Worried about online fraud? Retailers and consumers both share this concern — and for good reason: According to CSO Online, reporting on a new ThreatMetrix study of Q4 2014 and Q1 2015, fraudulent login attempts reached 25 million per month. What’s more, the security firm says these only include “definitely illegitimate” transactions and warned the numbers were “actually undercounting the problem.” How can companies prepare for the online onslaught coming in the next few quarters as cybercriminals go for broke?

New Avenues for Online Fraud

While retail-based online fraud has focused on lifting credit card and personal data to make fraudulent purchases, cybercriminals are now targeting government websites to grab high-value, long-life-cycle information. Consider the IRS hack early this year, which saw the agency’s Get Transcript function compromised.

Once attackers had victims’ personal data — such as Social Security numbers, marital status and dates of birth — it was possible to file fraudulent tax returns and cause havoc for citizens trying to discharge their yearly financial obligations. But this is just the beginning; the kind of immutable data captured by malicious actors lets them cause harm to victims not only at the point of contact, but also over months and years in the form of fraudulent credit card accounts or spurious government filings.

Data breaches aren’t the only thing driving increased online fraud. As noted by Forbes, the upcoming switch to EMV credit card standards in the U.S. may cause more problems than it solves. New standards require merchants to support chip-and-pin approval rather than swipe-and-sign cards in an effort to reduce the chance of point-of-sale (POS) fraud. The move comes with significant consequences because if retailers don’t comply, they’re on the hook for any fraudulent transactions.

Securing physical terminals, however, could lead to collateral damage. A report by Trustev warns that online fraud in the U.S. could rise by more than 100 percent over the next three years. Why? Because for fraudsters already seeing success with fake logins and false accounts, the promise of card-not-present transactions is attractive since criminals only need card numbers, and not all online merchants employ the same level of data security.

Broad Spectrum

While some industries are more vulnerable — media, finance and e-commerce, for example — other enterprises may be at risk if employees have used company email addresses to access online services that have been compromised. The short answer here? Everyone is vulnerable, and attackers are going for broke as they find new ways to access payment details and create fraudulent accounts.

So how can companies stay safe through the rest of 2015 and into 2016? The first step is deploying reliable identification systems. These help reduce the number of false positives from the use of technologies like virtual private networks (VPNs), which often mimic the telltale signature of IP spoofing and other techniques. Two-factor authentication is also critical since it allows companies to significantly reduce the chance of fake login attempts, especially on mobile devices.

Learn why global threat intelligence is more important than ever in the fight against web fraud

The biggest favor companies can do for their bottom line, however, is understanding the basic nature of attackers: The easier the avenue, the greater the allure. Systems that permit overly simple account creation, don’t provide multiple identity verification steps and allow easy card-not-present transactions are magnets for malicious actors looking for low-hanging fruit. While recent retail data breaches have only added fodder to the fire and have many fraudsters going for broke as the online market expands, companies that take even small steps toward better identity protection will drive off all but the most determined cybercriminals.

Online fraud is a growing market. Expect 2016 to be a banner year for Internet thieves. But there’s still hope: By tapping the growing identity security and fraud prevention markets, it’s possible to limit the chance of becoming just one more of the 25 million.

More from Fraud Protection

New DOJ Team Focuses on Ransomware and Cryptocurrency Crime

While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index 2022 named ransomware as the top attack type in 2021. What exactly is the DOJ doing to improve policing of cryptocurrency and other cyber…

What Are the Biggest Phishing Trends Today?

According to the 2022 X-Force Threat Intelligence Index, phishing was the most common way that cyber criminals got inside an organization. Typically, they do so to launch a much larger attack such as ransomware. The Index also found that phishing was used in 41% of the attacks that X-Force remediated in 2021. That's a 33% increase from 2021. One of the biggest reasons threat actors are increasing phishing attacks is that all it takes is one employee to make a…

Top Security Concerns When Accepting Crypto Payment

From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses to learn how to receive, process and convert crypto payments into fiat currency. Still, many questions remain. How can you safely enable customers to pay with Bitcoin or other digital currency? What are the security risks that come with cryptocurrency? Let’s…

NFT Security Risks: Old Scams and New Tricks

The non-fungible token (NFT) boom has also led to some serious security incidents. For example, the number of suspicious-looking domain registrations with names of NFT stores increased nearly 300% in March 2021. To participate in an NFT marketplace, you must have an active cryptocurrency wallet. This exposes NFT holders to new risks as attackers can find ways into your crypto wallet through your marketplace account. As we’ll see, threat actors have even infiltrated NFT marketplace OpenSea’s Discord server posing as…