E-Commerce Fraud: How to Layer Technology
Online anonymity is a fraudster’s best weapon. Back in the day, criminals were identified based on physically collected data like ID information, aliases and mugshots. In the new digital world, new techniques must be implemented to prevent e-commerce fraud.
Device fingerprinting is a common standard used to identify online fraudsters. Data points such as device type, screen information, device setup, OS (Operating System), time zone, and many others can be combined to create a unique “fingerprint” to identify users. This “Fingerprint” can then be used to identify suspect users and prevent them from abusing your site.
Account Forensics is another identifying technique. This method uses the information entered by the user, such as name, address, email and credit card information, to verify the validity of the user, and measure the fraud risk of this transaction. Common account information checks include CVV (Card Verification Value), AVS (Address Verification Service), billing and shipping match and distance between these addresses and the user’s IP address.
Lastly, Social Profiling has also proved to be a useful modern technique. This method checks the users’ public social media data to ensure the validity of the account. For example, social profiling will check how many facebook followers this user has, and the age of the social media account.
All of these solutions have value detecting e-commerce fraud, but understanding how to layer them together is a key component.
Why a Multi-Method Approach is Needed
Because device fingerprinting technology is using so many data points, the user’s fingerprint changes with any alteration, for example, every software update, plugin installation, and even something as simple as a time change can alter the print and will result in a new “print” that won’t be recognized.
In Addition, device fingerprinting is generally a reactive solution. You’re only able to flag and blacklist dangerous devices based on past instances of successful fraud. Thus, you’re always going to be a step behind the criminals launching new e-commerce fraud attacks.
In contrast, social profiling and account forensics can flag orders on a new device with no previously known history for any number of reasons, including
- Multiple declined transactions using different credit cards.
- Multiple separate identities sharing the same IP address.
- Unreasonable expedited shipping.
- Use of “spammy” or fake information to place an order, such as obviously fake phone numbers or email addresses (e.g. 555-444-3333 or firstname.lastname@example.org)
E-Commerce Fraud & Their Solutions
One of the biggest challenges facing E-Commerce platforms is the circumvention of these methods. A prime example is the utilization of “Account Takeover” by new age fraudsters. Adept criminals use RDP (Remote Desktop Protocols), to hack into the users’ actual device and commit fraud from verified devices. This avoids Device Fingerprinting all together and poses a significant concern.
Sophisticated fraudsters know to update their OS to avoid device recognition. They will also contact the credit card issuing bank to switch the address on file to match the fraudsters address – thereby avoiding all red flags. Well almost all red flags, FraudFix solves this issue by adding an extra check to see if there are any recent changes to the shipping or billing addresses.
Fraudsters are constantly innovating their own tools and tactics to exploit new vulnerabilities as the ecommerce landscape grows and changes, and merchants have no choice but to keep pace with them. Fortunately fraud tools such as FraudFix take a multi-pronged approach to identifying digital fraud in the E-Commerce fraud. Besides using methods stated previously, Fraudfix’s proprietary Artificial Intelligence models and Machine Learning techniques fill in the security gaps in this ever changing digital landscape.