While it may seem a bit early to be addressing the holiday shopping season, the giant nutcrackers are already towering over the pumpkins at the mall so I figured it was fair game.
So what can we expect this holiday season? According to a National Retail Federation survey, average spending per person is expected to rise this holiday season to almost $806 and shoppers expect to do over 46% of their buying and browsing online. This is great news for online retailers – or is it?
This holiday season comes on the heels of the EMV rollout, which transfers liability for chargebacks to “the weakest link,” or merchants who don’t accept a credit card that has been enabled with a chip. The chip stores cardholder data including the actual card number to make it more difficult for fraudsters to create counterfeit cards. Although this will have a big impact on card-present fraud, if Europe’s experience is any indication we will be seeing a lot more card not present fraud as fraudsters turn their attention from brick and mortar to online stores.
So this season, online merchants face a double whammy – more online transactions and more fraud. At the same time they are also under more pressure to attract new customers and generate loyalty by offering things like next day shipping or cash rewards for new account openings, which provide even more opportunity for fraudulent transactions. For example next day shipping means less time to scrutinize orders, particularly for those placed late in the day, and so increases the odds that a fraudster can slip one through. Similarly, small cash rewards become big payouts for the fraudster that uses a script to open 600 accounts.
One of the best ways to prevent fraudulent transactions, especially during periods where there are spikes in the number of transactions, is to leverage behavioral analytics. Behavioral analytics solutions analyze how users behave on a web site – how fast they move from page to page, page navigation sequence and the like – to isolate behaviors that don’t conform to the baseline for that site. The most effective solutions look at contextual information such as http referrers, IP addresses and user agent strings to identify potentially disruptive online users or activities like Man-in-the-Middle attacks.
Behavioral analytics can not only identify anomalies at the transaction level, such as the same IP address opening 600 accounts within ten minutes, but can provide context around individual transactions. For example, a customer who purchases multiple one way tickets in a single transaction, although unusual, could be a travel agent, for example, and not a fraudster. However, if that customer prior to initiating the transaction had gone straight to the purchase screen without searching for fares, a most unusual navigation sequence, you would want to look more closely at that transaction.
Of course behavioral analytics should be part of a layered, risk-based security strategy which should also include risk-based authentication, an understanding of your own landscape through threat intelligence and participation in 3D Secure. Today it’s also particularly important to secure the mobile channel as the percentage of transactions coming from mobile devices continues to grow.
Happy holiday shopping!
Please join us on Thursday, November 12 at 12 pm EST for an online event to learn more about the threat landscape this holiday season and how to manage it.
Please follow us on Twitter @RSAFraud
The post Reducing Fraudulent Transactions during the Holiday Shopping Season with Behavioral Analytics appeared first on Speaking of Security - The RSA Blog and Podcast.