Posted by Andre Edelbrock on Tue, Jan 27, 2009
The high-profile revelations last week about the Heartland data breach are a stark reminder that incursions by hackers into financial systems, and the fraud that results, have become mainstream news events. And end-of-year reports for 2008 show the news about security breaches keeps getting more worrisome.
Perhaps the worst of it is their increasing frequency and size. As we discussed recently here, experts such as the Gartner Group’s Avivah Litan believe recession and fraud increases go hand-in-hand as skilled minds lose legit employment and go to the dark side.
But whatever the source, there is certainly more of it.
CIFAS in the UK reports there has been a 207% rise in facility takeover fraud (i.e., account takeover fraud) in 2008 where legitimate accounts are hijacked by various means: “…the sheer scale of the increase is truly alarming. Fraudsters are clearly adapting to current conditions. They know that lending criteria have become more stringent as a result of the credit crunch, and that application fraud is likely to be unsuccessful. They are, therefore, turning their attempts elsewhere…”
ITRC (the Identity Theft Resource Center in the US), starting its 10th year, reports data breaches jumped in 2008 by 47%. ITRC says in this report on 2008 breaches that the bigger number has a couple sources: “two things are happening - the criminal population is stealing more data from companies AND that we are hearing more about the breaches.”
Of course, the Heartland data breach news of last week, in the wake of the high-profile RBS and Hannaford breaches, and the massive TJ Maxx breach two years ago tells us this is a momentum-gaining dark trend no one wants to be caught up in.
Posted by Andre Edelbrock on Thu, Nov 20, 2008
Sales growth slowing…
Fresh data show that U.S. retail ecommerce grew 1% year-over-year in October, representing the sixth consecutive month this year of slowing growth rates.
The picture in the UK is not all that better as IMRG/Capgemini reported the latest figures for October show that month-on-month growth was 3.8% and year-on-year growth was 12.7% representing the lowest year-on-year growth since December 2004 – reflecting the suffering economy.
With more and more people hunkering down and less and less credit available, a turnaround to previous growth levels looks far off, and perhaps an overall decrease is in the cards.
Fraud activity on the rise… 
As Gartner security analyst Avivah Litan reports that in recent months, banking clients have been warning her of a spike in fraud, much of it based on the use of stolen financial data. “There’s been a marked increase in the number of attacks and the number of successful fraud attempts,” says Litan, due to publish a report in December. “This is the busiest my practice has ever been.”
We’ve also heard something very disturbing last week from one online businesses in that they are starting to see a rise in fraud from their good customers - commonly referred to as 1st party fraud. Good customers who are now turning to fraudulent activity in tough times by making false claims e.g., orders not being shipped or making up customer service complaints.
Shift in spend… 
Jonathan Penn, an analyst at Forrester Research, in September reported that the bulk of IT spend during the banking meltdown will go toward systems designed to keep former employees or disgruntled workers out of proprietary systems and to prevent business-killing data breaches. Often resulting in less for other areas of security.
This all adds up to…
Tough times ahead for online retailers as good customers spend less, fraud increases (now even the good customers getting in on the act!) and fraud managers being asked to do more with less. All attention shifts to the Fraud Manager. He or she is looked upon as the ultimate fighter in the battle to strike balance between revenue and fraud. He or she plays a big role in the profitability of your online business so you’d be wise to give him or her the your undivided attention.
Have a conversation…
Start by asking your Fraud Manager: “Are we doing everything possible with our available resources?”
Then ask: “What more could we do with the resources of others?”
If you get a confused look back try asking it this way: “I know they’re our competitors but what if we had Bob over at ACME, and Sue over at Bit Co. working for us on this? Would it help?” 
I’m sure you’ve heard the saying “It takes a village.”
Fraudsters realized some time ago that working in a village with other villagers made their own lives better. Going it alone isn’t enough. Why not share the pain? Why not share the cost of fraud with others for your benefit and the benefit of everyone…all at the demise of the fraudster?
Let me know what he or she says.
Posted by Andre Edelbrock on Mon, Nov 17, 2008
The problem is that the ‘we’ is often the bad guys.
For example - criminals around the world are benefiting from being better organized and using the Internet to work together. In the UK, banking losses due to fraud soared to £301.7m in the first half of 2008 compared to £263.6m in the same period last year, according to the latest figures from UK banking association APACS. Card-not-present fraud (a category that includes e-commerce fraud as well as phone and mail order scams) rose 18% to reach £161.9m in that same period.
So with the good guys losing the battle of the organized to the bad guys, you and I as consumers and businessmen pay a price…literally as the APACS numbers show.
But all good things must come to an end. Banks and businesses have had enough. The power shift, in favor of the good guys, has begun, as in the same way the criminals have leveraged the power of organizing and the Internet, businesses and banks around the world are now working together to fight fraud head-on.
Watch the following video clip of Gilbert Fiorentino, CEO of TigerDirect, to see just how mad online retailers are getting, and what they're prepared to do about it.
Click this link if you can't see the embedded video above.
Watch what happens when hundreds organize…boom…new rules indeed.
Click here to read Seth Godin’s post on this.