Protect Against Online Fraud and Malware


Online fraud is skyrocketing, and the stakes are significantly high for IT decision-makers and their companies. According to the Internet Crime Complaint Center — a joint operation between the Federal Bureau of Investigation and the National White Collar Crime Center — Internet users reported losing nearly $560 million to online fraud last year. That’s more than double the losses from the previous year.

These days, online fraud includes a wide range of activities, such as exploitation of online banking and e-commerce sites and their customers. Your company’s reputation might also be on the line in spamming or denial of service (DoS) attacks, where there is no direct financial gain for the perpetrator. Fraud is also now conducted in minutes, leaving your IT department little time to respond with damage control measures.

Amid these growing threats, the pressure is on IT departments — especially those in such industries as financial services and e-commerce — to deploy counter-fraud measures to protect the company and its customers. Geoffrey Turner, a senior analyst with Forrester Research Inc., offers these guidelines as you battle online fraud:

Counter-measure No. 1: Assess and improve authentication.

Turner says one of the biggest areas in which companies need to up the ante on security is authentication. “Identity theft is a huge problem and the root of all online fraud,” he says. “Ultimately, online fraud is of the magnitude it is now because we have a poor capability to know who’s who.” It’s critical to also evaluate emerging authentication technologies and understand whether they’ll work in your business.

Counter-measure No. 2: Increase your fraud intelligence.

Before deploying a new technological measure, you should take stock of current online authentication processes and determine if fraud risks justify adding more layers of sophisticated measures. On top of that, Turner advises determining where and when online fraud can impact your operations and customers. You need to evaluate whether the level of risk to your organization means you should work more to prevent fraud or to recover from it. If you do employ anti-fraud technologies and processes, make sure there’s an auditing system to measure effectiveness. This is particularly critical in making sure your anti-fraud efforts keep up with new threats.

Counter-measure No. 3: Know your ROI.

Belt-tightening and focusing on revenue-generating business strategy is already driving companies to evaluate the ROI of any investment they make. When it comes to investing in online fraud prevention, you should first concentrate on risk-driven security controls, advises Turner. “Rather than put all the expense on the front edge, you do it based on the level of risk of the transaction,” he says.

Finally, it’s smart to look at how government agencies are bolstering online security. “The more strategic security exploration is being done by governments,” says Turner. “You need to be aware of what the government is doing to see what can be leveraged in the private sector.”