1st Party Fraud

1st Party Fraud refers to any fraud committed against a financial institution or merchant by one of its own customers.

3DS (3D Secure)

3D Secure is an authentication method designed to reduce fraud and increase security for online card transactions. Originally sponsored by Visa under the 'Verified by Visa' brand, Mastercard and other networks adopted the '3D Secure' protocol and offer it to merchants worldwide. The name derives from the use of 3 domains (the acquiring bank domain, the issuing bank and an infrastructure domain) to provide greater security to online payments, although the extra validation and related consumer friction remains a topic of debate among merchants and security experts.

3rd Party Fraud

419 Fraud

419 Fraud is a type of advance-fee fraud in which individuals or companies receive unsolicited emails or letters promising a percentage of a large sum of money in return for allowing funds to pass through the victim's bank account. Also referred to as 'Nigerian Letter Fraud, these schemes often originate from West Africa and is named after section '419' of the Nigerian penal code under which this offence would be prosecuted.

A/B testing

A/B testing is a research method in which two groups, a control group (representing the current strategy) and an alternate group (representing a hypothesis for an improved strategy), are tested against one another in order to scientifically select the optimal final strategy.

Account Takeover Fraud (ATO)

ATO Fraud or Account Takeover Fraud is a form of identity theft in which a criminal gains control of a consumer’s account. In doing so, the perpetrator gains access to confidential information amongst the type of account, such as the consumer’s PIN, enabling them to change account settings, such as the statement mailing address, username and password, and/or enabling them to make unauthorized withdrawals.

ATO can involve one or multiple accounts of the victim — including, but limited to, bank account, email address, brokerage, phone, utility, social media, travel or online shopping accounts — and then used for a variety of unlawful activities with their personal information. Financial account takeover usually involves funds being removed from the victim’s accounts either by direct debit, payments or transfers being set up for fraudulent transactions without the victim’s knowledge or consent.

How Criminals Attempt Account Takeover Fraud

With account takeover of mobile phones, often the perpetrator’s intent is to gain control of the phone-based security authentication factor through a login attempt, which is usually a code or security token sent via SMS or authentication software to the phone. Once it is acquired by the criminal, the code can grant him/her access to the victim’s financial institution, brokerage, bitcoin and other financial accounts.

The credentials to commit account takeover are usually obtained by criminals indirectly through data breach marketplaces on the dark web or directly from the consumer using malware or via phishing. Once a fraudster gains access to a victim’s account, they often update the account credentials and contact information so the victim no longer no has control over the account and will no longer be informed about changes to the account. In most cases, the victims are unaware that their account has been compromised until the damage is done and the perpetrators have covered their tracks.

Fraud.net Has a Solution

To protect against Account Takeover Fraud, Fraud.net offers a variety of solutions to protect your business. With the power of AI and machine learning, our solutions help stop fraud in its tracks - before it destroys your company.

Contact us today for a free demo and recommendations.

Acquirer (Acquiring Bank)

The Acquiring Bank, also known as the merchant acquirer or the merchant bank, is the bank that is responsible for settling credit and debit card transactions on behalf of the merchant. Its counterpart is the issuing bank which settles card transactions for the purchaser or card holder. Acquirers enable merchants to accept credit cards, often provide merchants with necessary hardware and software to accept card transactions, and for their role in the card payment process, receive an acquirer fee or markup in addition to the interchange and other fees in a credit card and debit card payment.

Active Authentication

Active Authentication is a security and authentication method in which the user is challenged with questions about what he/she knows (knowledge-based), has (possession-based) or is (biometric-based).

Advance-Fee Fraud

Advance-Fee Fraud is a common fraud scheme generally involving a criminal tricking a victim into paying an up-front fee with the promise of a larger reward paid out later.

