Cybercrime: How to Recognize an Online Fraudster

 


The capability to profile potential cybercriminals, along with the implementation of chip-and-pin credit cards, may produce a reduction in the amount of money lost to online fraud each year. But that doesn’t mean the threat will go away entirely.
        
What makes an online fraudster? Can you tell by looking at their age? Gender? Billing address? When they shop? 
The answer is both yes and no, according to a recent report called "The United States of Fraud," produced Sift Science, a fraud detection and prevention software company. They identified factors including age, billing address, shipping address and purchase value that are more likely to signal fraud. 
This is especially important given the US's ongoing shift to EMV credit cards. With cards being harder to clone to then use in-store, fraudsters are predicted to shift their efforts online. 
"EMV technology makes it so much more difficult to duplicate a physical credit card," says Jason Tan, CEO and co-founder of Sift Science. "They're still looking to make their money, and doing their business online is a lucrative channel because it's scalable and anonymous."  

A profile for fraud
For this study, Sift Science analyzed 1.3 million transactions with shipping or billing addresses in the U.S. from August 2014 to August 2015, transactions that were drawn from their customers' servers (they work with AirBnB, OpenTable and Pebble, to name a few). Sift Science then cross-referenced with third-party data from FullContact to identify gender and age. 
Some of the findings were surprising, even bizarre. For example, the report found that users identifying as 85 to 90 years old have the highest rates of fraud. They are two-and-a-half times more likely to be fraudsters than the average user. 
This doesn't mean your grandparents are ripping people off. "We think it might be that, for a lot of online businesses, they will be more forgiving if you look like an older person because they're unlikely to be fraudsters," Tan says. "Maybe fraudsters have figured that out and are trying to sneak themselves in by using that forgiveness." 
The study also found that men are slightly more likely than women to be fraudsters. They identified when fraud is more likely to happen, too: 3 a.m. is the most likely fraudulent time of day, but they also found that fraudsters are more likely to transact online during the workweek than legitimate users. 
As for value, the study found that purchases worth $20 or less are 2.16 times likely to be more fraudulent. 
The report looked at geography, too: Orders shipped to Delaware, Florida and Georgia have the highest fraud rate based on shipping address. Alaska, Delaware and Arizona have the highest fraud rate based on billing address. County with the highest fraud rate: Miami-Dade County in Florida. 
"Oftentimes what we see if that fraudsters will use [an] intermediate address that is in the United States because a lot of time, online businesses are mistrusting of an international address," says Tan. "They ship that electronics, that camera that they bought with a credit card to a US based address first so it doesn't flag any suspicion, and then they reship it from there to somewhere else."  
Alaska, he says, could be high on the list simply because, with drop-down menus used to fill out billing information, Alaska is typically listed first. 
Tan says that this information can be useful, but that "these are disparate series piece together in one report. If you as an ecommerce business are looking for people who are 90-years-old, who are purchasing at 3 a.m., who are purchasing for less than $20, you're likely going to miss other fraud that's happening outside of those parameters." 
But knowing who to flag and not will become more important given the US shift to EMV credit cards, which are designed to stop card-present fraud. 
"The US is the last big market to make the switch over to EMV," says Gilles Ubaghs, senior analyst of financial services technology at Ovum. "What we've seen in every single other market is other forms of fraud increased." 
According to the Federal Reserve, card-present fraud reached $2.4 billion in 2014. Ovum predicts that if the U.S. achieves a theoretical 100 percent implementation of EMV, that card-present fraud would drop to $1.75 billion a year by 2020. However, because of this shift, Ovum estimates that in the U.S., card-not-present fraud could reach $2.6 billion by 2020. 
Ubaghs adds there's also the possibility for more "traditional" forms of fraud, like muggings and pick pocketing. ATMs won't be completely safe, either. Criminals can wedge paper into the card slot so that it gets stuck, wait for the user to leave for help, then use pliers to take out the card. How do they get the PIN number? They use a tiny, almost invisible camera.
Ubaghs adds that consumers might let down their own guard, too, thinking that having a chip on their credit card guarantees absolutely security. "We think great, that was a big changeover, I can relax now," he said. 
That's not going to be the case – to which I can attest. My new chip enabled credit-card was used by a fraudster, less than a week after I activated the card. I wasn't surprised as this is the new normal.
CIO: http://bit.ly/1PCIXhs

« Cyber War and Real War Coincide In Ukraine
FBI Takes Down Alert on Chip & PIN Credit Cards »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

Rhebo

Rhebo

Rhebo Industrial Protector monitors and ensures the continuous, correct, and predictable operation of real-time Industrial Control Systems to prevent outages and reduce downtimes.

NextVision

NextVision

NextVision is a Cybersecurity and Technology company offering a range of solutions and services for Security, Compliance and IT Infrastructure Management.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

Data Destruction London

Data Destruction London

Data Destruction London offers fast, confidential and compliant expert data destruction services to businesses and organisations in London.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

Quantifind

Quantifind

Quantifind enables financial crimes/fraud analysts and investigators to make better decisions, faster, with intelligent automation.

ClassNK Consulting Service (NKCS)

ClassNK Consulting Service (NKCS)

ClassNK Consulting provides consulting services to the maritime industry with a focus on safety, security and compliance.

TatvaSoft

TatvaSoft

TatvaSoft is a custom software development company delivering business IT solutions and related services to customers across the globe.

Detego Global

Detego Global

Detego Global are the creators of the Detego® Unified Digital Forensics Platform, a suite of modular tools used globally by military, law enforcement and intelligence agencies, and enterprises.

Cylab - Carnegie Mellon University

Cylab - Carnegie Mellon University

Carnegie Mellon University CyLab is the University's security and privacy research institute.

Brennan IT

Brennan IT

For over 25 years, Brennan’s expert team has helped businesses achieve real success through innovative and secure technology solutions.

Unified Solutions

Unified Solutions

Unified Solutions provide a full continuum of cyber security services, compliance, and technology solutions.

Moonlock

Moonlock

Cybersecurity tech for humans. At Moonlock, we make software that seamlessly protects you and has your back as you live your life.

Olympix

Olympix

Dev-first Web3 security that starts at the source. Olympix is a pioneering DevSecOps tool that puts security in the hands of the developer by proactively securing code from day one.

Price Forbes

Price Forbes

Building on more than 100 years of specialist insurance broking, Price Forbes partner with clients around the world who are looking to understand and balance today’s risk and plan for the future.