This analytical review is based on the work and research of Fondy in the field of credit card and online business account security. The company provides international payment services and has developed a line of software products, including:
As numerous studies show, the volume and income of e-commerce is constantly growing globally. Europe (+122% vs 2014) and Asia (+287% vs 2014) are projected to show the greatest growth by 2024.
However, the number of fraud cases, as well as the share of online transaction fraud, is growing even faster. The Nilsen Report 2015, using card payments as an example, demonstrates the rapid growth of fraud among online payments.
While the level of fraud itself is nothing new (there have been periods of increasing levels of fraud in e-commerce since 1993), the rate of increase is impressive. Fraud has increased 19% since 2013, and for the fourth year in a row, it has outpaced e-commerce growth. Out of every $100 in turnover, fraudsters are now stealing 5.7 cents. However, it's not just credit card payments that are being scammed. Fraudsters are becoming increasingly sophisticated in using malware (all kinds of software) to manage online banking logins (accounts) through phones, tablets and computers, using stolen bank account details to make fraudulent payments. "Alternative" payment methods also attract fraudsters. The TOP 10 most common types of fraud are discussed below.
TOP 7 fraud attacks:
An analysis of eCommerce fraud (CyberSource 2016 UK eCommerce Fraud Report) showed that the highest level of fraud represents Clean Fraud and Account Takeover, where fraudsters, have all the necessary information that allows them to convincingly impersonate genuine customers. Until market participants can distinguish fraudsters from genuine customers with confidence, it will be difficult to minimize fraud losses.
Experts consider Clean fraud to be the most dangerous type of fraud. The basic principle behind Clean fraud is that a stolen credit card is used to make a purchase without detection of fraud. It requires a lot more effort and ingenuity than with Friendly fraud, where the only goal is to cancel the payment once the purchase has been made. For Clean fraud, scammers use in-depth analysis of existing fraud detection systems, combined with additional information about the legitimate owners of the stolen credit cards. A lot of valid information is then used when entering data during the payment process to bypass all fraud detection systems. Before committing Clean fraud, it is very common to test the cards. Usually, cheap online purchases are made for this purpose to verify that the stolen credit card information works.
Identity Theft, Account Takeover
According to research (The Nilsen Report 2015), the most common types of fraud that cause the most concern are identity theft (71%), phishing (66%) and account theft(63%). Here, credit cards are the most popular target because a fraudster can make a transaction without the card being present.
In general, with identity theft, the goal of fraudsters is to conduct transactions under someone else's identity. Instead of inventing a completely new identity, they simply use an existing one. It's usually much faster and easier to do. When identity theft is committed, fraudsters usually target personal information such as names, postal and email addresses, as well as credit card or account information. This allows fraudsters, for example, to order goods online under someone else's name and pay for them using someone else's credit card or by charging someone else's account.
While phishing involves the use of fictitious websites, emails or text messages to access personal data. There is another method known as pharming, where fake pages in a browser redirect unsuspecting customers to a fraudulent website. More often than not, all it takes to get someone else's personal data is a stolen password. This can be used to take over an existing online store account - after all, in most cases the payment data is already stored in the account. Of course, hacking attacks on e-commerce service providers and stealing their customer data also fall into this category of fraud. Because it is done by using malware on computers to commit identity theft. The most common ones are using the interconnection between customers and merchants (or between customers and banks) to capture login data. There are also possibilities to intercept credit card data through the mail or by sending a copy of the credit card to restaurants, hotels or ATMs. That said, the true extent of the identity theft problem is evident.
So-called "friendly fraud" sounds friendlier than it really is. With this method, customers order goods/services and pay for them-mostly by credit card or from an account. However, they then deliberately initiate a chargeback, claiming that their credit card or account information was stolen. They are refunded - leaving them with the product purchased or service provided. This method of fraud is especially common with services like gambling (casinos, etc.). Friendly fraud is also carried out in combination with re-shipping. Criminals use stolen payment data to pay for their purchases. And they don't want it delivered to their personal address. Instead, they use intermediaries whose data is used to make the purchase and who then redirect them to another delivery location.
Visa and MasterCard's security protocols protect businesses from unwarranted claims from cardholders. Thus, payment made by entering 3DSecure is equal to PIN-code transaction and can not be disputed if the services were provided to the payer in full. Besides the payment systems strictly regulate transferring responsibility for fraudulent payments from the merchant to the issuing bank in case if the merchant supports the 3DSecure protocol and the issuer or the particular card of the issuer does not.
There are two variants of Affiliate Fraud, both with the same goal: get more money from affiliate program by bogus traffic or registration statistics. This can either be done through a fully automated process or by getting real people to log in to merchant sites using bogus accounts. This type of scam is neutral in terms of risk to payment methods but is extremely widespread.
During a triangulation (triangulation fraud), the fraud is realized through three points.
The first one is a fictitious online store which offers high demand products at extremely low prices. In most cases, the customer is told that the goods will be shipped immediately upon payment by credit card. The sham store's sole purpose is to collect email, mailing addresses and credit card information. The second point of triangulation fraud involves using the credit card data stolen in the previous step in the real store and shipping the product or service to the original customer. The third point in the triangulation fraud involves using stolen credit card data to make additional purchases. Order data and credit card numbers are now nearly impossible to connect, so the fraud usually goes undiscovered for a longer period of time, resulting in increased damage.
Merchant FraudMerchant fraud is another method of fraud that should be noted. It is very simple: Goods are offered at low prices, but never delivered. This method of fraud also exists in wholesale sales. It does not apply to any particular payment method, but is of course used where there is no chargeback after payment (in most alternative payment types).
International Fraud or Cross-border Fraud
The surveyed merchants do business in an average of 14 countries. 58% of respondents cited the lack of system integration to ensure a single view of all their transactions across all markets as the biggest problem in preventing fraud. 52% also see the increase in international transactions relative to local ones as a challenge. Almost as many (51%) have great difficulty maintaining different fraud prevention tools across countries. Language barriers, as well as the difficulty of maintaining international settings for individual customers, create additional challenges for fraud management.
Fraud methods vary depending on the sales channel and the fact that most salespeople tend to multichannel sales, which doesn't make things any easier. 69% of sellers make sales through third-party websites, such as Amazon, eBay or Alibaba, are particularly susceptible to fraud. This is followed by mobile sales (64%) and sales through their own online stores (55%).