December 15, 2017 By Jamie Caffrey 2 min read

Over the past few years, many retailers have worked hard to offer an omnichannel shopping experience to their customers, allowing them to shop from wherever they are whenever they wish, and take advantage of myriad ways to purchase their goods. But with all the convenience and opportunities this new approach brings to retailers, it also introduces increased risks and opportunities for cybercriminals to capitalize on new technologies to defraud consumers.

Cybercrime has evolved over the past few years to keep pace with new developments in technology. Today, fraud is a true omnichannel business in itself, with communications and complex scams perpetrated through both electronic and physical channels. From phishing campaigns to man-in-the-middle (MitM) attacks over insecure wireless networks, omnichannel fraud is in full swing this holiday season.

Uniting Organizational Silos to Address Omnichannel Threats

More often than not, organizations treat fraud and cybercrime differently, with separate teams, data sets and applications to address these threats. The most forward-thinking institutions are starting to put fraud, risk and cybercrime under the same leadership structure, employing similar tools, techniques and procedures to deal with these threats across all organizational channels.

Sharing data and information often reveals new patterns and networks. When cyber investigations consider the context of financial transactions, for example, security teams can deduce the tactics and motivations of threat actors much more efficiently.

Staying One Step Ahead of Omnichannel Fraud

The first step toward moving to an omnichannel security stance is as simple as bringing people together from different teams and disciplines to share information, both verbally and via a swivel chair approach.

Over time, additional tools and processes can be introduced to facilitate this collaboration, from intelligence repositories and link analysis tools to the collection and curation of data sources into a corporate data lake. This approach can also lead to the formalization and orchestration of incident response processes, either using incident response platforms or business process management tooling.

As the events of this year have proven, crime is evolving rapidly to take advantage of modern tools and techniques. You can and should assume that all channels in your organization are vulnerable to omnichannel fraud. It is a question of when — not if — you will deploy omnichannel security to protect yourself.

Read the white paper: Uncovering omnichannel fraud faster and more effectively

More from Fraud Protection

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today