Online fraud: Avoiding the seven deadly sins

By using the points below, companies transacting online can reduce the threat of fraudulent purchases or unauthorized account access and ensure a safer experience for their legitimate customers.

1. Don’t miss the opportunity to log transactions – sessions should be designed to do more than just execute or take an order

Online forms can be designed so that they provide clues and signals for use during a fraud investigation. Retailers should ensure they issue a unique 'key' for each transaction. This will make it easier to find a specific order/activity involved in a chargeback claim.

2. Don't ignore the information from browsers and http headers, it can deter or detect fraud

It is fairly straightforward to lift the time zone from a device purchasing a product or claiming a chargeback. This can be compared to where the claim is coming from in order to identify anomalies. Internet tools, such as Google Maps, can easily confirm that shipping addresses match the likely end-consumer.

3. Don’t transact with automated scripts – have a plan to identify BOTS

Look at session times and orders for clues that it is not a human conducting the transaction. These can include purchases being made at very high speeds or extremely high volumes of orders.


4. Don’t tip your hand – keep your fraud deterrent tactics covert, don't let a fraudster know you are on to them.

Let all transactions flow as if they will be processed and only review the suspicious ones. Also, forcing data entry to comply to a specific format hurts your chances of recognizing fraud. Many clues on a repeat offender can be recognized by looking at how they complete applications or forms, such as the use of punctuation in street abbreviations.

5. Don’t ignore the growth in mobile commerce – and the associated risk of fraud

Do not skimp on security layers for a mobile commerce site. Fraud Rings use VMWare to emulate smartphones and gain access to mobile commerce websites. Retailers must create multiple authentication layers on every online portal because fraudsters commonly take the easiest route to the information they need.

6. Don’t give them what they need – mask sensitive data to deter ID theft

For companies that keep images, such as cheques, contracts or invoices online, they must mask the critical account information and personal information. Legal documents and other filings on municipal sites should also mask the personally identifiable information to avoid facilitating ID theft.

7. Don’t allow forms to include "Rubbish"

Set monitors to look for non-words, such as 'asdf' in the name field and don’t allow forms to auto-accept an entry just based on it having the correct number of characters, such as six digits for the post code of an area.

Read More

Email Security - What Are The Issues?

In today’s electronic world, email is critical to any business being competitive. In most cases it now forms the backbone of most organisations’ day-to-day activities, and its use will continue to grow. According to the The Radicati Group’s study, “Microsoft Exchange and Outlook Analysis, 2005-2009,” the worldwide email market will grow from 1.2 billion mailboxes in 2005 to 1.8 billion mailboxes in 2009.

As email becomes more prevalent in the market, the importance of email security becomes more significant. In particular, the security implications associated with the management of email storage, policy enforcement, auditing, archiving and data recovery. Managing large, active stores of information takes time and effort in order to avoid failures – failures that will impact the users and therefore the business, undoubtedly leading to lost productivity. For secure and effective storage management, organisations must take a proactive approach and invest wisely in a comprehensive solution.

When considering a secure email storage management solution, a layered approach, combining both business processes and applications makes sense. By considering the service email provides to the business, email management can be broken down into a number of components: mail flow, storage, and user access – both at the server and user levels. Whilst each one of these components should be addressed separately, they must be viewed as part of a total security agenda.


Mail flow can encompass many aspects of an email system. However, the security of mail flow is for the large part focused around the auditing and tracking of mails into and out of the organisation. Monitoring the content and ensuring that any email that has been sent and received complies with business policy is fundamental. Proving who has sent or received email is a lawful requirement for many industries and email can often be used as evidence in fraud and human resource court cases.

Another key aspect of the management of mail flow security is the protection of the business from malicious or unlawful attacks. It is at the gateway into the mail system where a business must protect itself via a variety of methods including hardware and software protection systems, such as spam filters and virus scanners.

Read More