Fraud events in e-commerce are increasing
Bad news for Australian online shoppers: the number of online scams increases steadily. According to cyber security organization experts, the biggest source of these scams is online payments made without the need to use a physical card. This is because scammers repeatedly use stolen card information in fraudulent operations.
The no-card fraud in Australia accumulated the equivalent of about $350.6M USD last year, 13.9% more than in 2016, according to a report published last Wednesday by Australian Payments Network, a firm that collects statistics on payments. The numbers have risen annually since 2012, when fraud reached $183.1M; USD. In 2017, no-card frauds accounted for 85% of all attacks on bank cards, which totaled $561M USD.
The increase in figures for this fraud follows a well-known pattern. According to cyber security organization experts, as countries have moved to EMV-enabled chips, ATMs cash-out has become much more difficult. The chip built into the card is used to verify a transaction, ensuring that the card has not been cloned. This means that the details of the card cannot be encoded in the magnetic stripe of a counterfeit card and used, for example, in an ATM.
As a result, scammers have migrated to the use of stolen card data in online operations. Financial institutions have developed sophisticated analysis and risk modeling programs in an attempt to detect fraudulent purchase attempts, but systems are fallible.
Movements to introduce stronger security measures when using online cards have found opposition too. Traders, for example, have showed concern about the implementation of overly intrusive security mechanisms which may cause shoppers to move away from their services.
Cyber security organization specialists recommend that traders and financial institutions adopt a risk-based security approach by addressing several scenarios. For example, two-factor authentication could be implemented for high-value transactions or those initiated from an unusual locale, taking as reference device and location data.
Users may also be asked to enter a one use PIN or, failing that, to use a biometric verification method on their devices. There are also plans to bring back a renewed version of 3-D Secure, which is now being developed by EMV Co. “The idea is that traders and card issuers have a range of tools available to authenticate the identity of their users and protect them against different variants of card fraud”, Australian government spokespersons commented.
Cyber security organization specialists from the International Institute of Cyber Security mention that the use of tokens is also a recommendable security measure, which would hinder access to bank client account data in case of a massive data breach.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.