Posted by Tom Donlea | May 21, 2014
What a thrill to hear Brian Krebs speak at the Card Not Present expo in Orlando. I’ve known Brian for about 3 years as we recruited him to educate the members of the MRC when I was overseeing US programming. He is a trained journalist who has been slaving away for years breaking stories related to online crime and security issues. When he spoke to the MRC conference in March of 2013 he was primarily known as the reporter who got the SWAT team sent to his door by organized crime. In spite of Krebs warning the police that these crime groups were going to pull something, the local PD got tricked into believing he owned a meth lab. Now Krebs is known for breaking the Target breach story last Fall. He has gone from a fringe reporter howling in the wind to a beacon in the realm of bringing internet security issues to light.
Krebs gave a great keynote speech kicking off the CNP gathering. He highlighted the need for online companies to increase their focus on data and transaction security. It’s been proven over and over that consumer loyalty is indeed affected by these breaches and the identity theft and account takeover activity has spiked since the breach of 70 million identities and 40 million payment credentials hit the underground cyber marketplaces. Many of these cards were fetching $300 because they were so rich with identity theft information. Typically stolen cards sell for $3-5 in these underworld markets. Krebs pointed out the need, especially, to further scrutinize identity and ensure that merchants are doing business with legitimate consumers. There are layers of fraud prevention tools that merchants can utilize from scoring transactions to device recognition and IP geolocation. It was quoted in the 2012 True Cost of Fraud Survey by Lexis Nexis that almost half of the merchants they surveyed had never even heard of these tools.
Machine learning and using quality contact data to verify identity are key tools that merchants should be using during this age of compromised identities and breached databases. Many, many speakers at this conference emphasized the October 2015 launch of “chip and pin” terminals in US stores. Krebs presented data from 6 other G20 countries showing that online fraud skyrocketed after similar EMV implementations. It’s our belief that high profile breaches and reporting like that of Brian Krebs will raise the profile of these needed security efforts. Shedding light on these growing safety issues will allow all of our online business efforts to thrive on a solid foundation.
Were you able to catch Krebs’ keynote speech? Share your thoughts in the comments.