October 5, 2018
Guest post by: Chris Hyde, Compliance Program Manager, Kount
Kount is a PCI Level 1 Service Provider and a PCI Security Standards Counsel Participating Organization. Being a Participating Organization allows Kount representatives (such as myself) to attend the Payment Card Industry (“PCI”) North America Community Meeting. PCI community meetings occur in different regions around the world and provide an opportunity for Merchants, Service Providers, PCI Assessors, and others to come together for several days of learning and networking with the goal of helping to improve protection for credit card data. This year’s meeting focused on the cybercrime ecosystem and how payment card security professionals can better work as a team to reduce card fraud.
Since joining the Kount team, I’ve found the goal to increase transaction acceptance, reduce payment card fraud, and prevent account takeover, to be exciting. The fact that Kount’s service has gone beyond this to stop human trafficking is even more rewarding; but, the community meeting put what we do in a whole new light. Kount doesn’t just stop fraud at the point of digital interaction, Kount changes the ecosystem of cybercrime.
With over eight million merchants in the United States accepting credit cards and the growing number of online accounts we all have, cybercriminals continue to find opportunities to steal data. Today’s cybercriminals are organized and efficient, with many cybercrime rings operating like businesses with dedicated functions, training, and formal job titles. Cybercrime is a booming business, and these criminals are more effective than ever. As an example, cybercrime groups began exploiting the vulnerability (CVE-2017-5638) that led to one of the largest data breaches in history within days of it being announced. Unfortunately, the odds are low that millions of merchants will all address security vulnerabilities in their systems before cybercriminals exploit them. For this and other reasons, breaches will continue to occur. Acknowledging this challenge, the conversation at the meeting shifted towards how the community can respond.
A common adage is that it takes “MOM” – means, opportunity, and motive to commit a crime. One conclusion was that merchants and the payment industry must do more to actively address opportunity and motive for cybercrimes. So how does Kount play into all this and change the cybercrime ecosystem?
There are two ways:
- Kount makes stolen information less valuable by lowering cybercriminals’ odds of success. As we highlighted in our three part article series on the dark web, there is a thriving market for stolen data. This market exists because it is relatively easy and probable for criminals to profit from stolen information. Anything that lowers the likelihood of a criminal’s success makes stolen information less valuable.
- Cybercrime is an underreported category of crime and prosecution rates are low due to the difficulty in gathering evidence. As highlighted in our How to Catch and Prosecute Fraudsters white paper, Kount’s platform provides tools enabling merchants to more effectively pursue prosecution of cyber criminals. According the Association of Certified Fraud examiners, one of the most effective strategies to reduce fraud is creating the “perception of detection.” In other words – bad people are less likely to steal when they believe they may be caught.
I hadn’t thought about Kount in this way before. I’d always thought of what we do as a treatment – prevent fraudulent transactions. Now I realize that, along with our merchants and broader information security, we can contribute to the cure.