AI (Artificial Intelligence)

AI or Artificial Intelligence is broadly used to describe the simulation of the processes of human intelligence by computer systems. The processes simulate human learning in that the systems start with the acquisition of information, creating rules for using the information, reasoning by using the rules to reach conclusions, and self-correction by evaluating outcomes and compensating for incorrect predictions or errors. Artificial intelligence is generally categorized into one of three types: 1) Weak AI or Narrow AI, in which the systems and algorithms are trained to perform narrowly focused tasks, 2. Strong AI or General Intelligence, the theoretical goal of having a system apply intelligence to solve any problem much like a human would, and 3) Superintelligence, in which a system could far outperform human intelligence through rapid, recursive self-improvement. Although general intelligence and superintelligence are frequently discussed in media and entertainment, neither has been achieved and neither seems to be achievable in the near future. Artificial intelligence is often used interchangeably (but incorrectly) with machine learning and deep learning. AI is the science and approach to developing technology that mimics human intelligence. Machine learning, a subset of AI, involves the application of statistical techniques and modelling to create algorithms that improve with experience. Deep learning, a subset of machine learning, involves the creation of algorithms using multilayered neural networks trained on vast amounts of data.

AML (Anti-Money Laundering)

Combating Financial Crime: Understanding Anti-Money Laundering (AML)

AML or Anti-Money Laundering refers to a set of procedures, laws, or regulations designed to stop the practice of generating income through illegal activities. 'Money laundering' is the process in which criminals undertake a series of steps that make it look like money made from illegal or unethical activities was earned legitimately and can enter the traditional banking system. Most anti-money laundering programs focus on the source of funds as opposed to anti-terrorism and similar programs which focus on the destination of funds. In modern finance, a typical anti-money laundering program would be run by financial institutions to analyze customer data and detect suspicious transactions.

Did you know?

1. 300 billion is laundered through the United States each year
2. Worldwide, criminals launder between $800 million and $2 trillion each year.
3. 90% of money laundering crimes go undetected.

What is AML?

Anti-Money Laundering, commonly known as AML, refers to a set of laws, regulations, and procedures aimed at preventing individuals and organizations from concealing the origins of illegally obtained money. The primary goal of AML is to detect and deter money laundering activities, which typically involve three main stages: placement, layering, and integration. These activities are used to legitimize funds obtained through illegal means, such as drug trafficking, fraud, corruption, or terrorism.

Common Types of Money Laundering: 

Money laundering typically consists of three primary stages: 

1. Placement: Introducing illegal funds into the legitimate financial system. 
2. Layering: Creating complex layers of transactions to obscure the money's source. 
3. Integration: Reintroducing laundered funds into the economy, making them appear legitimate.

AML focuses on identifying and preventing these activities by requiring financial institutions to implement safeguards, report suspicious transactions, and maintain comprehensive records.

Six Key AML Solutions

A robust AML program involves a combination of measures that aim to identify, monitor, and report suspicious activities.

The six most popular solutions include:

• Customer Due Diligence (CDD): Verifying the identity of customers and assessing their risk profile.
• Transaction Monitoring: Tracking and analyzing transactions to detect unusual or suspicious behavior.
• Suspicious Activity Reporting: Reporting potential money laundering activities to the appropriate authorities. 
• Record-keeping: Maintaining comprehensive records of customer information, transactions, and risk assessments. 
• Employee Training: Ensuring that employees are educated and trained to recognize and report suspicious activities.
• Regulatory Compliance: Staying up-to-date with AML laws and regulations to adapt to evolving risks.

Strengthen Your AML Defense with Fraud.net. 

Fraud.net is a leading provider of advanced solutions for AML and KYC monitoring. Their platform offers a comprehensive suite of tools to help organizations effectively combat money laundering and other financial crimes and achieve compliance with local regulations.

To learn more about how Fraud.net can tailor a solution to meet your specific AML needs and explore their other capabilities, book a demo and speak with one of our solutions consultants today!

Arbers

In the world of online betting and gambling, an arber is a person who takes advantage of discrepancies in gambling sites odds, so as to ensure that no matter what party wins a contest (i.e. a race), the arber will always win money/cannot lose money. An arber essentially takes advantage of situations where it is mathematically guaranteed they will win money by betting on every single contender of a contest.

AVS (Address Verification System)

AVS or Address Verification System is a payment processing system comparison of the numerical portions of billing and shipping addresses with the addresses on file at the credit card-issuing bank. A single-digit code is returned that represents a match, a partial match, or a number of errors or alerts. The original concept contemplated that the transaction could then be subsequently approved, declined or set aside for manual review. AVS is one of only a few metrics provided to merchants by the issuing banks to assist in the merchants' risk assessment, but AVS responses are also one of the biggest reasons legitimate orders are declined.

B2B (Business-to-Business)

B2B or Business-to-Business refers to a business that sells products or provides services to other businesses.

