Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

How businesses can avoid having their web presence used by fraudsters

41st Parameter : 07 January, 2010  (Technical Article)
Ori Eisen provides on-line businesses with solid advice on what factors to avoid in order to prevent on-line fraud
Ori Eisen, Chief Innovation Officer at 41st Parameter, highlights seven 'online sins' which, if addressed, can deter the use of stolen credit cards and reduce identity theft and fraud. By addressing these points, companies transacting online can reduce the threat of fraudulent purchases or unauthorised account access and ensure a safer experience for their legitimate customers.

First: Don't miss the opportunity to log transactions - sessions should be designed to do more than just execute or take an order - Online forms can be designed so that they provide clues and signals for use during a fraud investigation. Retailers should ensure they issue a unique 'key' for each transaction. This will make it easier to find a specific order/activity involved in a chargeback claim.

Second: Don't ignore the information from browsers and http headers, it can deter or detect fraud - It is fairly straightforward to lift the time zone from a device purchasing a product or claiming a chargeback. This can be compared to where the claim is coming from in order to identify anomalies. Internet tools, such as Google Maps, can easily confirm that shipping addresses match the likely end-consumer.

Third: Don't transact with automated scripts - have a plan to identify BOTS - Look at session times and orders for clues that it is not a human conducting the transaction. These can include purchases being made at very high speeds or extremely high volumes of orders.

Fourth: Don't tip your hand - keep your fraud deterrent tactics covert, don't let a fraudster know you are on to them - Let all transactions flow as if they will be processed and only review the suspicious ones. Also, forcing data entry to comply to a specific format hurts your chances of recognising fraud. Many clues on a repeat offender can be recognised by looking at how they complete applications or forms, such as the use of punctuation in street abbreviations.

Fifth: Don't ignore the growth in mobile commerce - and the associated risk of fraud - Do not skimp on security layers for a mobile commerce site. Fraud Rings use VMWare to emulate smartphones and gain access to mobile commerce websites. Retailers must create multiple authentication layers on every online portal because fraudsters commonly take the easiest route to the information they need.

Sixth: Don't give them what they need - mask sensitive data to deter ID theft - For companies that keep images, such as cheques, contracts or invoices online, they must mask the critical account information and personal information. Legal documents and other filings on municipal sites should also mask the personally identifiable information to avoid facilitating ID theft.

And finally the Seventh: Don't allow forms to include 'Rubbish' - Set monitors to look for non-words, such as 'asdf' in the name field and don't allow forms to auto-accept an entry just based on it having the correct number of characters, such as six digits for the post code of an area.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo