Risk Management: Addressing the Leading Fraud Types

There are many things that can derail a startup or scaleup in its tracks. Some of them can hardly be predicted, like the development team quitting or the investors imposing their will on the product development. Others, like customer background checks, risk scoring, chargeback resolution, identity theft prevention, and risk management can be managed. Just wrap your head around the fact that around $56 billion was lost in 2020 to fraud, identity fraud accounting for $43 billion of this money.

With an average cost of a cyberattack on a startup or scaleup reaching $200,000 even before the pandemic, and there being more than 200,000 cyberattacks on e-commerce stores monthly, neglecting risk management and fraud prevention can be quite costly for your business. This is why implementing a risk management platform for your business is essential. Selecting a good tool can help cater to multiple business needs, cover the cybersecurity basics, ensure KYC/AML and EMI compliance and provide various other benefits.

Covery is here to help and is hosting a FREE webinar on 27th of May 2021, showcasing risk management basics, insights, and best practices, along with addressing the key concerns many businesses have regarding risk management strategy implementation.

This article is based on Covery’s rich experience of handling multiple kinds of fraud and mentions several reasons why you should implement a risk management platform for a startup or scaleup, with real-life case studies.

Most common types of fraud

Below we list the types of fraud you might encounter at various stages of your journey

1. Phishing
2. Money laundering
3. Friendly fraud
4. Affiliate fraud
5. Identity theft
6. Account takeover
7. Triangulation fraud

Phishing

It sounds similar to fishing, and it actually works in a similar manner. The fraudster throws out some bait — a legitimate looking email supposedly sent by your bank to update your banking details for some seemingly good reason. Should you follow the link in the email, you will be taken to the exact copy of the bank page. Upon entering your login details you might be even taken to the real bank’s page and log into your real account — but the fraudster will have your credentials and will abuse them to gain control over your account and funds.

How to prevent: Never click any links in such emails, no matter how official and urgent they might seem. Contact your bank via phone or messenger upon receiving such an email and verify if they indeed sent it. Periodically repeat these instructions for your customers and have a procedure for lost password recovery that doesn’t use the email.

Money laundering

Criminals have to make their dirty money clean, and online banking provides one of the easiest ways for it. The money deposited to a user account with you will not be the money withdrawn from it, and you will become an accomplice in a money-laundering scheme.

How to prevent: Use configurable business risk logic rules to monitor for signs of potential money laundering and improve your risk management (too many orders from a single card, many orders from multiple cards to a single address, deposits and withdrawals of large sums in quick succession, etc.).

It’s quite hard to achieve manually, but a specifically trained AI model coupled with an in-depth risk logic rule engine can help in achieving this goal immensely.

Friendly fraud

Sometimes the customers file chargeback complaints with their banks for the services or products they didn’t order, nor receive. Sometimes, they did order and received said products, but the bank always trusts the customer first and deducts the chargeback sum from your merchant’s account until resolution. Even if as a merchant you did everything correctly, the customer might still file a chargeback claim.

As the bank stands by the customer, this is called friendly fraud. Once the number of such claims gets too high (1% from all transactions for low-risk merchants, 3% for high-risk), you are considered a high-risk business, and many payment processors/banks either don’t work with you at all or take much bigger fees for processing transactions.

How to prevent: Have all the details of all your transactions automatically logged. Have a clear and transparent product return/service refund policy. Track every delivery and demand confirmation of receipt. Have a chargeback management tool in place to stop claims from being disputes and improve your risk management.

Affiliate fraud

You might want to partner with affiliates to promote your products/services and pay them commissions for every lead generated. Unfortunately, many affiliates mix trash traffic with a relevant one to earn commissions on false claims. Affiliate fraud is quite widespread due to the complexity of tracking it manually.

How to prevent: Check for repetitive patterns like registrations from strange email addresses that never respond to your further emails, to repetitive patterns in chargebacks (multiple claims from close geographical proximity in a short period of time, etc). Doing this automatically helps a lot, especially when you have to process thousands of transactions a day.

Case study: one Covery customer reported having regular waves of chargebacks, with the last one costing $56,000. Combining Covery features like device fingerprinting, behavioral analysis, and “rule forecast report” (running new risk logic rules against historical transaction records to find previously unseen patterns), we were able to identify an affiliate fraud scheme.

Several large affiliate networks covered geographical polygons where fraudulent transactions came from. The warning signs of potential chargeback claims were as follows:

1. Many users doing payments from a single device within the network
2. Many payments coming from emulated devices within the same network
3. Similar domain and local names of email addresses of such customers

This turned out to be caused by emulated mobile devices with several transmitters, able to connect to several carrier networks to disperse the region of their activity. However, Covery was able to pinpoint such devices and close access from them to the customer’s services. The total sum of losses suffered before using Covery was unraveled to be nearly $300,000, but the sum of potentially lost future revenue was in the millions. This is just one of many ways Covery provides value to business owners. 

