Fraud is an increasingly complicated business that's starting to have real effects on online merchants business. If you think about mainstream technology and how fast it’s evolving, you can get some idea of how fast underground, unregulated fraud technology is moving. With no rules, no restrictions and some of the most technically knowledgable individuals in the world working on it, the fraud ‘industry’ has come a very long way from the stereotype of a lone individual working in their bedroom.
With fraudsters getting smarter and faster every day, it’s important to stay up to date with current trends in fraud intelligence. Every month Trustev release our Global Fraud Briefing, based on all the information going through our system, you can see April’s edition here.
Fraud comes in all shapes and sizes and it’s important to make sure that your business is protected from the different kinds that might arise.
Let’s look at the three most common types of fraud:
1. Card Fraud
Probably the most common type of fraud, card fraud is pretty easy to understand - it’s simply where a fraudster gets his or her hands on someone else’s card details and uses them to fraudulently purchase goods and services.
The problem with card fraud is that a lot of inexperienced merchants don’t understand their exposure and liability when it comes to card fraud. They're often used to being on the other side of the equation, where strange transactions or charges on their personal cards are simply reported to their bank and while inconvenient are usually settled by the bank over time. They don't realise that as merchants, the end liability (and costs) fall on them, not on the financial institutions.
The important preventative measure with card fraud is to have a system in place to verify and challenge in real time some or all of the information given during the checkout process, so you can be certain that the information is current and actually being inputted by the owner. It is important though to try to use a system that balances security versus the amount of data you require customers to enter.
One that frequently goes unnoticed, Hijacking is a very technical type of fraud where a fraudster eavesdrops or hijacks on a transaction between a customer and a merchant, recording and/or modifying the cardholder data being exchanged. This can be particularly hard to detect as from the merchants side, it seems like all the information is coming direct from the customer.
You’ll have heard recently of the Heartbleed bug, which is directly related to this type of fraud as it relates to a previously unknown vulnerability in Open SSL, a common security certificate used to secure websites against revealing information. Most sites/platforms are issuing patches and updates to fix this vulnerability, its important to check whether it affects your site.
Many fraud prevention systems will react poorly to this type of fraud as from their perspective it looks exactly like a legitimate transaction and will be treated as such, bypassing many secondary security checks. At Trustev we constantly examine the background technical information surrounding a transaction to ensure that nothing is out of place and to specifically identify any third parties attempting to listen in on a transaction.
The worst case scenario - this is where a fraudster gains access to the backend of your website and/or ecommerce framework. Once in, they usually lock out the original owner, often by simply changing the password; and then they have complete control and untold damage can occur.
If you use any frameworks or software thats not developed in house, you should always ensure that you are running the most up to date version of software as they’ll normally release fixes and security updates to cover issues that arise. On a very basic level, its worth changing the relevant passwords on your site on a fairly regular basis as often fraudsters once they access your site, will ‘listen’ for a period of time before they execute their attack.
As fraud technologies advance exponentially, its important to make sure your business stays secured against threats. Trustev is a modern fraud prevention platform, built on our own custom developed technologies, meaning our system is always up to date with the latest threats and vulnerabilities - we don’t have to worry about the security and readiness of third party providers like many fraud solutions have to.
Fraud is killing the bottom line of businesses. By continuing to treat it as a series of once off costs, merchants are asking for trouble when they fall victim to a serious attack that could wipe out their business in one single incident.
Drop us a line for a no strings attached conversation about how you should be protecting your business's revenues against fraud.