To stay one step ahead of fraudsters and to prevent fraudulent activities from happening requires knowledge of how fraudsters will attempt to gain merchandise or funds from the merchant.
Understanding how fraudsters work and operate is essential knowledge for merchants. To stay one step ahead of fraudsters and to prevent fraudulent activities from happening requires knowledge of how fraudsters will attempt to gain merchandise or funds from the merchant. The DataVisor Fraud Index Report goes through how fraudsters are getting more sophisticated and the methods they are using. We will dive into those findings.
Fraudsters are Getting More Sophisticated
In the DataVisor Fraud Index Report, one of the significant findings was the rapidly increasing degrees of sophistication and the wide variation of end goals of fraud attacks. There are a couple of differences between low and highly sophisticated fraud attempts.
Less sophisticated attacks use old fraud practices
These attacks typically come in short-lived bursts and reuse known bad fraud signals such as causing a large volume of activities or manipulate multiple fraudulent accounts using the same script. Because of these signs these attacks are easier for merchants to detect and prevent. This is why fraudsters had to create more sophisticated attacks to be successful.
Advanced attacks are more stealthy
More sophisticated fraud attacks take great measures to ensure that the fraudulent activity blends in with all other normal users. This means their attacks will last over longer durations of time operating at a low rate to stay under the radar. Because of these methods, the attacks can cause more damage because they can go unnoticed for a long time.
Mimicking normal users is the name of the game
The longer the fraudster can go without being caught or shut down by the company the more they gain. The DataVisor Fraud Index Report gives one example of a high sophistication attack, where they observed fake accounts registered using a rare email domain. Aside from the simultaneous sign-up activity, the accounts appeared normal and performed many normal activities. Upon closer inspection abnormal behavior could be detected. Each user account logged in from multiple geographic locations, with each login originating from a different location. A user might be in Cambodia one moment, then Argentina next, then in Algeria after that. Ultimately, each user logged in from as many as ten different countries. Viewed together, this group of users originated from hundreds of locations all over the world. It is likely the fraudster behind the attack leveraged proxy services that have presence in residential or mobile network ranges.
What to Know
There are a couple of things that merchant should keep in mind before searching out fraudulent behavior:
Find out what is normal for your customers
Take some time and do some analysis work. By truly understanding how your customers sign up for accounts, interact with the website, and purchase products. This will give you a good idea of what behavior is completely normal and what should be looking into.
Watch for jumping of geographical locations
Fraudulent accounts usually do not stay in the same geographic location. It will jump across networks located in different countries. In another DataVisor Report example, they observed that fraudsters would register from mobile networks in the U.S., then log in from an ISP in Malaysia in order to edit the user’s profile information then log back in from a U.S. network. This kind of behavior is very rare for normal global users. The investigation found that this is a group of over 500 mass-registered fake accounts that were created on the same day with scripted email addresses.
New or different doesn’t always mean fraud
If there is a spike in new or different behavior in your motoring make sure to take an in-depth look at it before assuming it is fraud. DataVisor points out there is a tendency to look at “new” or “unusual” entities with suspicion. For example, new email domains or a rare user-agent string are often likely fraudulent. However, not all unusual-seeming behavior is in fact abnormal. It all depends on the context. Such as a “new” versions of an iOS releases which might appear to be peculiar at first instance.
All fraudsters are the same, right?
The type of fraudster covered in the DataVisor report is just one kind of fraudster you’ll encounter. Outside of those committing true fraud, there are actually two more types of fraudsters you need to be aware of, fight against, or even sympathize with. Learn more about the three types of fraud in our free ebook.