PCM Vol.2 - Issue 4
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Expert Interview<br />
Vanita Pandey is the vice president of products at<br />
ThreatMetrix. Prior to that, she worked at leading<br />
financial institutions like Visa, Capital One, Standard<br />
Chartered Bank and ABN Amro Bank. Vanita holds<br />
a bachelor’s degree in physics from the University of<br />
Delhi and an MBA from UC Irvine.<br />
Vanita Pandey<br />
VP Product Marketing,<br />
ThreatMetrix<br />
With the growth of online<br />
and mobile transactions<br />
outstriving brick-andmortar<br />
commerce there<br />
are also more challenges players in<br />
payments world must face. We talked to<br />
Vanita Pandey who gave us a very good<br />
insight into the current cybercrime and<br />
fraud domain.<br />
What are the greatest fraud-related<br />
challenges merchants are facing<br />
today?<br />
Merchants are operating in a global<br />
economy where they have access to<br />
consumers from all corners of the world.<br />
Meanwhile, the fraud climate is complex<br />
and ever-changing, and it is hard to keep<br />
up with the sheer quantity of intricate<br />
technical mechanisms employed by<br />
cybercriminals to gain access to data.<br />
In a post-data breach world, identity<br />
information, payment credentials,<br />
account credentials and responses to<br />
security questions are widely available<br />
for purchase in bulk. Complete fraud<br />
exploits and zero-day attacks are also<br />
easily available on the black market for<br />
outright purchase or as a fully hosted/<br />
managed service. Alarmingly, these<br />
fraud offerings come with online help<br />
and full technical support.<br />
Fraudsters use multiple attack vectors<br />
(the method of attack) and attack<br />
surfaces (the components on which<br />
the attack is launched) to create fraud<br />
attacks on merchants. The attack<br />
vectors include stolen credentials,<br />
device malware (to distribute attacks),<br />
web threats (BOTS, proxies, hidden<br />
VPNs, scripts, etc. that enable<br />
attackers to mask the attack source)<br />
and mobile application vulnerabilities.<br />
Attack surfaces are the transaction<br />
components that are vulnerable to<br />
third-party interference and include the<br />
device, the transaction, the transaction<br />
context and the mobile app.<br />
By combining these attack vectors and<br />
surfaces, fraudsters are able to create<br />
endless combinations of attacks that<br />
cannot be mitigated with disparate point<br />
solutions, making multi-dimensional<br />
insight crucial.<br />
How do fraud and authentication<br />
issues impact e-commerce and our<br />
struggling economy?<br />
As more transactions move to connected<br />
devices, the digital channel is now the<br />
biggest driver of growth for retailers. In a<br />
digital world, merchants are able to form<br />
closer and more personal relationships<br />
with their customers. E-commerce and<br />
mobile commerce are both inherently<br />
data driven, and merchants are able to<br />
track and manage a lot of information<br />
about their customers. At the same<br />
time, customers are increasingly open<br />
to supplying more personal information<br />
with their trusted merchants. This has<br />
made merchants the target for attacks<br />
using stolen identities and credentials as<br />
well as attacks looking to steal consumer<br />
information available to the merchants.<br />
As such, cybercrime attacks are no<br />
longer purely transactional. Fraudsters<br />
operate in complex criminal networks,<br />
sharing information and intelligence<br />
worldwide to increase their success.<br />
010