Cybercrime Battle Basics

Click here to download a free copy the ThreatMetrix whitepaper: Cybercrime Battle Basics.

You Can’t Fight the Fire from Behind the Firewall

The cybersecurity war is fought on the new frontier of unregulated and insufficiently protected computers belonging to customers, contractors, business partners and the web applications with which they transact, login, consume and share. The unstoppable consumerization of the enterprise means the front has expanded to include employee smartphones and laptops that roam between private and public networks.

In this battle, no networks need to be breached when the keys to the front door lie on phishing sites, unprotected consumer devices, social networks and compromised credit cards. The artificial division between corporate data and assets and those belonging to their customers and employees is convenient for existing enterprise security vendors but does not stand up to the hard reality of an embedded and amorphous foe that is better equipped, highly connected and immune from retribution.

The actual task of stemming the torrent of money, customer satisfaction and shareholder value that gushes to the tune of tens of billions a year out the Internet front door falls at the feet of the irregular army of the fraud department. This group is loosely organized into silos depending on whether they are internal or external focused, or by specialization depending on whether fraud is associated with an online credit card payment, a new account enrolment or compromised account.

To the same degree that their security cousins are focused on endpoints and perimeters but largely ignorant of anything that happens after the submit button, today’s fraud fighters attempt the equivalent

of taking on tanks with sticks while blindfolded as their transaction processing systems, locked behind the firewall knowledge gap, have zero knowledge as to true identity, integrity and reputation of the anonymous device behind the transaction. On the Internet they say no one knows you’re a dog, but enterprises are spending hundreds of millions of dollars on technology that can count dogs.

The problem lies not with either discipline; the fact is that fraud and security are just two sides of the same cybercrime coin. Effective enterprise cybercrime prevention requires an integrated and layered approach to device and transaction security for the entire customer acquisition lifecycle.

To achieve this, enterprises need two core capabilities:

• Device identification: The ability to instantly differentiate between valuable customers and employees, and cybercriminals using stolen identities and credentials

 

• Malware protection: Once identified as a valued customer or employee device, the ability to validate that the device is in a safe and secure state to guarantee transaction integrity

 

Click here to download a free copy the ThreatMetrix whitepaper: Cybercrime Battle Basics.

Related: Easing Concerns of mPayment Risk for Consumers