Loading...

Defeating the Ghost Army – or protecting your business with a layered security strategy

Published: June 13, 2014 by Maria Scalone

It’s no secret that e-commerce merchants, retailers, and financial institutions are prime targets for these digital ghosts as they look to quickly monetize their recent data heist. Unfortunately, many organizations are still scrambling to deploy proper defenses. So how do you defend against an unregulated, networked enemy intent on inciting chaos and filling their bank accounts? Following any data breach, it is essential that organizations gain complete visibility of their customers and transactions across channels.

Once a breach has occurred, it is critical for organizations to perform a forensic review of the attack to identify and understand all of the potential points of vulnerability, what data was stolen and how that data was transmitted back to the attackers. What can be more concerning is that the initial scope may quickly expand into something much larger. This makes it essential that retailers and financial institutions rapidly gain complete visibility of their customer data and transactions across channels and keep drilling-down until the root cause can be identified and protected against a repeat attack.

Unfortunately, that type of consolidated view does not exist in most companies. Organizations need to ask themselves some serious questions.

  1. Do you really know who is logging into your customers’ accounts? Without realizing their data has been compromised, consumers can fall prey to personalized phishing attacks and “give away the keys” to their accounts.
  2. How can you be certain a VIP customer is really behind a high-dollar transaction being rushed to an overseas address? No one wants to decline legitimate orders from loyal customers; but with revenue, reputation and brand equity at stake, no one can afford to ignore the potential risk.
  3. What controls are in-place to ensure that a fraudster in Malaysia isn’t using legitimate identity data and an anonymous proxy to submit credit card applications that are a perfect match to credit bureau data? Or to alert when a long-standing offline banking relationship suddenly enrolls online? Once access is established, address and other data can be updated and sold to the highest bidder in underground forums.

All of these questions can be addressed through the combination of complex device intelligence, a powerful risk engine and support from industry-leading experts in fraud and risk management.

Even after a breach has occurred, the risk can be managed. First, consumers need to be informed on how to protect themselves from sophisticated use of their data. Second, arm your organization with a layered security strategy that includes device intelligence. This will prepare you for the onslaught of compromised card usage, fraudulent enrollments, phishing attacks and attempted account takeovers that follow in the wake of a data breach.

Subscription title for insights blog

Description for the insights blog here

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Categories title

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.

Subscription title 2

Description here
Subscribe Now

Text legacy

Contrary to popular belief, Lorem Ipsum is not simply random text. It has roots in a piece of classical Latin literature from 45 BC, making it over 2000 years old. Richard McClintock, a Latin professor at Hampden-Sydney College in Virginia, looked up one of the more obscure Latin words, consectetur, from a Lorem Ipsum passage, and going through the cites of the word in classical literature, discovered the undoubtable source.

recent post

Learn More Image