Most people have an image in their minds when they talk about professional fraudsters. They think of a guy, usually a young guy, in a small, quiet room, in front of a laptop. He’s someone who spends all day in front of his laptop. Maybe he doesn’t get out much. He’d prefer to talk in binary rather than English, and he’s eating cold pizza out of a box.
This image may have held truth once, but those times are long gone. Today’s fraudsters are practical professionals, with their eye on their profit margin and connections to criminals all over the world. And most of them aren’t geeks.
Fraudsters communicate. It’s not a question of a few hidden groups deep in the bowels of the internet. There are numerous forums where criminals discuss tips for carrying out fraud successfully, suggest sites with known weaknesses and share the benefits of past experience.
Fraudsters work together. It’s not uncommon for a group of fraudsters to work together to maximize the impact they can have on a site, and the amount they can hope to steal. The lone wolf image just isn’t representative of reality, and businesses need to be prepared for that.
Fraudsters have a community. The Deep Web (the portion of the internet not indexed by search engines) is huge, and although a lot of it is uninteresting and irrelevant, there’s also a huge community of criminals with their own slang, their own jokes, and their own memes. They operate marketplaces where they buy and sell stolen card information, software that will hide their IP addresses and other services that enable fraud.
Fraudsters have developed Crime as a Service. You don’t need a high level of technical ability to commit fraud online. Just as genuine businesses rely on Software as a Service, using third party solutions to help them achieve success, fraudsters purchase apps and plug-ins and download manuals and guides to help them commit their crimes.
Fraudsters are connected to crime in the real world. Mention the Mafia, and most people think of the films they’ve seen featuring men with guns, complex codes of honor, and a love of violence. But organized crime didn’t get left behind in the 20th century. It moved online, just like the rest of the world. The broad reach and considerable experience of large criminal organizations gives the online criminal world structure, efficiency and force.
Fraudsters are professional. Their marketplaces aren’t the internet equivalent of a flea market; they’re more like Amazon. Distrust is a feature of their world, so escrow services are common. And to weed out law enforcement, many marketplaces require members to be introduced and vouched for by a known member.
Fraudsters are good at psychology. Another weakness of the ‘geeky fraudster’ persona is that it indicates someone who’s not good at the human side of operations. Nothing could be further from the truth. Fraudsters know that most businesses use manual reviews to catch fraud, and they plan their attacks for times when reviewers will be absent or overwhelmed, so that when their order is reviewed the reviewer will be more likely to overlook small signs that show risk. That’s why fraudsters love to operate at night, and why they don’t take a break over the weekend.
What does all this mean for merchants?
The bottom line is that merchants need to protect their bottom line. Fraudsters are professionals, and that means fraud prevention needs to be professional too.
Manual reviews can’t keep up with contemporary fraud: fraud prevention should be instantaneous, so that it’s invisible to the customer but impenetrable to fraudsters. Behavioral analysis can pick out which customers aren’t acting like genuine buyers, and machine learning can employ the power of the tremendous amount of data that flows through a website to make accurate, instant decisions.
In order to protect against the work of the organized, coherent and intelligent community that fraudsters have become, online retailers need to make sure that they are always up-to-date, with a fraud prevention strategy that reflects the reality of fraud today.
Yaniv served as an Intelligence Officer in the Israeli Army for many years, attaining the rank of Major. He specialized in information assessment and analysis, and is pleased to be able to deploy those skills in a fresh context in his work as an Analyst at Forter, helping to foil fraudsters at every turn.