December 15, 2017 By Jamie Caffrey 2 min read

Over the past few years, many retailers have worked hard to offer an omnichannel shopping experience to their customers, allowing them to shop from wherever they are whenever they wish, and take advantage of myriad ways to purchase their goods. But with all the convenience and opportunities this new approach brings to retailers, it also introduces increased risks and opportunities for cybercriminals to capitalize on new technologies to defraud consumers.

Cybercrime has evolved over the past few years to keep pace with new developments in technology. Today, fraud is a true omnichannel business in itself, with communications and complex scams perpetrated through both electronic and physical channels. From phishing campaigns to man-in-the-middle (MitM) attacks over insecure wireless networks, omnichannel fraud is in full swing this holiday season.

Uniting Organizational Silos to Address Omnichannel Threats

More often than not, organizations treat fraud and cybercrime differently, with separate teams, data sets and applications to address these threats. The most forward-thinking institutions are starting to put fraud, risk and cybercrime under the same leadership structure, employing similar tools, techniques and procedures to deal with these threats across all organizational channels.

Sharing data and information often reveals new patterns and networks. When cyber investigations consider the context of financial transactions, for example, security teams can deduce the tactics and motivations of threat actors much more efficiently.

Staying One Step Ahead of Omnichannel Fraud

The first step toward moving to an omnichannel security stance is as simple as bringing people together from different teams and disciplines to share information, both verbally and via a swivel chair approach.

Over time, additional tools and processes can be introduced to facilitate this collaboration, from intelligence repositories and link analysis tools to the collection and curation of data sources into a corporate data lake. This approach can also lead to the formalization and orchestration of incident response processes, either using incident response platforms or business process management tooling.

As the events of this year have proven, crime is evolving rapidly to take advantage of modern tools and techniques. You can and should assume that all channels in your organization are vulnerable to omnichannel fraud. It is a question of when — not if — you will deploy omnichannel security to protect yourself.

Read the white paper: Uncovering omnichannel fraud faster and more effectively

More from Fraud Protection

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today