Advertisement
03/03/2009

Fraud: What It Is, How to Detect It, What to Do about It

There will always be some form of crime; someone will always try to steal something of value to someone else. Especially when in a time of economic crisis, there tends to be an increase in the number of people who turn to criminal activity. This year in particular, there has been a significant upswing in the amount of cyber theft in varying forms. Although petty crime is typically the biggest area illustrating the status of the economy, online fraud is on the rise.

Define and Identify
Before you can stop fraud, you need to know how to define it in order to properly identify it. Fraud is defined as the use of deception to obtain money or something else of value. Although typically carried out online, some fraudsters pursue the riskier physical fraud in which they interact with people face-to-face. When fraud is carried out online, however, fraudsters can orchestrate an attack on a much larger scale, allowing them to sit back and wait for the goods to arrive.

To identify fraud, there are some red flags that all businesses should be aware of. Some of the red flags include:

Order velocities - Defined as multiple orders placed within the same day, hour or minute, they typically appear from one device, one address, one card or one user ID.

Risky street addresses - Often, you can accurately estimate the level of risk of carrying out an order by utilizing the Google Maps Street View to determine the location of the shipping address. If the address looks like an abandoned building, making a call to validate the card holder really made the purchase is advised.

Anonymous/Free e-mail accounts - These e-mail accounts illustrate a higher percentage of fraud activity than those associated with a paid internet service provider or a company e-mail address.

Types of Fraud
There are a number of different types of fraud that expand across a number of industries. Here we focus on the e-commerce industry and provide you with a brief description of some types most frequently encountered:

Card-not-present fraud - Also known as 'CNP fraud,' this is the basic form of fraud carried out online. A purchase can be made with just the card number; no physical card is needed.

Gift Card Fraud (card purchased in store) - To avoid being caught by initial fraud screening technology, the fraudster pools together several small denomination gift cards to purchase a bigger ticket item online. Typically, the gift cards are purchased with stolen credit card information.

Gift Card Fraud (card purchased online) - This type of fraud is frequently carried out with the utilization of a fake e-mail account. Since the purchase of a gift card online requests only an e-mail address in order to receive a confirmation code, this allows the fraudster to purchase many gift certificates on one [stolen] credit or debit card and send the gift card credits to multiple e-mail addresses. Typically, the fake e-mail accounts are set up with free e-mail services.

Friendly Fraud - This type of fraud is carried out by someone who places an order online and follows up with a complaint. Usually stating that they never made the purchase or did not receive the merchandise, this is one of the most difficult types of fraud to detect since it crosses into both the online and physical realms. Because of friendly fraud, fraud will never be completely eliminated.

Fraud in the E-Commerce Industry
Fraud ranks as one of the biggest problems within the e-commerce industry. Fraud rings have been seen as the biggest threat due to the fact that this technique utilizes the latest technology with one purpose in mind: get away with as much fraud as possible. Fraudsters are getting better at fraud ring activities, as well, causing merchants to find it difficult to link transactions in order to find fraud. Many merchants ranked fraud rings as one of the biggest challenges to fighting online fraud.

An additional emerging threat to the e-commerce industry is the challenge of m-commerce, or mobile commerce. Mobile device users are generally less protected when accessing a merchant's Web site, frequently due to the merchant's establishment of 'light' versions of the Web site, ironically designed to attract more mobile users. Merchants typically have not yet considered the potential new security threat or established stronger user-authentication on this platform, and fraudsters know it.

Solutions
At this point, you're probably wondering if there is even anything that can be done to stop fraud before a company or a legitimate customer become victims. There is. Although fraud may be one of the biggest threats to the e-commerce industry, there exist a number of solutions, which focus on utilizing the technology and techniques that are readily available today. Depending on the type of goods/services that are sold, there are two approaches:

Digital goods (such as music, software and video) - These items are delivered in real-time, making it critical to assess the order quickly to determine the likelihood of fraud. Because the goods must be released almost instantly, it is recommended to fulfill any order not immediately deemed fraudulent. Re-screening the order later enables a more thorough investigation. If upon further investigation the order is found to be fraudulent, the card should be credited back for the goods that were purchased. This protects the victim from the charge and the company from eventual chargeback.

All other goods - Since these orders are processed and then scheduled to ship, there is time to allow the fraud detection screening system to fully assess the risk of an order, and then sort-out questionable orders for further review. With this system in place, fraudulent orders can be stopped before being processed. This protects the legitimate customer or fraud victim, and eliminates the fees associated with a future chargeback for the company.

Basically, to protect yourself and your customers from becoming victims of fraudulent activity, utilize every aspect of today's technology to protect the e-commerce venue, including those offered by card issuers. Today's leading technology enables the use of tagless/covert device ID, risk engines tuned for the environment they support, and link analysis tools for finding additional instances of fraud.

Every device with web access leaves a digital fingerprint wherever they go. With device ID technology, the digital fingerprint of these devices is captured and stored, enabling any web accessible devices to be equally monitored among primary e-commerce orders for fraudulent activity. This information can then be referred to with link analysis; by linking similar transactions, it helps the company determine the risk-level associated with a transaction.

It is fair to assume that with the proper tools in place, an enterprise can screen fewer than five percent of all orders while capturing upwards of 85 percent of all fraud (minus friendly fraud). This also plays an important role in the number of chargebacks.

It is important to note that there is no silver bullet to prevent fraud. Some type of fraud will always exist, as evidenced by the presence of friendly fraud. In order to protect both customer and company, it is best to implement a layered security approach to identify potential fraud first and then investigate orders that appear suspicious. This enables both a real-time and time-delayed system to be employed, in addition to human intelligence. This will assist you in achieving maximum security online.