A second wave of attacks began midday Friday after much of the eastern United States was affected in the morning. Sites affected included Etsy, ...
The domain registrar says it reduced its fraud losses by 80%.
As a web site domain registrar Name.com sells and renews web site addresses, which the company says made it an appealing target for criminals. Criminals like to snag domain names they don’t have legitimate rights to so they can intercept traffic with spoof sites and get their hands on consumer data. For example, a criminal may seek to license Shop.FamousRetailer.com and then send consumers e-mails claiming to be from the well-known merchant as a way to capture payment card data and other personal information.
When Name.com found itself rejecting $5,000 in sales each day because it suspected fraud and saw its annual fraud rate approach 12%, the company decided to attack suspect transactions with a more sophisticated two-part review process.
Name.com’s first line of defense is ThreatMetrix’s fraud prevention platform, which uses data mined from web site visitors’ computers and matches that data against data from other sources. It then assigns a threat score. If a consumer is a returning customer that hasn’t exhibited suspect behavior, the transaction gets a good score and goes through. If a consumer gets a bad score, for example if the device the consumer is using has previously been used to make a fraudulent transaction, that transaction is flagged for manual review.
A transaction that ThreatMetrix’s system flags for manual review automatically triggers Name.com’s second line of defense, a phone number request that uses technology from TeleSign, a vendor of phone-based authentication services. The TeleSign system prompts the customer to enter a valid phone number, and TeleSign calls immediately and provides the customer a personal identification number, or PIN. The consumer has to enter the PIN on Name.com to complete the transaction.
Because criminals want to avoid leaving a trail, making consumers enter a phone number deters fraud, says Paul Carter, vice president of operations at Name.com. “The joint solution is helping us prevent thousands of bogus domain purchases every month,” he says.
It’s also helping drive down monetary losses. Name.com says it’s reduced it’s fraud losses by 98% reduction and now declines $1,000 in a day in suspect transactions, down from $5,000 previously. Name.com’s overall fraud rate declined from nearly 12% to 2%. The combined fraud system also helped lower the cost of manual reviews. Manual reviews used to cost the company time equivalent to the workload of 2.5 full-time employees; now that expense is down to 0.3 employees.