Welcome Guest | |
Follow Us:
    
Newsletter Signup:
Strategies to Ward Off Real Threats in an Online World
With a sharp rise in the number of phishing attacks and frauds related to online transactions, Indian enterprises are proactively adopting anti-fraud technologies to protect themselves and their customers By Srikanth RP, NWC, May 01, 2009


As the Internet population in India grows at a fast clip, it is also becoming an attractive target for fraudsters. Online frauds are common, and banks as well as merchants are facing a challenging time, in controlling these frauds. Says Akif Khan, Head of Client and Technical Services, CyberSource, “The biggest issue with Indian merchants is their reliance on manual review to spot fraud. Typically, the volume of orders to manually review is usually so huge that the team is unable to screen all of them. This creates opportunities for fraudsters.” One of the best known cases of online fraud is the Kingfisher Airlines case, where the airline firm was duped of a massive Rs 17 crore in 2006.


Using automated tools to cut down fraud
 To cut fraud, experts advise usage of automated tools that aid decision making. Says Shailender Kumar, Vice President, Oracle Fusion Middleware, Oracle India, “Given the increasingly sophisticated risks posed by various channels, online fraud detection requires the use of multiple IT security tools.” Kumar says that organizations must bring together various risk factors in a single policy to proactively prevent fraud, and alert the organization to threats. This is a challenging task, as it means analyzing data from a variety of sources, including profiles, device fingerprints, and other network forensics data.


Industry tools too have evolved to fight these threats. These tools can be used to screen transactions for the possibility of fraud and determine in real time whether online transactions should be accepted, rejected, or marked for review. Automated decision-making tools are certainly helping Indian enterprises cut fraud to a great extent. Says Khan, “Some of the airlines that we have worked with had fraud rates of over one percent by volume, and were manually reviewing over 80 percent of orders to inspect them for fraud. Today, due to automated decision-making tools, we have helped some of these companies get their fraud rates to below 0.1 percent, with review rates of less than 20 percent.”


Inspiring Customer Confidence
 To encourage confidence among online users, organizations such as VeriSign have responded with an Extended Validation (EV) SSL Certificate. This means that users will see the address bar turn green when they visit a website secured with a VeriSign EV certificate. Explains Rajiv Chadha, Vice President – Sales, VeriSign Services India, “Green is a sign of confidence, and when the address bar turns green in latest browsers such as Internet Explorer 7, an organization can be assured that it is safe.” Chadha says that as the name of the organization listed in the certificate, as well as the security vendor is displayed in the address bar, it is difficult for fraudsters to run phishing attacks, using a company’s brand name.


For preventing online frauds related to banking, some banks such as HSBC have responded by providing hardware tokens to customers. These tokens generate random one-time passwords, and when used in combination with a static password or a PIN, can help organizations secure online transactions to a great extent.


However, as the cost of deploying hardware tokens may affect the decision of banks to offer such a convenience to its customers, VeriSign is proposing a model, where the customer can download an application on his phone, and get the password generated on the phone itself. The customer also has the option of getting the one-time password on his phone as an SMS. This is advantageous for banks, retailers and other merchants, as they can add a two-factor authentication option to the consumer network, without a costly infrastructure investment. While this service is not yet available in India, the company is evaluating options to offer such a service in the country.


While the industry innovates to create the right tools and technologies to fight fraud, regulations too will play an important role. For instance, RBI has taken cognizance of the growing number of fraudulent transactions and has issued a circular to all member banks on online security. The circular advises banks to issue online alerts to customers, where transactions cross Rs 5,000, and where the card is not presented physically.
In summary, the right combination of industry tools, processes, and industry regulations will help in improving consumer confidence for online transactions.



blog comments powered by Disqus
About Author
Srikanth RP
Email

An award-winning journalist with more than 14 years of experience, Srikanth RP is Senior Associate Editor with InformationWeek India. Srikanth is passionate about writing on topics which clearly show the business impact of technology.

More articles by Srikanth RP
Featured Videos


 
    
 
Future Strategist Award
Who's next in line for the CIO position?
As a CIO you mentor someone in your organization for the future IT leadership role. InformationWeek would like to acknowledge and felicitate that special person at an awards ceremony at Interop
Top Stories
Interview
CIOs must leverage social media to increase their presence in the boardroom
Arun Sundararajan, NEC Faculty Fellow and Associate Professor at New York University’s Stern School of Business, discusses with InformationWeek the relevance of social media to the overall business, and how CIOs must handle social media
BankTech India - IT News for BFSI Segment
We're on Google+
InformationWeek India on Facebook