B2C (Business-to-Consumer)

B2C or Business-to-Consumer refers to a business that sells products or provides services to the end-user consumers. Another variation of this concept is D2C (direct to consumer) in which a manufacturer sells directly to consumers with little to no intermediation.

Back Door

A route through which legitimate users or criminals can bypass security systems in order to access the data they’re after. Contrasts with a front door attack, where a virus or attack is done with help from the user, for instance by downloading an infected email attachment.

Baiting

Baiting describes the situation where a fraudster leaves something out like a USB drive, enticing somebody to pick it up and see what content is on it. The fraudster loads the USB drive up with things like malware and keyloggers, which attack a computer system when plugged in. This scheme is designed to take advantage of people’s curiosity.

Bank Identification Number (BIN Number)

Bitcoin

The most famous and popular cryptocurrency. While it is often thought of as an anonymous payment method, bitcoin (BTC) is actually pseudonymous, which means it is possible to track someone’s payments if you can tie a real life identity to a BTC wallet.

Burn(er) Phone

The term originates from the drug dealing world, and is used to describe inexpensive mobile phones designed for temporary use. It allows fraudsters and criminals to link an account to a disposable phone number, for instance to bypass 2FA.

Today, phone numbers can be generated via burner phone apps or services. These work like prepaid phone cards, only allowing you to use them for a limited amount of time before being recirculated. Because they go through your phone’s original cellular data, they can be traced.

Carding

What is carding?

Carding is the general fraudster term for using stolen credit card data, whether it’s used for direct purchases, or charging prepaid or gift store cards, which fraudsters then resell. This particularly targets organizations that handle payment card and transaction processing. One of the greatest threats to your business due to carding fraud are false expense claims, created by authorized staff who reimburse expenses incurred while carrying out their work duties and submit a claim for unqualified reimbursements.

The Open Web Application Security Project outlined the technical criteria that represent this type of fraud. Illicitly obtained payment card data can be validated against a merchant’s payment processing systems. When cybercriminals come into possession of stolen payment card data, the legitimacy is typically unknown. Fraudsters use pre-carding activities such as this to identify valid accounts of high value.

Fraudsters obtain payment card information from several sources:

• Stolen from an application.
• Stolen from a different payment channel.
• Purchased from a criminal marketplace on the dark web.

In some circumstances, criminals only have partial cardholder data at their disposal. For instance, they only have a limited mix or singular instance of expiry dates, security codes, or cardholder names. The subsequent steps taken with partial cardholder data are commonly used in card cracking attempts. From here, the known cardholder data is used to “cash-out” and access cash sums or the purchase of goods.

The cost of carding for businesses

Last year, Norton’s LifeLock division reported that “card not present” cases of carding fraud, or remote fraud, cost businesses over $27 billion in 2018. These losses have been projected to reach over $40 billion by the year 2023. As far as customers are concerned, businesses can validate many instances of fraud and offer them a reimbursement for any funds lost. Unfortunately, for institutions that process these payments, there is no recovery available when chargebacks start rolling in.

In the summer of 2021, CreditCards.com published an article highlighting some grim statistics regarding credit card fraud and identity theft. The FTC’s Consumer Sentinel Network 2020 Data Book ranked credit card fraud as the fifth most common type of fraud in the United States. Additionally, credit card information involved in data breaches has persisted at 12% of all data types involved in breaches. This is following the near-doubling of ransomware cases since last year. (Ransomware is a common method for capturing sensitive data and exfiltrating it from a victim’s systems.)

Theft of credit card data is what enables cybercriminals to commit fraud through carding. For example, one common tactic that cybercriminals utilize to move funds and cover their tracks is purchasing gift cards and prepaid debit cards. With stolen funds acquired through carding being filtered through this process, these cards can be resold on the dark web for a discount. Once the cards are sold, cybercriminals obtain untraceable cash hoards using your organization’s money.

Protecting this data is a challenge all its own. However, once this data falls into the wrong hands, organizations that process payment card data are the last line of defense for cardholder accounts. This means leaders need to adopt a proven solution to help prevent carding.

