Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

3/26/2013
05:31 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

ThreatMetrix Study Finds Nearly 40 Percent of Retail Organizations Have No Online Fraud Prevention

Despite lack of fraud prevention for most, 85 percent of retail organizations consider it a high priority

San Jose, CA – March 21, 2013 – ThreatMetrix, the fastest-growing provider of integrated cybercrime prevention solutions, today announced the results of a study, which found that 40 percent of retailers have no online fraud prevention in place, despite 85 percent considering online fraud prevention a high priority.

According to CyberSource’s “2013 Online Fraud Report,” online fraud resulted in approximately $3.5 billion in North American revenue loss in 2012. Given this revenue loss, the 40 percent of retailers who do not have fraud prevention in place are taking a major gamble on the security of their profits and sensitive customer transaction and financial data.

The most common IT security attacks retailers experienced in the last year are malware, Trojan and phishing attacks. Of the retailers surveyed, 46 percent experienced at least one malware attack in the past year, and 45 percent experienced at least one Trojan attack.

Despite these attacks, retailers barely spend any time researching IT security threats to stay ahead of cybercriminals. Nearly half (47%) of retail organizations surveyed spend less than five hours researching security threats each month, while 14 percent spend no time on preventative research.

“Retailers need to improve online fraud and cybercrime prevention practices or risk losing customers and revenue,” said Andreas Baumhof, chief technology officer, ThreatMetrix. “When consumers are hacked on e-commerce sites, they often avoid those merchants in the future. By implementing integrated cybercrime prevention solutions, e-retailers can provide a more secure experience for customers.”

In an effort to provide the safest transactions for consumers, retailers need to:

• Screen transactions using previous transaction data to make better decisions about account takeover attacks. By tracking devices and accounts that have a history of fraudulent activity, retailers can block those devices from transactions. • Track transactions that are originating from a different country or IP address than where the account was created. • Screen for customer identification verification at both account login and prior to transaction completion.

The study, titled the ThreatMetrix 2012 State of Cybercrime Study, was conducted by Info-Tech Research Group and surveyed U.S. business managers and IT executives within retail and financial services organizations on the level of cybersecurity solutions they have in place.

For more information on this study, download the full report at http://info.threatmetrix.com/ThreatMetrix_Security_Online_Fraud_Prevention.html About Info-Tech Research Group

With a paid membership of over 28,000 members worldwide, Info-Tech Research Group is the global leader in providing tactical, practical information technology research and analysis. Info-Tech Research Group has a 14-year history of delivering quality research and is North America’s fastest-growing, full-service IT analyst firm. For more information, visit www.infotech.com or call 1-888-670-8889.

About ThreatMetrix ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions. The ThreatMetrix™ Cybercrime Defender Platform helps companies protect customer data and secure transactions against payment fraud, malware, account takeover, fraudulent new registrations, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, malware protection with TrustDefender™ Cloud and TrustDefender™ Client, as well as TrustDefender™ Mobile for smartphone applications. ThreatMetrix cybersecurity solutions protect more than 1,500 customers and 8,500 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.

2013 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the ThreatMetrix Cybercrime Defender Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16863
PUBLISHED: 2019-11-14
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
CVE-2019-18949
PUBLISHED: 2019-11-14
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.
CVE-2011-1930
PUBLISHED: 2019-11-14
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
CVE-2011-1145
PUBLISHED: 2019-11-14
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
CVE-2011-1488
PUBLISHED: 2019-11-14
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent withi...