2021 Credential Stuffing Report
Despite consensus about best practices, industry behaviors around password storage remain poor. Plaintext storage of passwords is responsible for the greatest number of spilled credentials by far, and the widely discredited hashing algorithm MD5 remains surprisingly prevalent.
Organizations remain weak at detecting and discovering intrusions and data exfiltration. Median time to discovering a credential spill between 2018 and 2020 was 120 days; the average time to discovery was 327 days. Often spills are discovered on the dark web before organizations detect or disclose a breach.
Some content is hidden, to be able to see it login here Login
There are no related Events
This presentation answers the question- what are the latest techniques you can apply to prevent fraud and ensure a frictionless journey for your customers?
Join Overstock as they demonstrate case examples of how monitoring consumer behavior in advance of the payment, capturing key data elements and leveraging ML models can detect bot attacks, account manipulation, and policy violations - enabling legitimate consumers to sail through the process and target proper risk controls to prevent and stop fraud.
Bots are everywhere, for better or worse. Though bots can be useful, fraudsters often use automated processes in a variety of attacks. Knowing how to mitigate bots is becoming increasingly important.
This MRC Virtual 2022 presentation highlights many of the most effective strategies, and explores how best to defend against them, demonstrating with real-world examples and advice from experts.
To effectively fight fraud, it’s critical to understand the economic and geographical factors that drive attacks. These include financial factors like currency exchange rates, wages, cost of labor, and more.
This informative MRC Virtual session explores the idea of an Attack Incentive Index, an industry-wide index that effectively combines relevant economic data with known attack patterns to provide a holistic insight into attacker motivation.
Fraudsters look for the easiest, most vulnerable parts of the transaction lifecycle to enter the customer journey.
Traditional verification steps, such as verifying micro-deposits, are not enough. Every participant in the transaction lifecycle – from merchant to payment processor to card issuer – must understand their vulnerability to account takeover fraud. All need a strategy for verifying identity that makes it much more difficult for fraudsters to use the identity data they obtain.
This presentation explores how transaction participants can create strategies to verify identities starting with account creation, and extending through checkout, payment, shipping, and account maintenance. It will also provide a merchant's perspective on effective pathways for safeguarding in-demand eCommerce options such as guest checkout.
The Merchant Risk Council (MRC), Cybersource, and Verifi present the results of the 2022 Global Fraud and Payments Survey in an educational report that conveys transparent and unbiased research. This report is based on a survey of MRC and non-MRC merchants from around the globe, who were asked about their eCommerce fraud and payments practices. The survey sample included a diverse mix of small businesses (SMBs), mid-market, and enterprise merchants, representing organizations based throughout the North American, European, Asia-Pacific (APAC), and Latin American (LATAM) regions. The research was conducted in November and December of 2021.
The survey results provide the MRC merchant community with the latest industry fraud data and fraud management methods used by their peers, along with a robust set of performance benchmarks that members can use to help optimize their fraud management and prevention practices. In addition, the survey delves into today’s rapidly changing payments landscape to examine the range of different payment acceptance, management, and partnership practices merchants are deploying, globally and across key subsegments, as well as the reasons why they are adopting these payment strategies and tactics in the current commercial environment.
In this compelling conversation, the MRC partners with NORA (National Online Retailers Association), Australia for a conversation comparing the 2022 Global Payments & Fraud Survey (developed by Cybersource, Verifi, and MRC) to the soon-to-be-released AusPayNet 2022 Fraud Report.
Join Susan Brown of the MRC, Toby Evans of AusPayNet, Rachel Hall of Ticketmaster, and Ryan Amatoury of Woolworths for a deep dive into the data in these reports and the fraud metrics these subject matter experts expect to see in the coming year.
High-risk merchants categories such as CBD, crypto, gambling, sports betting, and adult content are facing growing scrutiny from their payments and banking partners due to compliance-related concerns.
To mitigate this scrutiny and potential areas of risk, merchants in these high-risk categories are using innovative risk mitigation tools and next-generation geolocation data and geofencing. These vital tools enable high-risk merchants to confidently grow their businesses and accept transactions – even as regulations and compliance requirements increase.
- The most effective tools to mitigate potential compliance risks and protect your organization
- How precise location intelligence can instill confidence for your payment partners when working with higher risk merchants
- Latest regulatory and policy developments impacting high-risk merchants
Bots are one of the main weapons of choice of bad actors, particularly for malicious activities such as account takeover fraud (ATO) and identity theft. Versatile and adaptable, bots can stage a wide range of malicious activities, ranging from credential stuffing attacks using information exposed in data leaks to the creation of multiple online identities.
For businesses, the combination of bot threats can pose serious problems - especially when it comes to customer satisfaction and company reputation.
This webinar will discuss how bots attack, the negative consequences they can have on an organization and how merchants can protect themselves.
1. How bots attack (and types of bots)
2. The cost of bot fraud
3. Examples of ATO bot attacks
4. How businesses can fight back
How well does your fraud performance stack up against the latest global performance metrics? And what new fraud trends and tactics should be on your priority list?
In this webinar, Merchant Risk Council’s VP of Programs and Technology Tracy Kobeda Brown, Cybersource Head of Cybersource Managed Risk Solutions, LAC Talles Moreira, and Verifi VP, Business Development Chris Marchand will explore the answers to these important questions, by diving into key findings and results from the recently launched 2022 Payments and Fraud Report.
Join us to hear these three fraud experts:
- Discuss what the report’s latest fraud and payment metrics and benchmarks mean—and how you can use them to evaluate and improve your own fraud programs and strategies.
- Provide new insights into the full business impact of fraud and how you can better protect your organization.
- Share the latest on which new payment methods are gaining the most traction in different parts of the world—and what social and economic factors are driving their adoption.
Don’t miss this chance to learn more about today’s global fraud landscape—and what it means for your business.
Better fraud prevention, all around.
Many organizations rely on two-factor authentication (2FA) using one‑time passcodes (OTPs) sent by Short Message Service (SMS) to authenticate banking and ecommerce transactions. 2FA performed this way can be fast and easy, but SMS wasn’t designed to be a security tool.
Learn how your organization can leverage voice biometrics to protect customers and your brand by building the highest levels of protection, trust and loyalty.
KYC has its roots in the early 2000s in an effort to make it much more difficult for criminals to launder money through banks, insurers, and adjacent institutions, as well as to stop terrorism funding. However this approach has been made more and more difficult to help online businesses verify fraudsters.
Combined with social media lookup and strict KYC checks, we'll be looking at how we can implement better restrictions of fraudsters and help AML efforts.