Mr. Richard Booth, Business Lead – Fraud and Risk Intelligence, Asia Pacific & Japan at RSA Security, an expert on financial crimes and digital fraud, shared his views on key cyber-attacks crippling Indian payments & merchants ecosystem and the need to tackle these threats across platforms.
1. Being a Global Leader in Security Solutions, what are some of the key cyber-attacks and threats that you see crippling Indian enterprises, particularly the payments & merchants ecosystem in India?
Phishing continues to remain a big issue for banks and merchants. Indian enterprises are targeted with 5-10% of global phishing volume today, or between 7 and 15 unique attacks per hour. Besides attempting to steal customer credentials, phishing is also helping to fuel the global ransomware epidemic.
Recently, when RSA witnesses a spike in phishing attacks against our customers, it is not unusual to see a ransomware attack hit the media a few days later. We also continue to see malware proliferate, and the latest variants are using web injections as a way to capture additional information from users. Finally, account takeover and new account fraud are causing concern among the financial and merchant industries as stolen credentials from recent mega breaches are being reused on other websites.
2.How has the nature and size of these attacks & threats evolved in India in recent times and why?
Mega breaches at many well-known global organizations have fueled a rise in account credentials for sale. The average price of an Indian consumer’s stolen credit card in fraud forums is about 550 INR. It is not only credit cards for sale anymore. Access to other types of account credentials are sought after by cybercriminals including loyalty and reward points, airline accounts, e-commerce accounts, and even social media and online dating accounts.
Cybercriminals have expanded their targets to include new types of data they want, and they have also evolved in the tactics they use to sell and trade it. Cybercrime is happening in plain sight on most popular social media platforms. In India and southeast Asia, RSA has observed that criminals actively trade and sell credit cards and e-wallet accounts and offer carding services to others in the fraud community.
3.How has RSA optimized and redefined its offerings to fight these evolving attacks & threats?
Despite the many fraud threats that pose risks to Indian enterprises and their customers, user experience will always take precedence over cybersecurity. RSA puts customer experience at the center of our payment authentication solutions. We focus a lot of time in optimizing our Risk Engine, risk scoring and machine learning models to achieve the highest fraud detection rates with minimal disruption to the user. On average, RSA’s customers are achieving a 97% fraud detection rate at 5% intervention. We also recognize that consumers interact from a variety of channels and devices so it is important that our solutions can offer the same high levels of fraud detection and a consistent user experience across the Web and mobile channels.
RSA is also expanding its anti-fraud and digital risk managed service offering to include social media. So, in addition to the identification and shutdown services we already offer for phishing, malware and mobile attacks, we are now extending threat protection to social media platforms.
4.Give us a sneak peek into what you’ll be presenting at Spot Forum 2017 (taking place on 29 Nov 2017 at Sofitel BKC – Mumbai)?
In my session, I will be discussing how recent mega breaches have created an abundance of verified credentials for sale across the dark market – and even on social media. It is important for enterprises to understand how they could be exposed to the risk of credential replay, phishing, account takeover, new account fraud and many other cyber-attacks, even if they were not the subject of the data breach. I will also offer some simple steps organizations can take to reduce their own fraud risk following a major breach.
5.Why are you excited to be participating in the conference?
I am excited to be a part of this conference because I think it’s important for industry, government and solution providers to share threat intelligence, discuss emerging trends and offer best practices. I look forward to sharing knowledge based on the fraud research that RSA is doing as well as my own interaction with customers, and I hope to learn new insights from the experience of others.