Recapturing stolen data that fraudsters have to combat their moves
32844
post-template-default,single,single-post,postid-32844,single-format-standard,bridge-core-3.1.3,qode-page-transition-enabled,ajax_fade,page_not_loaded,, vertical_menu_transparency vertical_menu_transparency_on,qode_grid_1300,qode-child-theme-ver-1.0.0,qode-theme-ver-30.2,qode-theme-bridge,wpb-js-composer js-comp-ver-7.3,vc_responsive
 

Using the same data that fraudsters have to combat their moves

Ai Editorial
Home > Editorials  > Payment & Fraud Editorials  > Using the same data that fraudsters have to combat their moves

1st September, 2022

Bad actors or cybercriminals gaining access to users’ data or credentials happens too often. Once the data is out, how about recapturing the same from fraudsters and acting on the same to be a step ahead.

There is a way to do this. SpyCloud explained the same during the Loyalty Security Alliance’s conference in London this year. Some key points:

  • The role of security researchers – from being present in those “communities”, targeting breached data from fraudsters, parsing and normalizing data etc.
  • Recapturing credential pairs (evaluating data breaches and malware-infected device logs). The company found 130 million users with the same email address (from 7 billion credential pairs recaptured last year) exposed across breaches. Personally identifiable information or PII also aids criminals in answering secret questions, bypassing or resetting MFA, creating new, fake accounts with real people’s data (synthetic identities) etc.
  • A way to counter and spoil fraudsters’ further plans since they have already bypassed traditional authentication. So essentially recapturing data is an additional layer of defence. It is an astute way of assessing “why consumers are doing what they’re doing”.
  • How real criminal marketplace listings work, for e. g., featuring loyalty point-rich accounts or cloned credit cards? There are instruction manuals to work in a swift manner!
  • Cookies plus passwords – impersonating users by taking over their web sessions using a cookie (session hijacking, it gets the criminal immediately into the account, no other authentication required – no password, no 2FA).

Being good at the game that fraudsters play

This methodology is a way to counter the plan of cybercriminals before they cause any further significant damage. Considering that traditional identity verification has its limitations or isn’t proving to be enough, initiatives have to be taken to reach a fraudsters’ territory, acting where they act post a breach and this way one can cut down the user’s risk from their exposure in criminal listing or whatever can be done with the stolen data.

Eventually it should help the fraud prevention team to auto-approve orders where risk isn’t deemed high, cut down on manual reviews and also savings from chargebacks. Since data breaches happen too often, a user is generally exposed in 8-10 breaches and 1-4% of users of site visitors being infected with malware, according to tests conducted by SpyCloud, companies need to look at ways to play the game that fraudsters play.

By Ritesh Gupta, Ai Events

Follow us:
 



Share

Cookies

This site uses cookies: Find out more.