Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/9/2020
02:00 PM
John Briar
John Briar
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

The Holiday Shopping Season: A Prime Opportunity for Triangulation Fraud

As e-commerce sales increase, so does the risk of hard-to-detect online fraud.

As with everything else in 2020, this year's holiday season will be unlike any other. Public health authorities are warning that crowded malls and shopping centers pose a high risk for exposure to COVID-19 and are advising caution. We experienced a swift shift to digital channels in every sphere this year, and nowhere has that been more impactful than e-commerce. Demonstrating this point, Deloitte forecasts that holiday e-commerce sales will grow by 25% to 35%, or between $182 billion and $196 billion, over 2019's figures.

While online shopping reduces consumers' risk of contracting COVID-19, it introduces another danger: the increased risk of falling victim to online fraud. If predictions ring true, the volume of transactions will grow, making it easier for cybercriminals to hide and perpetuate fraud.

Related Content:

How Retailers Can Fight Fraud and Abuse This Holiday Season

The Changing Face of Threat Intelligence

New on The Edge: 5 Signs Someone Might be Taking Advantage of Your Security Goodness

The risk of e-commerce-related fraud stems from several problems:

  • Companies often do not know the entirety of their attack surface.
  • Each entry point may require a different type of protection, which can be challenging from a resource perspective.
  • Users' cyber hygiene remains a problem (e.g., reusing username and password combinations).
  • Fraud is becoming more and more sophisticated.

The last point is notable. Even if companies know every entry point into their infrastructure and have airtight security and perfectly secure users, the evolving sophistication of fraud remains a fundamental issue. Predicting the next iteration of attacks is "often too little too late" — where the threat is found only after accounts are hijacked, money is withdrawn from bank accounts, and gift card values are stripped. This is because too many security vendors rely on detection-first technology.

How Triangulation Fraud Escapes Cyber Defenses
In the retail industry, triangulation fraud is a prime example of cybercriminals escaping detection despite robust cybersecurity measures in place.

A triangulation fraud scheme begins when a fraudulent seller posts an enticing below-market-price item, often on an online auction or marketplace. An unsuspecting customer places an order for the item and pays for it using a legitimate credit/debit card or other online payment tender. The fraudulent seller then uses stolen credit card credentials to purchase the product through a legitimate e-commerce website and ships it to the customer.

In the end, the customer receives the product, the fraudulent seller collects the payment, and the victimized credit card holder gets stuck with the bill. This makes the scheme hard to detect until the credit card holder disputes the charges as a fraudulent transaction. Because humans with legitimate credentials and payment details are involved in every step of the three-way transaction, defense measures can't stop the fraud because they don't detect it. 

How to Stop Triangulation Fraud
If retailers want to reduce and mitigate triangulation fraud, they should start at the login page since the common denominator in these attacks is stolen credentials. While bots are not the main perpetrator of triangulation fraud, bots do allow criminals to complete transactions at a scale that makes them highly profitable. 

Credential cracking and related attacks are simplistic bot attacks that act as a springboard to more sophisticated fraud, including triangulation. Conventional security wisdom would suggest adding CAPTCHA or multifactor authentication to the login page to deter bots, but we know that fraudulent credentials are widely available on the Dark Web, and bots can easily bypass CAPTCHAs using tools like DeathbyCaptcha. 

To mitigate these sophisticated schemes, retailers must be able to judge user legitimacy in real-time. For example, on a computer, does the user type too quickly to be human? Is the mobile device real or a device emulator? 

These kinds of biometrics, along with hundreds of additional network signals and device profiles, provide the data needed to determine who or what is behind a transaction. And this insight enables businesses to fingerprint users and track their behavior once inside accounts. If the same fingerprinted user begins logging into dozens, hundreds, or even more legitimate accounts but then drops off, there is a high likelihood there's a bot behind the logins. The company must freeze the accounts before the bot can hand the scheme off to a human to complete a manual attack. Only then can we cut off inroads before these schemes proliferate.

John Briar is a proven leader with a strong track record of building new revenue streams for emerging software and hardware solutions. John has been in a leadership role in eight startup companies, and three of them have gone on to successful IPOs. He has more than 10 years ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35210
PUBLISHED: 2021-06-23
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
CVE-2021-27649
PUBLISHED: 2021-06-23
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-29084
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29085
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29086
PUBLISHED: 2021-06-23
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.