A second wave of attacks began midday Friday after much of the eastern United States was affected in the morning. Sites affected included Etsy, ...
(Page 2 of 4)
Another approach to online fraud that some processors take is to filter all transactions. VeriSign Payment Services, for instance, creates a filter based on a range of information, including such aspects as number of transactions that a card has conducted recently, the number of items in a transaction, the type of item and the dollar amount. It then incorporates information from outside databases such as address verification and other information about the cardholder.
The combination of internal data that VeriSign has developed and external data that others have developed is a powerful weapon, says Trevor Healy, vice president of VeriSign Payment Services, which processes for 125,000 merchants and expects to handle $40 billion in online payments this year. "Your fraud screening is only as good as the fraud that you experience," Healy says. "Our approach harnesses the collective power of the network. Customers get the benefit of operating with the largest payment processor on the Internet. Fraudsters are teaming up to do things together, so we are in essence creating a community effort also."
VeriSign Payment Services is a division of VeriSign Inc., which provides online security services beyond payment. Its VeriSign Secured mark is one of the most widely recognized security marks online. VeriSign`s security experience feeds into its ability to combat payment fraud, the company says. "We have a huge security practice with a large network security group," Healy says. "It`s very powerful that VeriSign does a lot of other things."
VeriSign also applies its security knowledge to internal fraud, such as merchant employees issuing refunds to themselves for purchases that never took place. It applies technology as well as human expertise to detecting such fraud, Healy says. "We have people who monitor all traffic," he says. "They sit at screens and scan traffic all day long."
The human element
The human element is crucial, he maintains. "You can trust that you`ll catch a certain level of fraud with computing systems," he says. "But the person you`re fighting at the other end has a human brain and you need a human brain to combat it."
VeriSign is also involved in combating identity theft, which Healy says is integral to the overall fraud fight. "Retailers see their responsibility as stopping with product and cash theft, but if a consumer experiences identity theft at a web site, it has very far-reaching implications," Healy says.
To help fight identity theft, VeriSign can apply its security services to all the devices in a merchant`s network to assure there`s no vulnerability at any step in the process. That requires a delicate balance in today`s environment between securing servers and making them accessible to shoppers, suppliers and others who need to get to them for information or transactions. "Security must set you free, not lock you down," Healy says. In addition, VeriSign has relationships with many Internet service providers and so can help shut down web sites that engage in phishing to obtain names, addresses, account numbers and passwords for identity theft purposes.
Phishing is becoming a bigger concern to many involved in e-commerce. Phishing is a scam that tries to entice unwary consumers to visit an apparently legitimate site and supply enough information that the operator of the web site can either make fraudulent transactions with the account information gained or can take over the consumer`s identity. Almost anyone with an e-mail account has received seemingly authentic messages that purport to come from a financial institution or, increasingly, eBay or PayPal with a subject line "Problem with your account" or "Your account is about to be suspended."
Criminals hope that consumers will take the bait and click to the site in question and fill out the information. Enough consumers do so to make phishing one of the fastest growing and, from a criminal perspective, successful scams on the web.
Going for the bait
While phishing is not directly a merchant problem, it can harm online sales by undermining consumer confidence in the Internet. In a phishing scheme, a consumer may not even know that he has entered a bogus site and given his information to a criminal. A consumer who suspects that his information was compromised at a retailer`s site, even if the site was a bogus one, is unlikely to trust that retailer, and possibly not others, in the future.
Because of its large user base, PayPal, the payment unit of eBay Inc., undertook an education program two years ago to alert consumers to phishing. It has developed a three-step approach to fighting phishing. The first is consumer education under which PayPal customers are encouraged to visit the security center at PayPal.com and view recommendations for detecting and avoiding phishing. In addition, PayPal has just released its eBay toolbar that consumers download to their desktops. It issues an automatic alert if the consumer is about to input eBay or PayPal information on a site that is not eBay or PayPal. That can be helpful in phishing scams where a bogus site might be hard to differentiate from the real thing. Consumers who encounter such sites are encouraged to send an e-mail with the site`s web address to firstname.lastname@example.org.
It`s also harnessing the 1,000-strong security staff of eBay and PayPal to identifying and closing down phishing operations. And it is applying analytical technology to identifying suspicious transactions and trends in payments. "Because PayPal is a closed system, we can apply pre- and post-transaction screens and that can help us identify problems as they develop," says a PayPal spokeswoman.
To PayPal, security assurances apply equally to sellers as to buyers. And because PayPal has such an extensive security and review apparatus behind it, it can provide innovative services to merchants such as Buyer and Seller Protection. Under Buyer Protection, sellers insure buyers that they will get what they expect. Any eBay seller who has 50 feedback reports and a 98% positive rating can offer buyers PayPal`s Buyers Protection. That service insures the buyer against non-delivery and that the product will be as described on transactions up to $1,000. That raises buyers` comfort level while helping the seller attract more buyers, the spokeswoman says.