Businessman touching a global network connection, Omni Channel and communications concept

E-Commerce Fraud: How to Layer Technology

Online anonymity is a fraudster’s best weapon. Back in the day, criminals were identified based on physically collected data like ID information, aliases and mugshots. In the new digital world, new techniques must be implemented to prevent e-commerce fraud.

Device fingerprinting is a common standard used to identify online fraudsters. Data points such as device type, screen information, device setup, OS (Operating System), time zone, and many others can be combined to create a unique “fingerprint” to identify users. This “Fingerprint” can then be used to identify suspect users and prevent them from abusing your site.

Account Forensics is another identifying technique. This method uses the information entered by the user, such as name, address, email and credit card information, to verify the validity of the user, and measure the fraud risk of this transaction. Common account information checks include CVV (Card Verification Value), AVS (Address Verification Service), billing and shipping match and distance between these addresses and the user’s IP address.

Lastly, Social Profiling has also proved to be a useful modern technique. This method checks the users’ public social media data to ensure the validity of the account. For example, social profiling will check how many facebook followers this user has, and the age of the social media account.

All of these solutions have value detecting e-commerce fraud, but understanding how to layer them together is a key component.

Why a Multi-Method Approach is Needed

Because device fingerprinting technology is using so many data points, the user’s fingerprint changes with any alteration, for example, every software update, plugin installation, and even something as simple as a time change can alter the print and will result in a new “print” that won’t be recognized.

In Addition, device fingerprinting is generally a reactive solution. You’re only able to flag and blacklist dangerous devices based on past instances of successful fraud. Thus, you’re always going to be a step behind the criminals launching new e-commerce fraud attacks.

In contrast, social profiling and account forensics can flag orders on a new device with no previously known history for any number of reasons, including

  • Multiple declined transactions using different credit cards.
  • Multiple separate identities sharing the same IP address.
  • Unreasonable expedited shipping.
  • Use of “spammy” or fake information to place an order, such as obviously fake phone numbers or email addresses (e.g. 555-444-3333 or asdkj321@freeemail.com)

E-Commerce Fraud & Their Solutions

One of the biggest challenges facing E-Commerce platforms is the circumvention of these methods. A prime example is the utilization of “Account Takeover” by new age fraudsters. Adept criminals use RDP (Remote Desktop Protocols), to hack into the users’ actual device and commit fraud from verified devices. This avoids Device Fingerprinting all together and poses a significant concern.

Sophisticated fraudsters know to update their OS to avoid device recognition. They will also contact the credit card issuing bank to switch the address on file to match the fraudsters address – thereby avoiding all red flags. Well almost all red flags, FraudFix solves this issue by adding an extra check to see if there are any recent changes to the shipping or billing addresses.

Conclusion

Fraudsters are constantly innovating their own tools and tactics to exploit new vulnerabilities as the ecommerce landscape grows and changes, and merchants have no choice but to keep pace with them. Fortunately fraud tools such as FraudFix take a multi-pronged approach to identifying digital fraud in the E-Commerce fraud. Besides using methods stated previously, Fraudfix’s proprietary Artificial Intelligence models and Machine Learning techniques fill in the security gaps in this ever changing digital landscape.

Viewed 208 times / 1 views today
Tagged with
Posted in ,

Author: Michael Dembinsky
Michael Dembinsky is the Co-founder of FraudFix and has decades of executive experience providing fraud prevention solutions for Fortune 500 companies. Michael leads the company's efforts in creating automated fraud solutions that are tailored for each merchant, and oversees the company's ongoing expansion into emerging technologies, ensuring scalability in response to an increasingly digitized world. Prior to FraudFix, Michael was CEO and Founder of E-Fraud Security, a company that pioneered credit card verification services.