Cybercrime: How to Recognize an Online Fraudster

 


The capability to profile potential cybercriminals, along with the implementation of chip-and-pin credit cards, may produce a reduction in the amount of money lost to online fraud each year. But that doesn’t mean the threat will go away entirely.
        
What makes an online fraudster? Can you tell by looking at their age? Gender? Billing address? When they shop? 
The answer is both yes and no, according to a recent report called "The United States of Fraud," produced Sift Science, a fraud detection and prevention software company. They identified factors including age, billing address, shipping address and purchase value that are more likely to signal fraud. 
This is especially important given the US's ongoing shift to EMV credit cards. With cards being harder to clone to then use in-store, fraudsters are predicted to shift their efforts online. 
"EMV technology makes it so much more difficult to duplicate a physical credit card," says Jason Tan, CEO and co-founder of Sift Science. "They're still looking to make their money, and doing their business online is a lucrative channel because it's scalable and anonymous."  

A profile for fraud
For this study, Sift Science analyzed 1.3 million transactions with shipping or billing addresses in the U.S. from August 2014 to August 2015, transactions that were drawn from their customers' servers (they work with AirBnB, OpenTable and Pebble, to name a few). Sift Science then cross-referenced with third-party data from FullContact to identify gender and age. 
Some of the findings were surprising, even bizarre. For example, the report found that users identifying as 85 to 90 years old have the highest rates of fraud. They are two-and-a-half times more likely to be fraudsters than the average user. 
This doesn't mean your grandparents are ripping people off. "We think it might be that, for a lot of online businesses, they will be more forgiving if you look like an older person because they're unlikely to be fraudsters," Tan says. "Maybe fraudsters have figured that out and are trying to sneak themselves in by using that forgiveness." 
The study also found that men are slightly more likely than women to be fraudsters. They identified when fraud is more likely to happen, too: 3 a.m. is the most likely fraudulent time of day, but they also found that fraudsters are more likely to transact online during the workweek than legitimate users. 
As for value, the study found that purchases worth $20 or less are 2.16 times likely to be more fraudulent. 
The report looked at geography, too: Orders shipped to Delaware, Florida and Georgia have the highest fraud rate based on shipping address. Alaska, Delaware and Arizona have the highest fraud rate based on billing address. County with the highest fraud rate: Miami-Dade County in Florida. 
"Oftentimes what we see if that fraudsters will use [an] intermediate address that is in the United States because a lot of time, online businesses are mistrusting of an international address," says Tan. "They ship that electronics, that camera that they bought with a credit card to a US based address first so it doesn't flag any suspicion, and then they reship it from there to somewhere else."  
Alaska, he says, could be high on the list simply because, with drop-down menus used to fill out billing information, Alaska is typically listed first. 
Tan says that this information can be useful, but that "these are disparate series piece together in one report. If you as an ecommerce business are looking for people who are 90-years-old, who are purchasing at 3 a.m., who are purchasing for less than $20, you're likely going to miss other fraud that's happening outside of those parameters." 
But knowing who to flag and not will become more important given the US shift to EMV credit cards, which are designed to stop card-present fraud. 
"The US is the last big market to make the switch over to EMV," says Gilles Ubaghs, senior analyst of financial services technology at Ovum. "What we've seen in every single other market is other forms of fraud increased." 
According to the Federal Reserve, card-present fraud reached $2.4 billion in 2014. Ovum predicts that if the U.S. achieves a theoretical 100 percent implementation of EMV, that card-present fraud would drop to $1.75 billion a year by 2020. However, because of this shift, Ovum estimates that in the U.S., card-not-present fraud could reach $2.6 billion by 2020. 
Ubaghs adds there's also the possibility for more "traditional" forms of fraud, like muggings and pick pocketing. ATMs won't be completely safe, either. Criminals can wedge paper into the card slot so that it gets stuck, wait for the user to leave for help, then use pliers to take out the card. How do they get the PIN number? They use a tiny, almost invisible camera.
Ubaghs adds that consumers might let down their own guard, too, thinking that having a chip on their credit card guarantees absolutely security. "We think great, that was a big changeover, I can relax now," he said. 
That's not going to be the case – to which I can attest. My new chip enabled credit-card was used by a fraudster, less than a week after I activated the card. I wasn't surprised as this is the new normal.
CIO: http://bit.ly/1PCIXhs

« Cyber War and Real War Coincide In Ukraine
FBI Takes Down Alert on Chip & PIN Credit Cards »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Techmeme

Techmeme

Techmeme is an online news curation service focused on leading edge technology, including cyber security.

Pyramid Computer

Pyramid Computer

Pyramid Computer provides custom enterprise solutions for Industrial PC, Imaging, Network, Security, POS, Indoor Positioning and Automation.

Cyber Technology Institute - De Montfort University

Cyber Technology Institute - De Montfort University

The Cyber Technology Institute provides training and high quality research and consultancy services in the fields of cyber security, software engineering and digital forensics.

Quadrant Information Security

Quadrant Information Security

Quadrant Information Security is a consulting firm committed to supporting organizations in all vertical markets and protecting their sensitive data.

Tesorion

Tesorion

Tesorion is a fusion of different enterprises each with its own specialisation in the field of cybersecurity. We have combined these specialisations to create an integrated comprehensive solution.

Arc4dia Labs

Arc4dia Labs

Arc4dia have developed SNOW, a cyber security solution to combat the world’s most sophisticated cyber threats.

North East Business Resilience Centre (NEBRC)

North East Business Resilience Centre (NEBRC)

The North East Business Resilience Centre is a non-profit organisation here to support businesses in the North East of England in protecting themselves from cyber crimes and fraud.

Airgap Networks

Airgap Networks

Airgap is fixing the fundamental flaw of excessive trust. We help enterprises modernize their network for a simple and secure infrastructure.

mxHERO

mxHERO

mxHERO reduces the risks inherent with ransom and cyber-security threats specific to email.

Tech Seven Partners

Tech Seven Partners

At TechSeven Partners, we provide a full suite of cyber security solutions for your business including network monitoring, onsite and cloud backup solutions, HIPAA or PCI compliance.

Sify Technologies

Sify Technologies

Sify is the largest ICT service provider, systems integrator, and all-in-one network solutions company on the Indian subcontinent.

CodeLock

CodeLock

Codelock is a patent-pending solution that continuously provides software security at the code level, while providing advanced management insights with performance metrics and data analytics.

PyNet Labs

PyNet Labs

PyNet Labs is a Training Company serving corporates as well as individuals across the world with ever-changing IT and technology training.

CAT Labs

CAT Labs

CAT Labs is building digital asset recovery and cybersecurity tools to enable governments to fight crypto crime and to protect investors from hacks, fraud and scams.

NoviFlow

NoviFlow

NoviFlow is a leading provider of terabit networking software solutions for Communication Service Providers (CSPs).

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.