IT Briefcase Exclusive Interview with NuData Security: Detecting Identity Theft to Prevent Online Fraud

For most of us, hearing about the latest data breach elicits a momentary panic, followed by a cancelled credit card or a hastily changed username and password. Then we move on with our busy day.

The problem here is two-fold. First, it can take anywhere from months to years for an organization to discover a breach. By then, the stolen data—Social Security number, name, address, phone number, credit card number, name of local bank branch and so on—has been sold and used unknown numbers of times. Second, the after-effects of how that stolen data was used can follow someone their whole life.

In this interview, Ryan Wilk, director of Customer Success for NuData Security, speaks with IT Briefcase about just how serious data breaches can be to both the consumer and the organization, the latest trend in fraud and the best way to stop fraud before it starts.

• Q: Just how serious is data theft for the average consumer?

A. It can be devastating. A New York Times reporter recently wrote of how a recent healthcare data breach exposed his child to identity theft that could hinder her for the rest of her life, because her Social Security number was stolen.

Here’s how cyber criminals profit from data breaches. Data thieves sell stolen information to aggregators, who cross-reference and compile full identities – called “fullz” on the dark web. This increases the value and usefulness of the stolen data, which may have been gathered from multiple data breaches. With this level of information, fraudsters can create new bank accounts or take out loans under an actual person’s name. These actions cannot be traced back to the fraudster and can cause problems for the fraud victim for years down the road.

Even though victims may feel the ripple effect of fraud for years, the irony is that the stolen data travels very quickly. Security provider Bitglass recently did an experiment in which it created a false set of account information of 1,500 “employees” and put that information up on file-sharing sites on the dark web. It took just 12 days for the information to travel from California to 22 countries and five continents. In that time, it was viewed over 200 times and clicked on over 1,100 times! Imagine the damage it could have caused had the information were true and correct. Sadly, that’s what happens every day now.

• Q: What trends are you seeing in the world of online fraud?

A. Well, with so many data breaches last year, credit card numbers flooded the black market. That lowered their value. So, what became more valuable was working user accounts with a payment method attached. As a result, account takeover is growing quickly in the fraud world. NuData Security monitors more than 18 billion user interactions across the Internet annually, and we are seeing a 112 percent year-over-year increase in account takeover attacks.

• Q: If criminals have the correct login information, how can organizations possibly know whether the purchase is legitimate or not?

A. That’s exactly why account takeover is so insidious – and why the rise in this type of fraud requires a different method of fraud detection than merchants have been doing. We are seeing, based on our behavioral analysis, that there are on average, three high-risk logins for every high-risk checkout. The first login is to verify if the account works. The second time is to gain intelligence and third time is when the fraudster attempts to commit actual fraud. The transaction is no longer the point of focus for fraud – it is the login. This shift creates an imperative to look at the login and account creation—rather than the transaction—in order to stop fraud before it happens.

Organizations must not only secure their own data but also be ever vigilant against people using stolen data on their websites as well. By protecting the login pages of your sites, you cut fraudsters off at the source. You stop them from being able to take control of the account in the first place.

• Q: How can organizations protect their login pages, since the bad guys already have all the correct information?

A. Great question! This is the genius of behavioral analytics. This method focuses on observed characteristics of who the user is, not just who they tell you they are. User behavior analytics are aimed at observing and understanding how the user behaves in an effort to answer bigger questions, like how did the user behave previously when they logged in? Are they behaving the same now? When the user is inputting data, is it similar to how they’ve interacted on the same device before, or is it completely different?

Is their behavior repeated? Repeated behavior can reveal a lot. If the behavior is the same every time they visit, perhaps we can say this is a good user. But if it’s the same behavior that 1,000 users are all repeating, it could indicate that this behavior is part of a crime ring that could be a distributed, low-velocity attack.

The key to modern fraud detection and prevention is to look at the behavior at login and connect it to checkout. Behavioral analytics digs under the surface of matching usernames and passwords to truly understand user behavior. These behavior patterns reveal details that fraudsters can’t hide despite their best efforts. Observing user behavior in detail enables the best chance of beating fraud – before it starts.

Ryan Wilk is the director of customer success for NuData Security.

Previously, he was manager of Trust and Safety at StubHub and spent eight years with Universal Parks & Resorts in various e-commerce roles.

NuData Security predicts and prevents online fraud, protecting businesses from brand damage and financial loss caused by fraudulent or malicious attacks. NuData Security analyzes and scores billions of users per year and services some of the largest ecommerce and Web properties around the globe.