Cybercrime: How to Recognize an Online Fraudster

Uploaded on 2015-11-18 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

 


The capability to profile potential cybercriminals, along with the implementation of chip-and-pin credit cards, may produce a reduction in the amount of money lost to online fraud each year. But that doesn’t mean the threat will go away entirely.
        
What makes an online fraudster? Can you tell by looking at their age? Gender? Billing address? When they shop? 
The answer is both yes and no, according to a recent report called "The United States of Fraud," produced Sift Science, a fraud detection and prevention software company. They identified factors including age, billing address, shipping address and purchase value that are more likely to signal fraud. 
This is especially important given the US's ongoing shift to EMV credit cards. With cards being harder to clone to then use in-store, fraudsters are predicted to shift their efforts online. 
"EMV technology makes it so much more difficult to duplicate a physical credit card," says Jason Tan, CEO and co-founder of Sift Science. "They're still looking to make their money, and doing their business online is a lucrative channel because it's scalable and anonymous."  

A profile for fraud
For this study, Sift Science analyzed 1.3 million transactions with shipping or billing addresses in the U.S. from August 2014 to August 2015, transactions that were drawn from their customers' servers (they work with AirBnB, OpenTable and Pebble, to name a few). Sift Science then cross-referenced with third-party data from FullContact to identify gender and age. 
Some of the findings were surprising, even bizarre. For example, the report found that users identifying as 85 to 90 years old have the highest rates of fraud. They are two-and-a-half times more likely to be fraudsters than the average user. 
This doesn't mean your grandparents are ripping people off. "We think it might be that, for a lot of online businesses, they will be more forgiving if you look like an older person because they're unlikely to be fraudsters," Tan says. "Maybe fraudsters have figured that out and are trying to sneak themselves in by using that forgiveness." 
The study also found that men are slightly more likely than women to be fraudsters. They identified when fraud is more likely to happen, too: 3 a.m. is the most likely fraudulent time of day, but they also found that fraudsters are more likely to transact online during the workweek than legitimate users. 
As for value, the study found that purchases worth $20 or less are 2.16 times likely to be more fraudulent. 
The report looked at geography, too: Orders shipped to Delaware, Florida and Georgia have the highest fraud rate based on shipping address. Alaska, Delaware and Arizona have the highest fraud rate based on billing address. County with the highest fraud rate: Miami-Dade County in Florida. 
"Oftentimes what we see if that fraudsters will use [an] intermediate address that is in the United States because a lot of time, online businesses are mistrusting of an international address," says Tan. "They ship that electronics, that camera that they bought with a credit card to a US based address first so it doesn't flag any suspicion, and then they reship it from there to somewhere else."  
Alaska, he says, could be high on the list simply because, with drop-down menus used to fill out billing information, Alaska is typically listed first. 
Tan says that this information can be useful, but that "these are disparate series piece together in one report. If you as an ecommerce business are looking for people who are 90-years-old, who are purchasing at 3 a.m., who are purchasing for less than $20, you're likely going to miss other fraud that's happening outside of those parameters." 
But knowing who to flag and not will become more important given the US shift to EMV credit cards, which are designed to stop card-present fraud. 
"The US is the last big market to make the switch over to EMV," says Gilles Ubaghs, senior analyst of financial services technology at Ovum. "What we've seen in every single other market is other forms of fraud increased." 
According to the Federal Reserve, card-present fraud reached $2.4 billion in 2014. Ovum predicts that if the U.S. achieves a theoretical 100 percent implementation of EMV, that card-present fraud would drop to $1.75 billion a year by 2020. However, because of this shift, Ovum estimates that in the U.S., card-not-present fraud could reach $2.6 billion by 2020. 
Ubaghs adds there's also the possibility for more "traditional" forms of fraud, like muggings and pick pocketing. ATMs won't be completely safe, either. Criminals can wedge paper into the card slot so that it gets stuck, wait for the user to leave for help, then use pliers to take out the card. How do they get the PIN number? They use a tiny, almost invisible camera.
Ubaghs adds that consumers might let down their own guard, too, thinking that having a chip on their credit card guarantees absolutely security. "We think great, that was a big changeover, I can relax now," he said. 
That's not going to be the case – to which I can attest. My new chip enabled credit-card was used by a fraudster, less than a week after I activated the card. I wasn't surprised as this is the new normal.
CIO: http://bit.ly/1PCIXhs

« Cyber War and Real War Coincide In Ukraine
FBI Takes Down Alert on Chip & PIN Credit Cards »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

StratoKey

StratoKey

StratoKey is an intelligent Cloud Access Security Broker (CASB) that secures your cloud and SaaS applications against data breaches, so you can do secure and compliant business in the cloud.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Risk Ident

Risk Ident

RISK IDENT specializes in supporting enterprises in identifying and preventing criminal activity like payment fraud, account takeovers and identity theft.

GlobalPlatform

GlobalPlatform

GlobalPlatform’s specifications are highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.

Cynexlink

Cynexlink

Cynexlink offers Managed IT Services with Security, Network, Storage & Cloud solutions for all size of business.

spiderSilk

spiderSilk

spiderSilk is a Dubai-based cybersecurity firm, specializing in simulating the most advanced cyber offenses on your technology so you can build your best security defenses.

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.

NINJIO

NINJIO

NINJIO is a leader in cybersecurity awareness training. View IT Security Awareness through a different lens - entertain and educate your users through storytelling.

DeepView

DeepView

DeepView delivers a unified platform for managing risk on digital platforms. One interactive secure portal allowing employees to engage their networks securely and compliantly.

CyberAcuView

CyberAcuView

CyberAcuView is a company dedicated to enhancing cyber risk mitigation efforts across the insurance industry.

Mosyle

Mosyle

Businesses and educational institutions rely on Mosyle to manage and secure their Apple devices and networks.

Evolver

Evolver

Evolver delivers technology services and solutions that improve security, promote innovation, and maximize operational efficiency in support of government and commercial customers.

Falconfeeds

Falconfeeds

Falconfeeds empowers businesses and security professionals with immediate access to the latest and historical threat intelligence data.

appNovi

appNovi

appNovi inventories everything to map the attack surface, identify missing security agents, and prioritize vulnerabilities based on exposure.

Blackmere Consulting

Blackmere Consulting

Blackmere Consulting is a Nationwide Technical and Executive Recruiting firm dedicated to Cyber Security and Information Technology.

Velstadt Cybersecurity

Velstadt Cybersecurity

Velstadt's team of experienced professionals works on identifying vulnerabilities, analyzing threats, and developing strategies to ensure the highest level of security.