Taking the results from a human-driven attack and analyzing the transactions for patterns can better equip merchants prevent fraudulent transactions in the future.
There are three types of payment fraud: true fraud, friendly fraud, and chargeback fraud. While it is equally important for merchants to take action to prevent and respond to all payment fraud, merchants need to address true fraud before it happens.
Unlike chargeback and friendly fraud, fraud losses that come from true fraud can not be recovered. Therefore, merchants must put preventative measures in place to stop true fraud. To make the most effective fraud filters, merchants have to stay up-to-date on the latest fraud trends. A recent fraud report found that merchants need to watch for payment fraud coming from human-driven attacks.
How to Prevent True Fraud
True fraud is when a fraudster obtains credit card credentials and successfully uses them at a merchant’s site or store. As a result, the actual cardholder disputes the purchase. Merchants can prevent true fraud by putting fraud filters and scoring in place to determine if a transaction is fraudulent or not. The key to fraud filters is finding the balance between having tight enough restrictions to prevent fraud, but loose enough to let valid customers through. Finding this balance requires an analysis of your customers and the fraudulent behaviors that your company sees.
Human-Driven Fraud Attacks
The Arkose Labs 2019 Fraud Report found that fraudsters are getting more sophisticated in their efforts. As you may think, sophisticated attacks do include more advanced technology, but they also include human-driven fraud attacks.
The report found that attacks evolve as preventive efforts are put into place by the merchant. The attack starts with just simple bot attacks. Unsophisticated bot attacks are relatively easy to catch because of their non-human behavior or easily flagged IP address usage. After preventive measures are put in place to stop the simple bots, more sophisticated bot attacks happen. Advanced bots are better at mimicking human behavior and ping many different IP addresses at regular shopping hours to avoid suspicion. Luckily, merchants are still able to detect and block these attacks. But after the bots are prevented, merchants can experience human-driven attacks.
Fraudsters are starting to utilize large-scale human workforces to launch organized attacks. Although using human labor instead of a bot may cost more, the value that comes from human attacks is worth it. The reason human attacks on a large scale are the most sophisticated is the fact they are human. They can access websites, apps, make purchases, log into accounts, and perform other actives with normal human behavior, which makes it harder to detect fraudulent traffic.
Where are Fraudsters Finding Human Labor?
Fraudsters are using socioeconomic gaps in developing economies to find low-paid labor. The fraud report found that fraud attacks come from many different countries, but there are two that lead the way in bot and human attacks: the Philippines and China. The most substantial amount of a mix of bot and human attacks come from the Philippines. The highest number of human-only attacks come from China. Organized fraud rings can set up these large labor forces, which can easily target and damage businesses.
How are Human-Driven Attacks Used?
Because human-driven attacks are harder to detect than bots, fraudsters mainly use human attacks to commit payment fraud and create fake accounts. On the other hand, bots are primarily used for account takeover fraud. Completing a purchase or creating an account requires human logic that is harder to perform or program with a bot.
Human-driven attacks are seen most in retail, finance, and technology industries.
How to Prevent Human-Driven Payment Attacks
As mentioned earlier, true fraud is the result of a fraudster using stolen credit card credentials successfully at a merchant's store or site. The way to prevent true fraud is by creating fraud filters to stop these fraudulent transactions from ever happening. To create successful and accurate fraud filters, merchants must create a fraud feedback loop. A fraud feedback loop is when a merchant analyzes the results of post-transaction fraud management. If they notice that a large number of transactions come back as true fraud, then a deep dive into that transaction data needs to take place.
Taking the results from a human-driven attack and analyzing the transactions for patterns can better equip the front end fraud filters to prevent these transactions in the future.