Stop carding with Fraud.net

Fraud.net has responded to the frightening increase in carding fraud by developing a timely solution that leverages artificial intelligence and quality data sources. Transaction AI is built on top of a robust foundation that allows your fraud teams to help combat carding attempts. The Transaction AI solution offers a carding detection capability by employing multiple data points:

• Actionable, real-time alerts of anomalous account behavior.
• Risk scores for every account transaction to reduce false positives for your fraud team, save valuable time and prevent carding attempts sooner.
• Rule-based workflows based on risk that can scale to thousands of instances of carding fraud. The granular definition and governance of these workflows accelerate investigations and can be customized with organization-specific criteria.

Furthermore, Transaction AI places high-value visualizations of fraud trends that you can use to expedite the interpretation and decision-making process. When both large and small volumes of carding attempts are suspected, this allows your fraud teams to remain well-informed of potential criminal activity.

Fraud.net’s powerful platform correlates customer transaction history with billions of unique data points. This data is exclusively provided to Fraud.net customers to give them the extra edge needed to detect carding fraud.

How does Transaction AI work?

Being able to track suspicious activity has never been easier, and reliance on human intuition no longer has to be an obstacle for your organization. Through partnerships with industry vendors and organizations like payment processors, Fraud.net collects transaction data, anonymizes it, and produces real-world case studies on carding fraud.

With this solution, your organization has the necessary tools to rapidly identify carding attempts, no matter which method cybercriminals use.

Stand up and fight carding fraud

Fraud.net is a proven leader in the fight against carding fraud. We can help your fraud teams detect these attempts and disrupt cybercriminals before it’s too late. Protect your business from unwanted scams and a decreased profit margin by signing up for a free fraud analysis today.

Catfishing

A form of social engineering where fraudsters and criminals create fake online identities to lure people into emotional or romantic relationships for personal or financial gain.

Online seduction and blackmail are used to acquire personal information such as credit card numbers, social security numbers, or home addresses, among others.

CC

The fraudster term for stolen credit card data. A full CC contains the original cardholder’s name and address, expiration date, and CCV. It becomes a Fullz when other personal data points are added to the package.

Certified Fraud Examiner

The Certified Fraud Examiner (CFE) is a qualification issued by the Association of Certified Fraud Examiners (ACFE). The ACFE organization is a provider of anti-fraud education and training. CFE training includes teaching about information on difficult financial transactions and appreciating forensic approaches, regulation, and deciding on claims of fraud.

Click Fraud

What is Click Fraud? 

Click fraud is a form of marketing fraud that occurs when pay-per-click (PPC) online ads are illegally clicked to increase site revenue or exhaust a company's budget. It is often intentional, malicious, and has no potential for clicks to result in a sale.

PPC ads generate revenue for publishers or exhaust client budgets for an advertiser based on how much a customer clicks on them (and how many of those clicks are converted to sales). Clicks become fraudulent when those doing the clicking are a computer program (ex. bots), an automated script mimicking a legitimate user or a human with no actual interest in the ad’s target. It is considered a “black hat”, or violating computer security for personal profit or malice.

Sometimes click fraud can be carried out by a site owner to artificially boost ad revenue for their business. It may be carried out by a publisher or ad agency to artificially inflate their click rate making them more appealing to companies looking to market themselves, without actually having such an audience.

Here are several different types:

Non-contracting party click fraud

Between advertisers

One advertiser attempts to use up another advertiser’s budget by engaging in click fraud. Once the latter advertiser’s budget and space are used up on irrelevant clicks, the former becomes the sole advertiser and takes up the space and visibility. 

Between publishers

Another version of this occurs when an attacker maliciously attempts to frame a publisher by making it look like they click on their own ads. This would cause an advertiser to mistrust the publisher and end their relationship with them. Because PPC revenue is often the primary source of income, this practice can destroy a publisher’s business.

Vandalism

It is often difficult to track down the culprit of click fraud motivated by vandalism. Often, fraudsters target publishers or advertisers for political or personal vendettas.

Friends and Family

Click fraud can also occur when a publisher is supported by their friends or family clicking on ads to generate revenue. Sometimes the publisher conspires with their personal relationships to commit this type of click fraud, or it is truly just patronage on the part of the friends and family. 

Classic click fraud

Site owners (publishers) publish ads using an advertising network like Google AdWords, and click on ads placed on their own sites to increase ad revenue. The advertiser (company creating and placing the ad via advertising network) has their budget exhausted or is defrauded by the actions of the publisher. 

Click Farming

Some companies will outsource to low-cost employees to manually click ads all day and generate ad revenue, as part of “click farms”. 

