How eCommerce Brands Need to Fight the Rise of IoT Fraud

Retailers have been dealing with fraud from the day they opened their first opened their storefront. Ranging from credit card fraud to chargebacks to friendly fraud, eCommerce sellers saw significant increases in fraud in 2020. Each incident is also costing companies more than in previous years.

You may be wondering, however, what the use of IoT devices has to do with eCommerce fraud.

The adoption of IoT devices opens up new pathways for cybercriminals. Many of these devices have less focus on security than smartphones or desktops. Thieves are finding new ways to get into networks through these less secure devices and gaining access to a wealth of data, including login credentials and credit card numbers. This increases the risk of credit card fraud or account takeovers.

It also opens the door for Distributed Denial of Service (DDoS) attacks on eCommerce platforms – continuing and growing problem for retailers, especially during peak selling periods. For example, the Marai malware found vulnerabilities in Linux IoT devices, turned them into Botnets, and then crashed multiple sites. Many IoT users had never changed the default passwords.

IoT Security Risk

If you think about all the consumer data that’s being stored or accessible from IoT devices, it’s overwhelming. When people use a smart speaker to buy online, there’s the potential for unauthorized users to grab credit card data or account access information. The same thing applies to game consoles, smart TVs, medical devices, or fitness trackers.

It’s crazy. Hackers stole 10 gigabytes of data from a casino by hacking their fish tank. You read that right. An internet-connected fish tank allowed for remote monitoring so temperature and feedings can be adjusted automatically. It also allowed bad guys to get onto the casino’s network.

Researchers have also demonstrated hacks of coffee machines, printers, and internet-connected light bulbs. In one case, hackers were able to take control of the smart bulbs and install a malicious agent on the phone it controlled. They were then able to encode private data and transfer it.

Internet-connected utility meters, IoT pumps at gas stations, and security cameras can all provide additional targets for crooks. In a now-infamous case, researchers showed how it was possible to take control of a Jeep SUV over a cellular network. They were able to speed up the vehicle, slow it down, and even drive it off the roadway.

Other hacks have been uncovered on connected devices, such as doorbells, cameras, speakers, home security systems, baby monitors, toys, and even vacuum cleaners. It’s a big enough issue that Congress passed new legislation in December that was signed into law. The bipartisan measure establishes new security requirements for IoT devices owned or controlled by the federal government.

IoT Devices Are Less Secure

The Cybersecurity Unit of the Department of Justice says IoT devices are less secure and have become an increasingly attractive target for criminals. Here are a few of the reasons:

• Weak passwords: A startling number of people use easy-to-guess passwords or fail to change defaults.
• Unsecured network services: IoT devices allow endpoints to communicate among themselves. When an unsecured device is attached to the network, authentication can be bypassed.
• Failure to install updates or patches: Not all IoT devices have a way to automatically install firmware or software updates to fix vulnerabilities. Consumers often miss or ignore email requests for updates
• Lack of privacy protections: If hackers can get past the lax security on many IoT devices, they can gain access to user’s personal information. Often, information stored in IoT devices is not encrypted.

Managing Risk in eCommerce

Security experts uncovered millions of devices that had serious security flaws that can let attackers take control. In these cases, there was no known patch for the flaws. For cybercriminals that trade such information openly on the dark web, it was open season. Many of these devices still haven’t been patched more than a year later.

With more than 46 billion IoT devices online in 2021, eCommerce brands need to remain vigilant. Even if fraudsters aren’t gaining direct access to company assets, they are using less-secure IoT devices to harm companies indirectly. More fraud means more stolen credit cards floating around. Stolen credentials mean more account takeovers.

Every company manages risk in different ways. The most effective way is to align risk management across departments. A holistic approach to Risk Operations (RiskOps) is necessary for an effective approach to fighting fraud for eCommerce sellers.

Even if your network is not vulnerable to unauthorized access from an IoT device, your customers likely aren’t placing the same value on security. The growing adoption of IoT is only going to create more ways for cybercriminals to gain credentials and credit cards. That means more fraud attempt is on the way.

The best line of defense for eCommerce brands is a proactive solution to watch for criminals using stolen information to commit fraud. Nobody will take it as seriously as you will.

Stay on top of new threats and make sure you are making every effort to fight fraud and manage your risk.

We hope you enjoyed this promoted post as much as we did!