Online fraud is on the rise all over Europe. Everywhere you look it’s causing misery for consumers, financial and reputational damage for organizations and big fat profits for criminal gangs. There are a lot of things we can do to mitigate the threat itself, ranging from better end user education to sophisticated behavioral analytics platforms. But until organizations get better at protecting customer data, the scammers will continue to have the upper hand thanks to a readymade supply of personal details.
In short, get better at preventing data breaches, and we could help to cut off the fuel fomenting downstream fraud.
Europe leads on fraud
Fraud prevention firm ThreatMetrix claims to verify more than 20 billion annual transactions. Its figures for Q1 revealed 130 million global fraud attacks spotted by its sensors alone, with Europe now the biggest attack “source” in the world; accounting for 50% more fraud attempts than the US. Fraudulent activity outpaced good transactions in Germany and France by over 40%, and the report warned that the Netherlands and UK are becoming “fraud hubs”.
Barclays, meanwhile, revealed that 25% of UK adults had been hit by financial fraud over the past three years. And British non-profit Cifas confirmed the picture with new figures which show cyber fraud comprised 66% of all fraud in 2016, representing hundreds of thousands of cases. It warned particularly about account takeover fraud, which spiked 45% last year and which is carried out mainly over the phone.
“For this fraud to be successful over the telephone, fraudsters must have obtained enough of their victim’s personal and security information (for example date of birth, address, details of bank or other accounts and sometimes passwords) to convince the person on the other end of the phone that they are actually the genuine person they are impersonating. Fraudsters will collate personal data and identify targets in a variety of ways, such as data breaches…”
By failing to protect customer data properly, organizations are exposing themselves to the negative publicity, fines and clean-up costs associated with a big-name data breach. But they also risk incurring extra costs if their customers are defrauded as a result, as well as the strong likelihood that some of them will take their business elsewhere in future. Even if breached customer details are used to defraud another company, there’s a strong argument for saying it’s in the interests of all organizations to pull together and offer the best data protection they possibly can, to limit the resources available to fraudsters.
How do you do that? Through industry best practices including:
- End user education on how to spot phishing emails etc.
- Patch management programs ensuring all software and systems are always up-to-date
- Comprehensive network security including advanced firewalls
- Protection at the email and web gateway
- Security for any data stored in the cloud
- Regular pen testing
- A comprehensive incident response plan to ensure any breaches are caught early on
The forthcoming European General Data Protection Regulation (GDPR), which lands in a year’s time, should focus boardrooms across Europe on the task at hand. Let’s hope they all grasp the opportunity to become more resilient to data breaches. It won’t cut fraud overnight, but it might have a lasting impact in the longer term.
Phil Muncaster is a technology writer and editor with over 12 years’ experience working on some of the biggest technology titles around, including Computing, The Register, V3 and MIT Technology Review. He spent over two years in Hong Kong immersed in the Asian tech scene and is now back in London where information security has become a major focus for his work.