Automated Script 

A computer program mimics a user and clicks an ad. It does so by translating existing user traffic into clicks and impressions. Another method is to bombard a large number of computers with viruses and have those viruses make the computers click ads. 

Hit Inflation

Some advertising publishers use this method to drive traffic from a dishonest site to a dishonest publisher, generating clicks and thus revenue. This occurs when the dishonest site contains a script that converts website interaction on it to clicks for the publisher. The user interacts with the initial site and interacts, not knowing that their interaction is generating clicks for a secondary publisher that they do not directly interact with or are not aware of. 

Search Result Manipulation 

This iteration of click fraud occurs with the click-through rate of a website rather than PPC ads. Ranking of sites increases when search results generate clicks to those sites - for example, if you were to search “fraud.net” up, the highest clicked site would be listed at the top of search results (that’s us!). In this version, fraudsters generate false clicks on results they want to promote and avoid results they want to demote. The businesses with the higher clicks will have improved rankings while those avoided will not - many malicious publishers or companies will use this to put their competitors at a disadvantage.

The Cost of Click Fraud 

According to PPC Protect’s Global PPC Click Fraud Report, 11% of all search clicks are fraudulent, with 17% on connected TV campaigns and 36% on display ad campaigns.

How to Combat Click Fraud

Despite the many ways click fraud can manifest for your business, there are some key things to look out for to check if you’ve been victimized:

• Unusual rises in impressions
• Unusual peaks in clicks
• No corresponding increase in conversions with a click or impression peak
• Page views decrease during click or impression peaks
• High bounce rate during click or impression peaks.

If you suspect you’ve been targeted by click fraud, contact your advertising network running your PPC ads and report your findings. This way, fraudulent clicks can be credited back to your account or budget.

However, the best protection is prevention.

Fraud Prevention with Fraud.net

Fraud.net offers a wide range of products to combat various types of marketing fraud, including click fraud. Contact us for a free demo and product recommendations to protect your business.

Clickjacking

What is Clickjacking?

In summary, clickjacking is when a fraudster targets someone to click a link, either to get them to install malware or to try to 'phish' them, a related term that involves getting a user to enter personal information via a fake website.

Clickjacking is done by sharing captivating content that misleads the user. Once people click back to the source of the content, the fraudster then tries to attack them. 

What Is There to Gain?

A fraudster has multiple ways to use these clicks for their own gain. With clickjacking, fraudsters can gain access to passwords, credit card numbers and any other valuable data that can be exploited. Clickjacking can also turn features in your devices system on and off when malware is installed. This malware has a lot of capabilities, ranging from enabling microphone and camera access or pulling location data from your device. In short, these clicks can cause strife in the moment, and can make crimes easier in the future.

Clickjacking Examples

A common example of clickjacking involves fraudsters creating a mirror login page to capture user information on a website. With this method, the user assumes that they're entering information into a usual form on a website they visit. In reality, the users can actually be entering that valuable information into an overlaid field controlled by the fraudster. The fraudster gets access without the user ever knowing there was something wrong.

An attacker can also redirect clicks from social media or emails to download malware or gain access to vital systems. This spells trouble for any organizations that rely on protecting sensitive data and intellectual property.

Additionally, links can be hidden under media and trigger a particular action, such as liking a Facebook page or ordering a product on Amazon.

How can Clickjacking be Prevented?

Computer Fraud

Computer Fraud is defined as the action of utilizing a computer to attain or modify the electronic information or to get the illegal usage of a mechanical system or computer. Computer fraud in the United States is particularly forbidden by the Computer Fraud and Abuse Act, which specializes in proscribing this matter, which is considered computer-related under the federal authority.

Computer System Penetration

Computer System Penetration, known as a penetration test (or pen test), is an official virtual cyber-attack towards a computer system, executed to assess the security of the system. The test classifies the strengths and weaknesses of the system, as well as how likely it is for someone unauthorized to gain access to the features and data of the system, in order to enable a complete hazard assessment.

Confirmation Fraud

Confirmation fraud is a type of fraud that comes in two layers. First, a fraudster falsifies transactional information, like pretending to deposit a certain amount of money in an account (on someone else's behalf). Then, the fraudster creates fake materials that falsely confirm that that first transaction went through, when in reality it didn't. In short, a fake deposit (or other transaction) is falsely confirmed as having gone through by a fake confirmation, so as to cover up the fact that the first transaction was actually fraudulent.

