Clean Fraud: How to Analyze a Crime Scene with No Visible Traces
Posted: Sun Dec 22, 2024 5:03 am
As statistical models and technologies involved in analysis advance, the methods used by fraudsters also become more sophisticated. Forget about divergent data, changes of address, third-party credit cards, or service agents meeting deadlines. Imagine if a fraudster made a purchase using all of a victim's data, including the delivery address. What should you do? This happens more often than you might think.
This is a type of fraud that we call “Clean Fraud”. This category is quite alarming and for good reason. In this category, the fraudster, already in possession of a large amount of cardholder data, carries out one or more transactions with them, practically impersonating the victim. This fraud can be carried out through an account hack or a leak of a consumer’s registration information.
It is very important to emphasize that there are extremely important measures that need to be taken to minimize the risks of clean fraud. These include both cutting-edge technologies and “best practices” that can and should be adopted or adapted by the market, as is done at ClearSale.
User Behavior Analysis or Behavior Analytics
This analysis can reveal suspicious behavior in the way the email list providers in germany uses the store's website or App and is applied here with three cutting-edge technologies:
- Mapper: This tool monitors user behavior on the device used for purchases (tablet, smartphone, notebook), identifying suspicious patterns such as the time it takes the user to complete a checkout. Filling out form fields too quickly may indicate that a fraudster is copying data from an illicit database, automating this behavior through a web bot.
- Fingerprint: This technology has the power to identify that a user, who always uses the same device for purchases, is buying with another. Or even that the same user is making purchases on several different accounts with the same ID (meaning).
Integration with this technology makes it easier to identify “clean fraud,” allowing for greater efficiency in approving orders and controlling chargebacks.
- Profiler: This is a specific integration that aims to receive all registration changes, login attempts, and password changes in an account. By combining this information to form a history, it is possible to trace patterns and identify suspicious activities that may be the result of fraud.
Good practices against “Clean Fraud”
For each situation listed below, there are specific points of attention and solutions to combat this type of fraud, since they involve different loopholes for the fraudster to attack.
1 - Marketplaces
If your e-commerce is a Marketplace, it is essential that the anti-fraud service is informed of the seller (store operating within your Marketplace) who made the sale. This is essential so that they know that the sale came from a third party, thus bringing the analysis of the complete scenario closer.
2 - In-store pickup
If your e-commerce site delivers via “in-store pickup,” it is very important to request the buyer’s documents and information about the card used to pay for the purchase. It is essential to pass this information on to your anti-fraud service, in addition to requesting the original documents from the purchaser when picking up the merchandise.
3 - Vouchers
If you work with vouchers or exchange vouchers in situations of cancellations or changes to purchases, we recommend that you do not allow the delivery address to be changed between the moment the user cancels the first purchase and requests the exchange voucher. If this is not possible, or if you make extensive use of exchange vouchers in your e-commerce, it is extremely important that you integrate these orders with your anti-fraud service, so that they can also validate the authentication.
4 - Only allow the use of strong passwords
Always ask your customer to register strong passwords. Upper and lower case characters, numbers and symbols, and an appropriate size are essential. You can consult the ISO PS008 standards, which list guidelines to be followed when requesting strong passwords.
5 - Request periodic password changes
Set a time limit for passwords to expire. An old password can make it easier for your account to be hacked and expose your e-commerce to risks.
One last point to note: Do not try to do this entire process on your own! Fraud can cause great damage to small and large businesses, even leading to bankruptcy. Having a partner anti-fraud company that prioritizes cutting-edge technologies, quality human investigation and offers a structure that is already consolidated in the market will certainly help your business run smoothly while you focus only on your core business.
This is a type of fraud that we call “Clean Fraud”. This category is quite alarming and for good reason. In this category, the fraudster, already in possession of a large amount of cardholder data, carries out one or more transactions with them, practically impersonating the victim. This fraud can be carried out through an account hack or a leak of a consumer’s registration information.
It is very important to emphasize that there are extremely important measures that need to be taken to minimize the risks of clean fraud. These include both cutting-edge technologies and “best practices” that can and should be adopted or adapted by the market, as is done at ClearSale.
User Behavior Analysis or Behavior Analytics
This analysis can reveal suspicious behavior in the way the email list providers in germany uses the store's website or App and is applied here with three cutting-edge technologies:
- Mapper: This tool monitors user behavior on the device used for purchases (tablet, smartphone, notebook), identifying suspicious patterns such as the time it takes the user to complete a checkout. Filling out form fields too quickly may indicate that a fraudster is copying data from an illicit database, automating this behavior through a web bot.
- Fingerprint: This technology has the power to identify that a user, who always uses the same device for purchases, is buying with another. Or even that the same user is making purchases on several different accounts with the same ID (meaning).
Integration with this technology makes it easier to identify “clean fraud,” allowing for greater efficiency in approving orders and controlling chargebacks.
- Profiler: This is a specific integration that aims to receive all registration changes, login attempts, and password changes in an account. By combining this information to form a history, it is possible to trace patterns and identify suspicious activities that may be the result of fraud.
Good practices against “Clean Fraud”
For each situation listed below, there are specific points of attention and solutions to combat this type of fraud, since they involve different loopholes for the fraudster to attack.
1 - Marketplaces
If your e-commerce is a Marketplace, it is essential that the anti-fraud service is informed of the seller (store operating within your Marketplace) who made the sale. This is essential so that they know that the sale came from a third party, thus bringing the analysis of the complete scenario closer.
2 - In-store pickup
If your e-commerce site delivers via “in-store pickup,” it is very important to request the buyer’s documents and information about the card used to pay for the purchase. It is essential to pass this information on to your anti-fraud service, in addition to requesting the original documents from the purchaser when picking up the merchandise.
3 - Vouchers
If you work with vouchers or exchange vouchers in situations of cancellations or changes to purchases, we recommend that you do not allow the delivery address to be changed between the moment the user cancels the first purchase and requests the exchange voucher. If this is not possible, or if you make extensive use of exchange vouchers in your e-commerce, it is extremely important that you integrate these orders with your anti-fraud service, so that they can also validate the authentication.
4 - Only allow the use of strong passwords
Always ask your customer to register strong passwords. Upper and lower case characters, numbers and symbols, and an appropriate size are essential. You can consult the ISO PS008 standards, which list guidelines to be followed when requesting strong passwords.
5 - Request periodic password changes
Set a time limit for passwords to expire. An old password can make it easier for your account to be hacked and expose your e-commerce to risks.
One last point to note: Do not try to do this entire process on your own! Fraud can cause great damage to small and large businesses, even leading to bankruptcy. Having a partner anti-fraud company that prioritizes cutting-edge technologies, quality human investigation and offers a structure that is already consolidated in the market will certainly help your business run smoothly while you focus only on your core business.