PCM Vol.2 - Issue 4

More documents

Recommendations

Info

Expert Interview Vanita Pandey is the vice president of products at ThreatMetrix. Prior to that, she worked at leading financial institutions like Visa, Capital One, Standard Chartered Bank and ABN Amro Bank. Vanita holds a bachelor’s degree in physics from the University of Delhi and an MBA from UC Irvine. Vanita Pandey VP Product Marketing, ThreatMetrix With the growth of online and mobile transactions outstriving brick-andmortar commerce there are also more challenges players in payments world must face. We talked to Vanita Pandey who gave us a very good insight into the current cybercrime and fraud domain. What are the greatest fraud-related challenges merchants are facing today? Merchants are operating in a global economy where they have access to consumers from all corners of the world. Meanwhile, the fraud climate is complex and ever-changing, and it is hard to keep up with the sheer quantity of intricate technical mechanisms employed by cybercriminals to gain access to data. In a post-data breach world, identity information, payment credentials, account credentials and responses to security questions are widely available for purchase in bulk. Complete fraud exploits and zero-day attacks are also easily available on the black market for outright purchase or as a fully hosted/ managed service. Alarmingly, these fraud offerings come with online help and full technical support. Fraudsters use multiple attack vectors (the method of attack) and attack surfaces (the components on which the attack is launched) to create fraud attacks on merchants. The attack vectors include stolen credentials, device malware (to distribute attacks), web threats (BOTS, proxies, hidden VPNs, scripts, etc. that enable attackers to mask the attack source) and mobile application vulnerabilities. Attack surfaces are the transaction components that are vulnerable to third-party interference and include the device, the transaction, the transaction context and the mobile app. By combining these attack vectors and surfaces, fraudsters are able to create endless combinations of attacks that cannot be mitigated with disparate point solutions, making multi-dimensional insight crucial. How do fraud and authentication issues impact e-commerce and our struggling economy? As more transactions move to connected devices, the digital channel is now the biggest driver of growth for retailers. In a digital world, merchants are able to form closer and more personal relationships with their customers. E-commerce and mobile commerce are both inherently data driven, and merchants are able to track and manage a lot of information about their customers. At the same time, customers are increasingly open to supplying more personal information with their trusted merchants. This has made merchants the target for attacks using stolen identities and credentials as well as attacks looking to steal consumer information available to the merchants. As such, cybercrime attacks are no longer purely transactional. Fraudsters operate in complex criminal networks, sharing information and intelligence worldwide to increase their success. 010
Following the regular and high profile breaches of companies, personal credentials have flooded the dark web, ready to be bought up by the next criminal gang. These myriad pieces of personal information can be stitched together with data from further attacks to build convincing identity profiles that easily defeat static identity checking systems. Fraud and authentication issues now have a broad impact on a business’ bottom-line. Merchants need to balance friction with user experience. Protecting the identities of users and employees means ensuring that only legitimate users gain access to the business platform. Do you see criminal activity such as fraudulent new accounts, unauthorized account access and card-not-present transactions as a greater threat to enterprise or the average consumer? These criminal activities impact both the enterprise and the customers involved. I believe that we are now living in a world where access to digital services is now an integral part of one’s daily life. The impact of a potential attack on a merchant is mostly financial, unless they have been involved in a large-scale breach or have been targeted by an organized gang. In that case, there are downstream brand impacts that the business has to deal with. Consumer impact, however, is more personal. In many cases, the consumers may be protected from the financial loss but the non-financial impacts can be severe and far-reaching. We fundamentally believe that the end users don’t differentiate between a network security failure or an account authentication failure, they simply care about the negative and far-reaching consequences of fraud. It is up to businesses to adopt robust fraud and security strategies that protect their end users, as well as secure their own revenue and growth. Users are increasingly demanding friction-free online experiences while expecting their transactions to be safe and secure. Businesses must ensure that the protection they put in place doesn’t end up creating a barrier to doing business. What can consumers do to protect sensitive data and what should they do if their account details are exposed? Consumers need to be aware of where they have left their digital footprints and personal credentials. Leaving seemingly benign but critical sensitive data on public sites is probably one of the biggest mistakes that an average consumer makes (taking a quiz on social media and giving permission to the app without realizing, or joining a free Wi-Fi network in a public area and giving permissions, for example). These seemingly unrelated data points are being stitched together by the fraudsters to sign up for services, make purchases or request instant loans. In the event that one’s account details are exposed, it is crucial to go back and change the password and other critical information on all sites and apps. How does leveraging the collective power of your global client base assist in enterprise risk mitigation? Cybercriminals have been fast to leverage the network effect and selforganize to exploit lax security and weak fraud prevention solutions. We believe that it takes a network to fight a network. ThreatMetrix offers businesses a single fraud and security solution consisting of several tightly integrated fraud prevention technologies that support robust user authentication without adding friction. The ThreatMetrix platform includes multiple forms of device identity, malware protection, web threat protection, reputation and behavioral analytics. The ThreatMetrix Digital Identity Network is the foundation of our solution and leverages anonymized global shared intelligence from daily consumer interactions including logins, payments and new account originations. The Network harnesses real-time shared intelligence from billions of transactions collected against tens of thousands of The cybercriminals’ technical mechanisms are intricate. 011
Page 1 and 2: PCM YOUR GATEWAY TO THE WORLD OF PA
Page 3 and 4: Contents thoughtleaders spotlight 1
Page 5 and 6: it altogether. To put it simply, Bi
Page 7 and 8: positive rate is often higher as th
Page 9: Because VCNs can only be used for a
Page 14: Spotlight Think you have what it ta
Page 17: This is a very exciting time for th
Page 20 and 21: Events Copenhagen - Denmark This is
Page 22: Payments & Cards Network Driving In

PCM Vol.2 - Issue 4

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?