X-raying Cybercriminals:

What can you see using Machine Learning Fraud Prevention Models?

Preventing online payment fraud is a continually evolving challenge. A shift from rule based systems to advanced tools using behavioral biometrics backed up by Machine Learning (ML) models has begun, impacting the fraud prevention industry. Likewise, online consumer spending habits are increasingly moving from desktops and going mobile. Keeping track of threats across platforms can sound complicated, but identifying and providing detailed information and anti-fraud recommendations is now aided by unique signals – indicators of a higher probability of fraud, presented in a reader friendly style.

Online shopping has boomed, as have payment options and associated risks

Global eCommerce is growing faster than ever, its acceleration in large part down to the effects of the COVID-19 pandemic. Prior to 2020, eComm was already forecast to grow considerably by 2025, but COVID-19 simply hastened the rise due to lockdowns forcing brick-and-mortar shop closures (eComm global share of retail sales rose from 14% in 2018 to 19% in 2020). Mobile payments have been part of this trend, and by 2025 are expected to amount to 80% of all eComm transactions. This is a huge shift in the dynamics of online shopping. But when new online trends appear, fraudsters are always working in the background trying to find innovative ways to take advantage.

To combat the growing threat of fraud, the most effective method is to deploy an advanced fraud prevention solution that uses behavioral biometrics, digital fingerprinting, all backed up by AI/ML models that can effectively differentiate genuine customers from fraud actors. The benefits to merchants and customers are invaluable, reducing checkout friction whilst simultaneously preventing fraud. All anti-fraud companies must ensure that they keep up with the needs and expectations of their customers, ensuring payments are secure on all device platforms. But what are the threats when shopping online, and how are they identified?

The most commonly triggered suspicious behaviours

It is helpful to use signals that act like ‘triggers’ to provide clear information about a profiled user and their behavior to determine genuine customers from fraudsters. Out of 5,000+ data attributes, the most suspicious patterns and behaviours (indicative of a higher probability of fraud) are flagged for review. Not all flagged behaviors are suspicious (for example, someone using ‘incognito mode’ in their browser), however, signals can provide you with additional information to better aid recommendation accuracy in the fraud prevention process.

Any fraud prevention solution is only effective if it can keep up with the ever evolving trends in cyber security, which is why our experts have expanded the list of signals available for review on mobile platforms. The list is growing stronger and keeps up with iOS and Android operating system updates.

Cybercriminal behavioral patterns tend to revolve around masking true intentions, and anything that can connect the user in a live browsing session with their real identity, location, and even hardware used. It’s all about masking these identifiers, but this is where signals kick in, triggering irregular behaviors. Some common behaviors, and our signals that catch them, are as follows:

Root/Jailbreak hiding software

Root and Jailbreak indicate that smartphone software restrictions imposed by Google and Apple have been removed by the user. Removing these restrictions is often needed for the installation of third party applications, which are used in fraud activities. But this is only the first step, as the second is to try and hide this fact, something fraudsters will often do to behave similarly to ordinary users. Thus, root and jailbreak detection, although helpful, is plainly not enough – in order to fully x-ray users, we need to dig deeper and detect the fact that root and jailbreak were hidden on fraudsters’ devices.

Use of Remote Access Tools

One of the techniques often deployed by scammers is to convince users to install remote access tools, such as Teamviewer, often sent as part of a social engineering scam via email (phishing) or SMS (SMiShing), among others. Installing such tools allows a cybercriminal to control a PC or mobile while using another device to capture and record screen activity or transfer files. To have a full view on this phenomenon, we introduced various layers of security: not only do we scan the device in search for installed tools, but also keep an eye on behaviours that accompany the actual usage of these tools, like for example screen capture. Only then can we fully prevent our merchants and users from this deceitful technique used by fraudsters.

Various mismatches

When fraud prevention teams screen devices and enrich the available data, you come across a lot of attributes that can be compared against each other. As long as you remain a typical mobile user, everything should be consistent. But whenever you try to hide your identity, things may get out of control. For example, using GPS spoofing software indicates an attempt to hide your true location. But there are other warning signs – imagine your device timezone, which suspiciously does not correspond to your actual IP. Coincidence, or use of a proxy or VPN? The most important discrepancies are extracted by us from the raw data in the form of signals, while all possible combinations of mismatches are available to our ML models, so that we can cover every scenario.

The future of mobile payments, and focus on its security, will be huge

This is only a small sample of the most common signals that indicate suspicious behaviour, however, we can identify 60+ in real time, therefore improving the precision in identifying legitimate clients and scammers. Not to mention all the remaining data that we use to train our ML models. As anyone involved in eCommerce and mobile payments can attest, the mobile potential has become huge. Nowhere is this more visible than in Asia where mobile payments and e-wallets have become increasingly popular. This rising global trend is why for the last few years, Nethone has been investing in unique profiling competencies, to become the go-to fraud prevention solution for online businesses that aim to become mobile-first leaders. All the signals are there to beat fraudsters and improve UX, we just need to be the ones to lead the way.

If you liked this article and would like to learn more about expert eCommerce anti-fraud analysis and solutions, visit https://nethone.com or check out the Nethone profile on About-Fraud