Cybercrime Risks of a Single Login Across Multiple E-Commerce Sites

Amazon.com recently announced a new feature, "Login and Pay," which enables its 215 million customers to purchase products on participating e-commerce sites using their existing Amazon account login and credit card credentials. Through this service, merchants can collect more insights on customer shopping behavior and preferences using information from Amazon's database. At the same time, customers benefit by being able to make purchases without entering their account information on multiple sites each time.

While Login and Pay offers convenience for merchants and consumers, there are severe security concerns associated with this service. Specifically, if one of the participating retail websites is compromised, login and credit card credentials for several websites can be exposed to cybercriminals. Using such a service ignores a cybercrime prevention measure security experts have stressed the importance of for some time — using unique logins across websites.

E-commerce merchants lose up to $3 billion in revenue each year to cybercrime attacks. To protect against these threats, consumers should take caution by using unique logins, avoiding links and offers from third-party sources, and keeping their computer security software updated.

In addition to consumers taking caution, retailers must put preventative measures in place to protect against cybercrime, especially this time of year with the busy holiday shopping season. Specifically, retailers can leverage the collective intelligence from a global network to stop cybercriminals in their tracks.

Leveraging a Collective Trust Intelligence Network
To protect against potentially fraudulent transactions, e-commerce merchants should leverage collective data from a global intelligence network comprised of device identification characteristics, user and persona profiles, past behavior, detected relationships, and threat assessments. Specifically, retailers can link customer accounts to their devices, addresses and previous transactions to build a history of legitimate customers and suspicious accounts.

Leveraging a collective network enables online merchants to analyze logins, payments and accounts to evaluate the data relating to both the user and their associated devices from all channels, including desktop, laptops, web browsers and mobile apps. Doing so can help protect against the following cybercrime threats:

• Account takeover: While this threat traditionally targeted financial service providers, it's an increasing risk for e-commerce merchants. Using a collective network, retailers can spot red flags such as multiple devices accessing one account, spoofed browser settings and changing account data (e.g., billing or shipping addresses). Such technology also protects online customers from malware targeting credit cards as well as automated logins from bots and compromised devices.
• Payment fraud: E-commerce merchants must implement verification technologies to assure transactions are authentic. A collective network can help you protect transactions while creating a more convenient customer experience by reducing false negatives (i.e., incorrectly labeling an authentic transaction as fraudulent).

Online payment fraud and account takeover protection should be a top priority for e-commerce merchants given the significant amount of revenue lost to cybercriminals. By using a collective intelligence network to differentiate between trusted and suspicious personas, devices and behavior, online retailers can differentiate between good and bad actors to protect transactions. Consumers must also play their part in the fight against cybercrime by taking caution when it comes to such services as those that enable the same login across multiple accounts.

Andreas Baumhof is the chief technology officer of ThreatMetrix, a provider of integrated cybercrime prevention solutions. Andreas can be reached at abaumhof@threatmetrix.com.