[Editor's note: December is Machine Learning Month at Card Not Present (sponsored by Feedzai). Fraud in the digital commerce world continues to increase not only in volume, but also in sophistication. Higher order threats require a different response, and antifraud systems based on machine learning are becoming an important part of an online merchant's arsenal. Check back here throughout the month for updated content detailing the way machine learning technology is changing the face of fraud prevention.]
Merchant fraud used to be simple: Someone waiting in line at the return counter with a stolen item. Today, merchant fraud is part of a teeming, underground economy of coordinated financial crime.
And unfortunately, merchant fraud is evolving faster than the security systems designed to stop it. This adaptation is perhaps the most important tool fraudsters have. Businesses need to understand how fraud is evolving, the many forms it takes, and how they can adapt their organizations to fight back.
The New Fraud Ecosystem
Fraud moves fast. Many of the most pressing fraud techniques didn't even exist a decade ago; now, they're clear and present threats to every business's security.
Consider the various styles of fraud and how they relate to one another. Fraudsters have numerous attack vectors these days that can be combined to create coordinated threats across channels. This exposes businesses to substantial risk—especially if they rely on outdated fraud detection systems.
A Review of Existing Fraud Tactics
Despite the surge of new fraud tactics entering the mainstream, fraudsters still rely on existing fraud strategies for the bulk of their attacks:
Triangulation fraud - Triangulation fraud occurs when a fraudster sells a legitimate product through an auction site (like eBay), receives the money, then purchases the same item from a legitimate retailer with a stolen card. They ship the item to the customer, creating a system wherein fraud is virtually undetectable until a chargeback occurs.
Sleeper fraud - This fraud tactic involves criminals opening online accounts in bad faith, simulating normal activity for months (or years) to create a sense of legitimacy, then switching their behaviors to fraud in an instant.
Chargeback fraud - In chargeback fraud, criminals intentionally request a chargeback on a legitimate purchase after claiming that the product in question wasn't delivered, was incorrect, or was returned without a refund being processed.
Reshipper fraud - This multi-stage fraud tactic involves a fraud operator who leverages a network of unwitting "shipping mules" through work-at-home job scams. These mules are used by the operator and his/her network of credit card thieves to receive and reship merchandise, obscuring the trail of stolen goods.
Buy online, pick up in store fraud - This cross-channel fraud occurs when fraudsters select this option at online checkout, pay with a stolen card and pick the item up before the transaction can be effectively screened for legitimacy.
Reviewing Emerging Fraud Tactics
Fraudsters are leveraging new strategies to bypass traditional security and improve their odds of success. Business owners need to be aware of these emerging fraud tactics:
Bot attacks - Bot attacks involve networks of scripted bots that are programmed to purchase items from vendors using stolen credit card data. They can even be programmed to set up new accounts and concentrate on specific in-store items or test stolen login credentials for validity.
Address malformation - This fraud occurs when criminals deliberately mistype their address info to avoid getting caught by fraud systems, yet remain legible for humans delivering the packages (e.g. "R0ad" instead of "road").
Prefix phone pattern - Fraudsters can spoof local area codes to increase their legitimacy, allowing them to imitate local merchants and fool customers into providing their personal information. They may also impersonate other entities, such as the IRS.
Synthetic ID - Synthetic ID fraud occurs when thieves create new identities using a combination of real and fabricated information. They may nurture these fake identities to appear legitimate, then use them to steal lines of credit or open fake accounts.
Offline fraud - Devices are now available that let fraudsters clone user credit cards and access the lines of credit for their own use.
Rules-Based Solutions Aren't Enough
Sophisticated fraud requires sophisticated solutions, and businesses operating with aging, rules-based detection systems aren't equipped to meet these challenges. Instead of relying on outdated fraud prevention methods, companies should consider how new solutions could improve their fraud detection capabilities.
In particular, machine learning and model-based fraud detection, such as the capabilities provided by the Feedzai Platform, is showing great promise in decreasing fraud incidence in businesses of all sizes. While these tools currently provide businesses with a great competitive advantage in fraud detection, they may soon become non-optional as fraud continues to adapt.
To read more about how machine learning and model based fraud detection, such as Feedzai, can help Merchants protect themselves from fraud, check out our recent blog post: How Merchants Can Rapidly Confront the Account Takeover Crisis.