Merchants Stick to PCI-DSS Standards While Cybercriminals Stick It to Merchants and Customers. Crooks Now Better Than Ever at Stealing User Names and Passwords.
The Aite Group, an independent financial research and advisory firm, interviewed online merchants, credit card issuers and payment card associations which manage online payment transactions. Aite found that even though merchants improved how they secure account numbers under the Payment Card Industry Data Security Standard (PCI-DSS), cybercrooks have improved their ability to steal credentials and match them with account numbers stored on web sites whose security was lax.
Julie Conroy, an Aite Group analyst said, “All interviewed merchants, (who) are seeing a higher fraud rate, report a big jump in account takeover activity.” In an internetretailer.com piece, Conroy observed that the cause appeared to be related to database breaches that have taken place over the last year-and-a-half.
Conroy pointed to LivingSocial, the daily-deal site as an example. When LivingSocial was breached, hackers were able to access user names and passwords and use them to compromise customer accounts on other e-commerce sites. Conroy noted that a breach, such as the one LivingSocial suffered, is often made worse by consumers who utilize the same user name and password for multiple financial accounts. And, once crooks have a user’s credentials, they order goods online, ship them to an address other than the legitimate cardholder’s and sell them. Considering the cyberthieves didn’t have to pay for the goods, they have a profit margin Donald Trump could envy.
ThreatMetrix is the fastest-growing provider of integrated web fraud and cybersecurity solutions. The TrustDefender™ Cybercrime Protection Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.