As widely predicted, the long awaited adoption of EMV in the US is driving up card not present fraud. Factor in the ongoing growth of this payment channel and it's easy to see why fraudsters are training their sights on the 'sick, lame or lazy' of the e-commerce world.
For those of you not familiar with the term, it is one widely used within the world of horse racing to refer to those who are not 'cutting it'. Indeed I think it is great way to rate the risk that individual e-commerce merchants represent within a large portfolio.
Sick: Those who have been vulnerable for some time. It is likely that their website was never adequately secured from the outset and as such needs a significant amount of remedial effort to make it safe. Attackers will see it as easy to exploit and will pick it off accordingly.
Lame: Those who are running out of date software and/or have yet to apply long overdue security patches. They are limping along, can be brought back to full heath with a bit of effort, however as things stand they are not in the race from a cyber security perspective.
Lazy: These are the slackers, they know they can do it, however have dropped off the pace! Maybe a few distractions have taken their eye off the ball and their failure to apply the last set of recommended patches could put them at risk.
As a highly experienced PCI Forensic Investigator (PFI) we have an 'eye' for the 'sick, lame & lazy', we can spot who is at the races and who you'd be better off not backing.
By using, 'WebScan' our own blend of external scanning capabilities we can quickly identify where the risk of an account data compromise is most likely to manifest itself ensuring proactive support is provided to those who really need it.
"Fraudsters continue to exploit new vulnerabilities, and perpetrate card-not-present fraud against businesses using stolen consumer identity and payment data," Adam Fingersh, Experian general manager and senior vice president of fraud and identity solutions, said in a statement. "This reinforces the need for aggressive fraud prevention strategies and adoption of open technology platforms to prepare for the latest emerging cyber security threats. Fraudsters have what they need to quickly capitalize on compromised data, so businesses need to be prepared."