The New Threats Posed by the Emerging Fraud Ecosystem
Merchant fraud used to be simple: Someone waiting in line at the return counter with a stolen item. Today, merchant fraud is part of a teeming, underground economy of coordinated financial crime.
And unfortunately, merchant fraud is evolving faster than the security systems designed to stop it. This adaptation is perhaps the most important tool fraudsters have. Businesses need to understand how fraud is evolving, the many forms it takes, and how they can adapt their organizations to fight back.
The New Fraud Ecosystem
Fraud moves fast. Many of the most pressing fraud techniques didn’t even exist a decade ago; now, they’re clear and present threats to every business’s security.
Consider the numerous styles of fraud and how they relate to one another. Fraudsters have numerous attack vectors these days that can be combined to create coordinated threats across channels. This exposes businesses to substantial risk—especially if they rely on outdated fraud detection systems.
A Review of Existing Fraud Tactics
Despite the surge of new fraud tactics entering the mainstream, fraudsters still rely on existing fraud strategies for the bulk of their attacks:
Triangulation fraud occurs when a fraudster sells a legitimate product over an auction account (like eBay), receives the money, then purchases the same item from a legitimate retailer with a stolen card. They ship the item to the customer, creating a system wherein fraud is virtually undetectable until a chargeback occurs.
This fraud tactic involves criminals opening accounts in bad faith, simulating normal activity for months (or years) to create a sense of legitimacy, then switching their behaviors to fraud in an instant.
In chargeback fraud, criminals intentionally request a chargeback on a legitimate purchase after claiming that the product in question wasn’t delivered, was incorrect, or was returned without a refund being processed.
This multi-stage fraud tactic involves a fraud operator who leverages a network of unwitting “shipping mules” through work-at-home job scams. These mules are used by the operator and his/her network of credit card thieves to receive and reship merchandise, obscuring the trail of stolen goods.
Buy online, pick up in store fraud
This cross-channel fraud occurs when fraudsters select this option at online checkout, then call the merchant and request that the item be shipped after all.
Reviewing Emerging Fraud Tactics
Fraudsters are leveraging new strategies to bypass traditional security and improve their odds of success. Business owners need to be aware of these emerging fraud tactics:
Bot attacks involve network of scripted bots that are programmed to purchase items from vendors using stolen credit card data. They can even be programmed to set up new accounts and concentrate on specific in-store items.
This fraud occurs when criminals deliberately mistype their address info to avoid getting caught by fraud systems, yet remain legible for humans delivering the packages (e.g. “R0ad” instead of “road”).
Prefix phone pattern
Fraudsters can spoof local area codes to increase their legitimacy, allowing them to imitate local merchants and fool customers into providing their personal information. They may also impersonate other entities, such as the IRS.
Synthetic ID fraud occurs when thieves create new identities using a combination of real and fabricated information. They may nurture these fake identities to appear legitimate, then use them to steal lines of credit or open fake accounts.
Devices are now available that let fraudsters clone user credit cards and access the lines of credit for their own use.
Rules-Based Solutions Aren’t Enough
Sophisticated fraud requires sophisticated solutions, and businesses operating with aging, rules-based detection systems aren’t equipped to meet these challenges. Instead of relying on outdated fraud prevention methods, companies should consider how new solutions could improve their fraud detection capabilities.
In particular, machine learning and model-based fraud detection is showing great promise in decreasing fraud incidence in businesses of all sizes. While these tools currently provide businesses with a great competitive advantage in fraud detection, they may soon become non-optional as fraud continues to adapt.
Latest posts by Ken Bui (see all)
- EU Fifth AML Directive: How Banks Can Prepare for Five Key Changes - November 18, 2019
- AI Best Practices to Improve Enterprise Risk Outcomes - October 22, 2019
- Why It’s So Hard for Challenger Banks to Fight Financial Crime - September 24, 2019
Subscribe to stay infomed