Identity theft

By using stolen credit card details, fraudsters are able to pose as legitimate customers and make orders at your website. This might also involve social engineering to build a digital replica of your clients based on their social media information to retrieve access to their accounts by making the customer support representative believe the fraudsters are the rightful owners.

How to prevent: Force all customers to create strong passwords, update them regularly, never share their account details anywhere, etc. It could also be wise to implement 2-factor authentication (like sending confirmation codes to a user’s smartphone to enable account access after password reset). Using KYC/AML automation, Trustchain records, device fingerprinting, and other Covery features helps a lot in preventing identity theft for your customers and safeguarding your revenues.

Triangulation fraud

This elaborate scheme is easy to perform and hard to counter. The fraudsters set up fake sites where you can order valuable goods for cheap. After a customer issues an order and provides the banking details, the fraudster goes to a real site, buys the goods and sends them to the customer. All is good and well, yeah, you just bought an iPhone for $50, congrats!

However, the fraudster now has your credit card credentials, and in a week or two will spend all the money on it, take a loan to the limit, etc.

How to prevent: Device fingerprinting and Trustchain reputation database records help identify such transactions. For example, this banking card was used to make small purchases from the New York area mostly, from this phone number. But now it was used from Manila, and the order sums were big, not to mention the phone number changed — and this device might have already been marked in previous fraudulent schemes. Such transactions are immediately flagged and halted until the investigation, so you can save your customer’s money — and save yourself from an unpleasant chargeback resolution process later on.

Account takeover

Stolen credit cards, phishing, identity theft, triangulation, social engineering — all of this is done to perform account takeover. When the customer finds out he can no longer log in to their account with you, the discovery of the lost funds usually follows.

How to prevent: Once again, device fingerprinting, AI-powered behavioral analysis, Trustchain reputation records and other Covery features come to the rescue. If you can clearly prove to the payment processor and the card-issuing bank that the last batch of transactions was the fraudulent one and that you are not the one to blame, you will be able to restore customer’s access to their account and avoid massive headache which is chargebacks.

Comment from Alexandr Khelemskiy, Product Owner at Covery: “Account takeover protection, prevention of synthetic identity theft, and behavioral analysis are among the main use cases for AI/ML algorithms in risk management. Combining these algorithms with rule-based risk logic engines allows uncovering even the most complex fraudulent schemes”.

“We always recommend using the simplest possible solution, so if an issue can be solved with rules only — use them. However, with operations at scale, you have an abundance of data and getting value out of it becomes quite hard, as you cannot manually identify all the correlations between fraudulent behaviors and certain data values.” – he adds.

“This is when AI and ML really pull their weight, as a precisely trained algorithm can analyze up to 50 parameters to pinpoint fraudulent actors and operations on the fly, ensuring the reduction in fraud cases up to 80% in certain scenarios”, Alex stated.

Chargebacks

We have mentioned them several times before, but it is worth dedicating an own point to them. Chargebacks are the necessary evil you have to live with — but sometimes things can spiral out of control. When you have more than 3% of chargebacks monthly as a high-risk merchant or more than 1% as a low-risk one, many banks and payment processors stop working with you, and the ones who work take much larger fees for their services.

How to prevent: Unfortunately, you cannot prevent chargebacks in their entirety, but you can minimize their numbers, along with the time and effort spent on dealing with them. Using various Covery features for chargeback prevention helps reduce the number of such disputes by up to 80%.

Case study: One Covery customer was at risk of turning into a high-risk merchant, which is a death sentence for an e-commerce business. As it turned out, this was caused by the malevolent activity of a competitor, who issued lots of orders for all the items in stock and then canceled them and demanded a refund, starting chargeback claims. 

By adding several risk logic rules and using device fingerprinting, the customer was able to block such transactions at once, which helped him reduce the chargeback ratio from 2.9% to 0,9% in six months, which allowed him to reduce his payment processing fees by more than 70%, form partnerships with new payment processors, succeed and expand.

Conclusions

Fraud is ever-present and you cannot stop it in its entirety. However, implementing risk management platforms like Covery helps reduce the number of fraud cases to keep it manageable. This also ensures you can react timely to the cases you cannot stop, and minimize business losses and the effort required to handle them.

Feel free to attend the FREE webinar from Covery, where you will get detailed answers to many risk management-related questions and concerns. More details about the Free Webinar here: https://solve-fraud.covery.ai/