Eliminating avenues of online fraud such as account takeovers, fake account creation, and API abuse.
The retail industry is commonly targeted by bad actors who use stolen credentials and automated bots to launch high volume account take over attacks that result in financial losses through theft and fraud, as well as damage to the brand. The ‘2018 Cost of Retail Fraud’ report published by LexisNexis states that every $1.00 lost to fraud results in an expense of $2.94, a 24% year-over-year increase. Identity theft and synthetic identities (account take overs) represented a whopping 39% of the fraud costs.
Stopping attackers and their malicious intent is every security practitioners’ goal. But there are times when we need to grant unfettered access to network resources for day-to-day operations. Better known as whitelisting, I have seen scenarios where an over-zealous whitelist granted from-anywhere to-anywhere access to a database. Security best practices dictate that this level of permissiveness should raise an eyebrow or two.