Conflict of Interest

Conflict of Interest or COI is a situation where a member of multiple interests, in fulfilling their obligations to one interest, can fail the obligations they have to another. The inability to please multiple interests simultaneously, or even just the possibility of not being able to please them both, is then termed a "conflict of interest."

Consumer Authentication

Consumer Authentication is the term used for the devices that are designed to verify that a person making a transaction or any business deal is really the person who is certified to do that action. This term applies to both card-not-present transactions as well as in-person transactions.

Contract Fraud

A person commits contract fraud when they make a knowingly false statement that serves to trick or deceive another person into signing a contract. A person also commits contract fraud when, through misrepresentation, they trick an individual who does not believe they are entering into a contract, into signing one.

Cookie

A "cookie" is defined as a small amount of information that a Web browser saves on the user’s system. Cookies are a method designed for Web applications to retain the application domain. Cookies are commonly used by websites for verification, saving the user's information/preferences on the website, or browsing system information or any other matters that support the Web browser while it gets into the Web servers.

Corporate fraud

Corporate fraud is the purposeful falsification of the financial data of a company or the actions that have been made by the company to deliver fake information to the public, in order to increase the company’s profits. Characteristic cases of corporate fraud are complicated, extremely private, and if exposed consist of the economic indignities and elusions of financial accountabilities that the company has committed.

Corporate Identity Theft

Corporate Identity Theft, also known as CIT, is the deceitful and careful falsification of an identity of a company. It is also sometimes called a “white-collar crime” since it is commonly performed in a “cyber setting,” and is not in the field of the conventional criminal.

Corruption

The term corruption describes when the integrity of an entity is compromised or put at risk by inner actors who aim to illegally or unethically benefit themselves or that entity. The goal of corruption can be financially-related, but does not need to be in order to be considered corruption.

Counterfeit Card

Counterfeit cards are fake credit cards with an actual account's info that can be gained through various methods. A lot of times the victims of these crimes will still have their actual cards and never realize that their information was stolen. These cards might appear to be genuine and even have the issuers’ logos along with the encoded magnetic strips.

Counterfeiting

Counterfeiting is defined as the planned attempt to duplicate a real and authentic article such as a symbol, trademark or even money with the purpose to distort and convince the purchaser or the recipient to believe that he or she is really purchasing or receiving the real article itself.

Crawler

A web crawler, also known as a web spider or web robot, is a program, software package, or automated script which browses the Global Web in a systematic and automated method. Web crawlers are mostly used to generate a duplicate of all the pages they visit, then processing them throughout a search engine that will file the copied pages to deliver faster search results.

Credential Stuffing

Credential stuffing is a form of cyber-attack where a taken account's credentials, usually containing the lists of usernames and/or email ID along with the matching passwords, are stolen and then used to gain illegal access to real user accounts over a large-scale automated login.

Credentials

Credentials refer to achievements or titles bestowed upon someone, generally by an authoritative body, that are brought up in order to validate the capabilities and suitability of that person for a certain task.

Credit Bureau

A credit bureau is an organization that gathers and also investigates the entirity of credit information from a person and then sells the information to the creditors to get a fee so that they will able to make a decision regarding the permitting of a loan. These organizations usually associate with all kinds of loaning institutions and credit issuers to assist them in making any loan decisions.

Credit Card

A credit card is a thin four-sided block of plastic allotted by a financial firm that allows cardholders to borrow some funds to pay for products and services purchases. Credit cards are subject to the condition that cardholders must repay the borrowed cash, sometimes with interest or other charges.

Credit Card Fraud

Credit Card Fraud refers generally to any fraudulent transaction using a credit card as a source of funds. The fraudulent transaction may be committed to obtain goods or services or to illegally obtain funds from an account. Credit card fraud may occur simultaneously with identity theft, but can also occur when a legitimate consumer makes a purchase with no intention of paying for the goods or services, sometimes referred to as chargeback fraud or friendly fraud. Credit card fraud is related to debit card fraud, differing primarily in the form of payment. Another form of credit card fraud is new application fraud, in which a perpetrator applies for a credit card in a victim's name, then uses the card to purchase goods and services illegally. A victim’s credit card information can be acquired in a number of ways, by being purchased on the deep/dark web, by using skimmers at retail points of sale or ATMs, or through corporate data breaches.. The true cost of credit card fraud for merchants is more than just the cost of lost merchandise — it also includes lost profits, bank fees and chargeback costs.

