Cybercrime: How to Recognize an Online Fraudster

 


The capability to profile potential cybercriminals, along with the implementation of chip-and-pin credit cards, may produce a reduction in the amount of money lost to online fraud each year. But that doesn’t mean the threat will go away entirely.
        
What makes an online fraudster? Can you tell by looking at their age? Gender? Billing address? When they shop? 
The answer is both yes and no, according to a recent report called "The United States of Fraud," produced Sift Science, a fraud detection and prevention software company. They identified factors including age, billing address, shipping address and purchase value that are more likely to signal fraud. 
This is especially important given the US's ongoing shift to EMV credit cards. With cards being harder to clone to then use in-store, fraudsters are predicted to shift their efforts online. 
"EMV technology makes it so much more difficult to duplicate a physical credit card," says Jason Tan, CEO and co-founder of Sift Science. "They're still looking to make their money, and doing their business online is a lucrative channel because it's scalable and anonymous."  

A profile for fraud
For this study, Sift Science analyzed 1.3 million transactions with shipping or billing addresses in the U.S. from August 2014 to August 2015, transactions that were drawn from their customers' servers (they work with AirBnB, OpenTable and Pebble, to name a few). Sift Science then cross-referenced with third-party data from FullContact to identify gender and age. 
Some of the findings were surprising, even bizarre. For example, the report found that users identifying as 85 to 90 years old have the highest rates of fraud. They are two-and-a-half times more likely to be fraudsters than the average user. 
This doesn't mean your grandparents are ripping people off. "We think it might be that, for a lot of online businesses, they will be more forgiving if you look like an older person because they're unlikely to be fraudsters," Tan says. "Maybe fraudsters have figured that out and are trying to sneak themselves in by using that forgiveness." 
The study also found that men are slightly more likely than women to be fraudsters. They identified when fraud is more likely to happen, too: 3 a.m. is the most likely fraudulent time of day, but they also found that fraudsters are more likely to transact online during the workweek than legitimate users. 
As for value, the study found that purchases worth $20 or less are 2.16 times likely to be more fraudulent. 
The report looked at geography, too: Orders shipped to Delaware, Florida and Georgia have the highest fraud rate based on shipping address. Alaska, Delaware and Arizona have the highest fraud rate based on billing address. County with the highest fraud rate: Miami-Dade County in Florida. 
"Oftentimes what we see if that fraudsters will use [an] intermediate address that is in the United States because a lot of time, online businesses are mistrusting of an international address," says Tan. "They ship that electronics, that camera that they bought with a credit card to a US based address first so it doesn't flag any suspicion, and then they reship it from there to somewhere else."  
Alaska, he says, could be high on the list simply because, with drop-down menus used to fill out billing information, Alaska is typically listed first. 
Tan says that this information can be useful, but that "these are disparate series piece together in one report. If you as an ecommerce business are looking for people who are 90-years-old, who are purchasing at 3 a.m., who are purchasing for less than $20, you're likely going to miss other fraud that's happening outside of those parameters." 
But knowing who to flag and not will become more important given the US shift to EMV credit cards, which are designed to stop card-present fraud. 
"The US is the last big market to make the switch over to EMV," says Gilles Ubaghs, senior analyst of financial services technology at Ovum. "What we've seen in every single other market is other forms of fraud increased." 
According to the Federal Reserve, card-present fraud reached $2.4 billion in 2014. Ovum predicts that if the U.S. achieves a theoretical 100 percent implementation of EMV, that card-present fraud would drop to $1.75 billion a year by 2020. However, because of this shift, Ovum estimates that in the U.S., card-not-present fraud could reach $2.6 billion by 2020. 
Ubaghs adds there's also the possibility for more "traditional" forms of fraud, like muggings and pick pocketing. ATMs won't be completely safe, either. Criminals can wedge paper into the card slot so that it gets stuck, wait for the user to leave for help, then use pliers to take out the card. How do they get the PIN number? They use a tiny, almost invisible camera.
Ubaghs adds that consumers might let down their own guard, too, thinking that having a chip on their credit card guarantees absolutely security. "We think great, that was a big changeover, I can relax now," he said. 
That's not going to be the case – to which I can attest. My new chip enabled credit-card was used by a fraudster, less than a week after I activated the card. I wasn't surprised as this is the new normal.
CIO: http://bit.ly/1PCIXhs

« Cyber War and Real War Coincide In Ukraine
FBI Takes Down Alert on Chip & PIN Credit Cards »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

APWG

APWG

APWG is the international coalition unifying the global response to cybercrime across industry, government, law-enforcement and NGO communities.

Aves Netsec

Aves Netsec

Aves is a deceptive security system for enterprises who want to capture, observe and mitigate bad actors in their internal network.

NetDiligence

NetDiligence

NetDiligence is a privately-held cyber risk assessment and data breach services company.

Rewertz

Rewertz

Rewterz is a cyber security company based out of Dubai, serving customers in UAE, Oman, Qatar, Bahrain, Saudi Arabia, and Pakistan.

Cobalt Labs

Cobalt Labs

Pen Testing as a Service for Modern SaaS Businesses. Cobalt is redefining the modern pen test for companies who want serious hacker-like testing built into their development cycle.

Payatu

Payatu

Payatu Technologies is a security testing and services company specialized in Software, Application and Infrastructure security assessments and deep technical security training.

SMiD Cloud

SMiD Cloud

SMiD encryption technology has been developed following the highest security practices to allow the data availability, integrity and confidentiality.

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.

SecSign Technologies

SecSign Technologies

SecSign Technologies delivers user authentication, messaging, file sharing, and file storage with next generation security for company networks, websites, platforms, and devices.

Integrity

Integrity

Integrity is a PCI QSA and ISO 27001 certified company specialized in Information Security and IT Consulting.

Intersistemi Italia

Intersistemi Italia

Intersistemi is a leading Italian company in the field of information technology integration and digital transformation including cybersecurity.

Alpha Mountain AI (alphaMountain)

Alpha Mountain AI (alphaMountain)

alphaMountain provides up-to-date domain and IP intelligence for cybersecurity investigational and protection platforms.

Eunetic

Eunetic

Eunetic IT security solutions - we secure your websites, emails, domains and data.

Fusion Cyber

Fusion Cyber

Fusion Cyber educates students in Zero Trust Risk Management, Defense, and Cyber Offense that lead to taking industry-accepted cybersecurity certifications.

Cryptr

Cryptr

Cryptr provides plug and play authentication to manage all your authentication strategies in one place with just a few lines of code.

P3M Works

P3M Works

P3M Works delivers Cyber Security and Digital Transformation projects across both private and public sector clients.