You know the old saying about the road to hell being paved with good intentions? Evidently for a large number of retail organizations, the road to cyberfraud is also paved with the best intentions.
The ThreatMetrix 2012 State of Cybercrime study sponsored by ThreatMetrix™ and conducted by the Info-Tech Research Group, a 28,000 member global leader in providing tactical information technology research and analysis, found that 40 percent of retailers have no online fraud prevention in place, despite 85 percent considering online fraud prevention a high priority. The study was a survey of US business managers and IT executives in retail and financial services organizations.
According to its “2013 Online Fraud Report,” CyberSource maintains online fraud resulted in approximately $3.5 billion in revenue losses in North America last year. It’s not rocket science to see that the 40 percent of retailers who don’t have fraud prevention in place are taking a major gamble betting nothing happens to their revenue streams. Not to mention, they’re also playing fast and loose with their customers’ transaction and financial data.
Trojan and phishing attacks are the most common for retailers with 46 percent experiencing at least one malware attack in the past year, and 45 percent one Trojan attack.
Despite these attacks, retailers barely spend any time researching IT security threats to stay ahead of cybercriminals. Nearly half (47 percent) of retail organizations surveyed spend less than five hours researching security threats each month, while 14 percent spend no time on preventative research.
“Retailers need to improve online fraud and cybercrime prevention practices or risk losing customers and revenue,” said Andreas Baumhof, chief technology officer, ThreatMetrix. “When consumers are hacked on e-commerce sites, they often avoid those merchants in the future. By implementing integrated cybercrime prevention solutions, e-retailers can provide a more secure experience for customers.”
So what can retailers do to improve their security?
• Screen transactions using previous transaction data to make better decisions about account takeover attacks. By tracking devices and accounts that have a history of fraudulent activity, retailers can block them.
• Track transactions that originate from a different country or from an IP address other than where the account was created.
• Screen for customer identification verification at both account login and prior to transaction completion.
For more information on this study, download the full report at http://info.threatmetrix.com/ThreatMetrix_Security_Online_Fraud_Prevention.html