The New Threats Posed by the Emerging Fraud Ecosystem

Merchant fraud used to be simple: Someone waiting in line at the return counter with a stolen item. Today, merchant fraud is part of a teeming, underground economy of coordinated financial crime.

And unfortunately, merchant fraud is evolving faster than the security systems designed to stop it. This adaptation is perhaps the most important tool fraudsters have. Businesses need to understand how fraud is evolving, the many forms it takes, and how they can adapt their organizations to fight back.

The New Fraud Ecosystem

Fraud moves fast. Many of the most pressing fraud techniques didn’t even exist a decade ago; now, they’re clear and present threats to every business’s security.

Consider the numerous styles of fraud and how they relate to one another. Fraudsters have numerous attack vectors these days that can be combined to create coordinated threats across channels. This exposes businesses to substantial risk—especially if they rely on outdated fraud detection systems.

A Review of Existing Fraud Tactics

Despite the surge of new fraud tactics entering the mainstream, fraudsters still rely on existing fraud strategies for the bulk of their attacks:

Triangulation fraud

Triangulation fraud occurs when a fraudster sells a legitimate product over an auction account (like eBay), receives the money, then purchases the same item from a legitimate retailer with a stolen card. They ship the item to the customer, creating a system wherein fraud is virtually undetectable until a chargeback occurs.

Sleeper fraud

This fraud tactic involves criminals opening accounts in bad faith, simulating normal activity for months (or years) to create a sense of legitimacy, then switching their behaviors to fraud in an instant.

Chargeback fraud

In chargeback fraud, criminals intentionally request a chargeback on a legitimate purchase after claiming that the product in question wasn’t delivered, was incorrect, or was returned without a refund being processed.

Reshipper fraud

This multi-stage fraud tactic involves a fraud operator who leverages a network of unwitting “shipping mules” through work-at-home job scams. These mules are used by the operator and his/her network of credit card thieves to receive and reship merchandise, obscuring the trail of stolen goods.

Buy online, pick up in store fraud

This cross-channel fraud occurs when fraudsters select this option at online checkout, then call the merchant and request that the item be shipped after all.

Reviewing Emerging Fraud Tactics

Fraudsters are leveraging new strategies to bypass traditional security and improve their odds of success. Business owners need to be aware of these emerging fraud tactics:

Bot attacks

Bot attacks involve network of scripted bots that are programmed to purchase items from vendors using stolen credit card data. They can even be programmed to set up new accounts and concentrate on specific in-store items.

Address malformation

This fraud occurs when criminals deliberately mistype their address info to avoid getting caught by fraud systems, yet remain legible for humans delivering the packages (e.g. “R0ad” instead of “road”).

Prefix phone pattern

Fraudsters can spoof local area codes to increase their legitimacy, allowing them to imitate local merchants and fool customers into providing their personal information. They may also impersonate other entities, such as the IRS.

Synthetic ID

Synthetic ID fraud occurs when thieves create new identities using a combination of real and fabricated information. They may nurture these fake identities to appear legitimate, then use them to steal lines of credit or open fake accounts.

Offline Fraud

Devices are now available that let fraudsters clone user credit cards and access the lines of credit for their own use.

Rules-Based Solutions Aren’t Enough

Sophisticated fraud requires sophisticated solutions, and businesses operating with aging, rules-based detection systems aren’t equipped to meet these challenges. Instead of relying on outdated fraud prevention methods, companies should consider how new solutions could improve their fraud detection capabilities.

In particular, machine learning and model-based fraud detection is showing great promise in decreasing fraud incidence in businesses of all sizes. While these tools currently provide businesses with a great competitive advantage in fraud detection, they may soon become non-optional as fraud continues to adapt.


How to Choose a Machine Learning Platform for Risk

Subscribe to stay infomed