Photo via Allan Donque/Flickr (CC-BY-SA)
Who would’ve thought a technology that was supposed to prevent fraud would actually end up increasing it?
A recent report published by Forter, a fraud prevention firm, and PYMNTS, the media company focused on the payments industry, reveals that cyberfraud has been soaring since October 2015, after the switchover to EMV (Europay, MasterCard, Visa) chipped credit cards began in earnest.
The spike, a whopping 215 percent in the first quarter of 2015 and 11 percent from the third quarter of 2015 and, is indicative that fraudsters are moving toward online businesses. The figures are overwhelming: There were 27 attacks for every 1,000 e-commerce transactions conducted in the fourth quarter of 2015 and about $5 of every $100 of sales are at risk of a fraud attack.
And there’s no end in sight to this accelerating trend.
A separate paper by Juniper Research, a financial services research firm, forecasts online fraud to skyrocket to $25 billion by 2020, more than double the $10.7 billion recorded in 2015. Though there’s no indication of the future of online payment services being jeopardized by the mounting tide of cyber fraud, the prospects warrant the need of new reflection over the security of this payment medium and new ways to ensure its security.
What’s behind the sudden rise of online fraud?
The rise in online fraud is in part a byproduct of more money being spent online, and as is their wont, cyber criminals will always follow the money. “As more and more of our lives are lived online, we have to expect that fraudsters are going to follow right along,” says Ted Dunning, chief application architect at big data firm MapR. “And with online commerce becoming more prominent, it is becoming easier to hide fraudulent activities.”
There’s no end in sight to this accelerating trend.
But this particular spike has to do with recent changes overcoming in payment technology in the United States. According to both the PYMNTS and the Juniper reports, EMV cards are to blame for the sudden increase in online fraud. The chip cards, which were rolled out in the U.S. to replace previous magnetic stripe cards, use advanced cryptographic techniques that are considerably more resistant to forgery and make in-person transactions much more secure. While the added layer of security has helped reduce physical fraud considerably, the knock-on effect has been to spur fraudsters to move to online mediums.
Similar trends have been seen in other countries such as Canada, Australia and the U.K after they moved to chip cards in previous years.
“Fraud is fluid,” says Paul Miller, CEO of mSignia, “Fraudsters are seeking the path of least resistance and best profit. When EMV raises the security bar for in-store payments, history shows online fraud triples.”
But EMV is not the only cause behind the rise of online fraud. The availability of high computing power at low costs is also helping attackers develop sophisticated tools and techniques to circumvent security measures and target small and medium businesses to harvest confidential information. At the same time, individuals and firms are hard pressed to maintain security of their accounts and data, and old methods no longer suffice to provide adequate protection.
“Whereas 10 alphabetic characters were once a highly secure password, it is now important to use at least 12 characters in passwords that include punctuation and digits,” says MapR’s Dunning. “It is no longer feasible for people to memorize all of the passwords that they need to use and thieves are capitalizing on the incorrect perception on the part of many users that they can come up with mnemonic systems that are secure.”
While hackers are becoming more sophisticated in their attacks, firms are lagging behind and aren’t hardening their security accordingly. “The entire system of passwords is completely broken at this point and needs to be revamped,” Dunning emphasizes. “Even conventional multi-factor methods routinely succumb to modern attackers. Unless we make sweeping changes to online security systems, things are going to get much worse.”
Detecting and preventing online fraud more efficiently
Security vendors are trying to create new technologies to deal with the different facets of online fraud, and hopefully make it impossible. Advances in big data, analytics and machine learning are a major contributing factor that are helping develop models that help detect fraud in a much more efficient way.
Big data and machine learning is also helping in the real-time detection of fraudulent transactions.
“Recent advancements allow accurate biometric sensing without requiring a dedicated sensor such as a fingerprint reader,” says mSignia’s Paul Miller, alluding to adaptive authentication or digital biometric methods that identify users based on their preferences, habits and behavior rather than relying on single data tokens such as passwords or fingerprints. “This enables the promise of biometric security for everyone…not just consumers with higher-end devices.”
mSignia is one of several security firms offering digital biometric technologies that define the user’s identity through the passive collection of data such as music, calendar, contacts, user interface interactions, mouse dynamics, call and text pattern, etc. Collectively, this data establishes a digital identity that is unforgeable. So while malicious users can steal credentials such as passwords, they can’t reproduce the user’s digital identity, which helps quickly detect and block identity theft and account takeover attempts. “Regardless of who a fraudster claims to be, they cannot hide from their own digital biometric,” Miller stresses.
Big data and machine learning is also helping in the real-time detection of fraudulent transactions. “Big data systems are beginning to have a major effect in finding fraud,” Dunning explains. “The key is that fraudsters need to automate their attacks in order to get as much gain as possible. Even if they don’t fully automate attacks, they often will depend on humans to go through the motions over and over.” This is something that can be detected with the right combination of analytics and machine learning. “Highly detailed behavioral models can detect trusted account takeovers.”
MapR is using analytics and machine learning technology to help firms such as American Express to detect and prevent fraud through techniques that can spot pattern- and signature-based fraud as well as anomalous transactions.
Analytics is also helping companies discover data theft cases. MapR has used its technology to help security company Terbium Labs to create digital fingerprints of their clients’ most sensitive data and proactively find out and raise the alarm when that information shows up on hidden criminal websites. This is helping reduce the time it takes to find and react to data breaches, which collectively cost an average of $445 billion per year and take more than 200 days to discover.
“[Big data] allows security teams to not only detect known attacks quickly, but it can help them detect attacks that they have never seen before, nearly in real-time,” says Dunning.
What does the future hold?
If the past is any indication, cybercrime will continue to grow in intensity and sophistication. With money making being one of the main goals and motivations behind most cyberattacks, we can only expect online fraud to be one of the fastest developing sectors of cybercrimes. Cybercriminals will continue to swindle billions of dollars from their victims, and more confidential and sensitive data will fall into the wrong hands.
That is unless the tech community joins forces to deal with this rising tide in earnest. New attack types need new prevention methods. If put to correct use, technological advances can help us improve online security and quell the rising tide of online fraud.