high or low, you can always work on improving the customer experience with consumer-optimized authentication methods such as fingerprint or voice recognition, or in-app OTPs (one-time passwords) based on your user populations, segmentations, and regulatory requirements.
Ready to Prevail?
Cybercrime is on the rise, and our online infographic shows the global scale of the problem. If you’re ready to commence battle, why not get in touch and see how RSA solutions can help you prevail?
Author: Angel Grant, CISSP
Category: RSA Fundamentals, Blog Post
Keywords: Cybercrime, Cybercrime and Fraud, Cybercriminal, National Cybersecurity Awareness Month, RSA Fraud & Risk Intelligence Suite, eCommerce, Data Breaches