Credit Card Fraud Detection

What is Credit Card Fraud Detection?  

Credit card fraud detection refers to the set of policies, tools, methodologies, and practices that credit card companies and financial institutions use to prevent fraudulent purchases, both online and in-store. It involves using various techniques and technologies to identify potentially fraudulent transactions in real-time or post-transaction analysis. The goal is to minimize financial losses for both cardholders and card issuers by quickly identifying and stopping unauthorized or suspicious transactions.

Stats:

• Stolen credit card details are available for £1 each online
• 44% of credit card users reported having two or more fraudulent charges in 2022.
• People in their 30s are the most vulnerable to credit card fraud.

Common Types of Credit Card Fraud Detection

• Rule-Based Systems: These systems use predefined rules and thresholds to flag transactions that deviate from normal patterns. For example, if a card is used in multiple countries within a short time span, the system might flag it as suspicious.
• Machine Learning (ML) Models: ML algorithms can analyze historical transaction data to identify patterns associated with fraud. These models can learn from new data and adjust their detection techniques accordingly.
• Anomaly Detection: This approach involves identifying transactions that deviate significantly from the expected behavior. Anomalies might include large transactions, transactions in unusual locations, or transactions made at unusual times.
• Behavioral Analysis: This method focuses on understanding the typical spending behavior of a cardholder and flagging transactions that differ from that behavior.
• Geolocation Analysis: By analyzing the geographical location of a transaction and comparing it to the cardholder's usual locations, fraud detection systems can identify suspicious transactions.

How It's Different from Similar Fraud Detection

Credit card fraud detection has unique characteristics due to the nature of credit card transactions. Unlike other types of fraud detection, it:

• Focuses on financial transactions, especially electronic payments.
• Involves real-time monitoring to prevent immediate financial loss.
• Utilizes behavioral patterns and transaction history specific to individual cardholders.
• Needs to balance between minimizing false positives (legitimate transactions flagged as fraud) and false negatives (fraudulent transactions not detected).

It specifically focuses on preventing fraudulent purchases made using credit cards. It differs from other types of fraud detection, such as insurance fraud detection or healthcare fraud detection, which focuses on preventing fraudulent claims or transactions in those specific industries.

Solutions for Credit Card Fraud

Credit card fraud detection employs a multifaceted approach to safeguard financial transactions. Machine learning algorithms, including neural networks, decision trees, and ensemble methods, are adept at learning from historical transaction data to recognize fraud-related patterns. Predictive analytics harness historical data and statistical techniques to gauge the likelihood of a transaction being fraudulent. Real-time monitoring systems swiftly identify and thwart fraudulent activities as they unfold, ensuring prompt intervention.

Furthermore, biometric authentication offers an additional layer of security by utilizing traits like fingerprints and facial recognition, thereby mitigating the risk of unauthorized transactions. Behavioral analytics delves into spending habits, transaction frequencies, and behavioral trends to pinpoint irregular activities. Augmenting transaction data with external information, such as device data and geolocation, through data enrichment techniques, enhances the accuracy of fraud identification. This comprehensive arsenal of methods collaborates to fortify credit card fraud management, providing a dynamic defense against evolving fraudulent tactics. 

For instance, a machine learning model trained on a dataset of legitimate and fraudulent transactions can learn to differentiate between normal spending patterns and unusual activities. Let's say a user typically makes transactions within a certain geographic region and at specific times of the day. If suddenly, there are multiple transactions from different countries or during unusual hours, the machine learning model can flag these transactions as potentially fraudulent.

Don't Wait for Fraud: Take Charge of Your Security Against Credit Card Scams!

Fraud.net offers a comprehensive fraud detection solution that combines machine learning algorithms, behavioral analytics, and real-time monitoring. It employs advanced algorithms to detect anomalies and suspicious behavior, helping businesses prevent credit card fraud. Request a demo today to learn more about how Fraud.net's solution can help your specific needs!

Credit Card Number

A credit card number is the exclusive number printed on a credit card. The first six numbers written on a credit card are the issuer's identification numbers, and the last remaining numbers are exclusive to the specific card. These credit card numbers are typically available in embossed form on the credit card.

Credit Card Refund Schemes

Credit Fraud

Credit fraud is described as a situation where a customer's personal information has been stolen by a fraudster in order to make a new credit claim using the stolen information. In this case, the customer's name may not be authorized.

Cryptocurrency

A cryptocurrency is a virtual or digital currency that applies cryptography for safety purposes. A crypto currency is quite challenging to counterfeit because of the security feature. Many of the crypto currencies are distributed systems built on Blockchain technology, which is a scattered accounting book applied by a dissimilar system of computers.

Cryptogram

A cryptogram is a form of puzzle that contains a small part of encrypted text. Usually the code used to encrypt the text is quite simple so that the cryptogram can be resolved manually. Often the cryptogram is used for exchange codes where each letter is exchanged for a different number or letter. 

Cryptography

Cryptography is the study (as well as the practice) of methods for secure communication in the presence of malicious third parties. Generally, cryptography is centered around creating and investigating procedures that prevent the public from reading confidential messages. A number of data security features such as data privacy, data truthfulness, verification, and even non-refutation are essential for contemporary cryptography.

Cryptomining

Cryptocurrencies require large amounts of computer power to be created, or “mined”. Some legitimate companies specialize in mass cryptomining through dedicated mining farms.

Cyber criminals and fraudsters, however, like to deploy cryptomining viruses or bots on unsuspecting users’ computers, or even organizations’ servers. This allows them to mine at scale, without spending extra money on equipment or resources like electricity.

Current Address Fraud

Current address fraud occurs when a fraudster changes the known address of somebody to a new one, thus re-routing their mail to somewhere the fraudster can likely access it.

Customer Due Diligence

Customer Due Diligence, also known as CDD, is defined as the method by which appropriate data or information regarding the customer is gathered as well as assessed for any possible threat for the business, money laundering, or even terrorist financing actions.

Customer Identity and Access Management

Customer Identity and Access Management, also known as CIAM, could be defined as a subsection of the broader Identity Access Management or IAM, and it specifically focuses on dealing with or handling personalities, access, and the security designed for software applications.

CVV (Card Verification Value)

What is a CVV?

The card verification value (CVV), is a three- or four-digit code on the back of a debit or credit card. It is sometimes referred to as a CID, or card identification number. This unique code is used to verify that a shopper has physical access to the card they’re using to pay for goods or services. Other qualities of a card can be stolen or copied through methods like using a card skimmer, but the CVV won't be recorded through those methods, making the CVV a useful and important authenticator in online card transactions.

Why do merchants ask for a CVV?

When paying online or via phone, merchants request the CVV to check whether it matches the information from the issuing bank. Banks and credit card companies use advanced algorithms that are impossible to spoof to generate CVVs. They are based on information like the account number or expiration date of the card.

Asking for the CVV during checkout protects merchants and consumers from card-not-present fraud. This fraud is on the rise. In fact, payment fraud involving credit cards amounts to $100 billion in losses each year globally.

How to protect your card verification value

Preventing your CVV from falling into the wrong hands protects you from criminals making unauthorized transactions with your card.

Even though data breaches are a major concern, the risk of hackers stealing CVV numbers during breaches is very low since PCI standards specify that merchants shouldn't store CVVs once a transaction is completed.

Merchants can even process recurring payments without a CVV once they obtain the proper authorization from the user to avoid storing this sensitive information.

Nonetheless, consumers should be aware of a few things in order to protect their card verification value and other information:

• Phishing is a common way of stealing payment credentials. With three billion phishing emails sent daily, it pays to be wary of any email requests to share payment details.
• Phishing isn’t limited to emails. Some scammers use sophisticated social engineering schemes that involve calling victims to trick them into sharing sensitive payment information. Don't do it. Credit card companies won't ask for this information over the phone.
• Malware such as keyloggers can spy on a user and record everything they type online, including credit card numbers, before sending this information back to a hacker.

Protect Your Business with Fraud.net

As a business owner, you can protect your organization from phishing with an email shield.

Fraud.net’s Email AI solution can analyze multiple data points to spot malicious emails and alert users that a message could contain malware or come from a criminal phishing for payment credentials.

Contact us today for a free demo and product recommendations.

Cyber Fraud

Cyber fraud is described as a situation in which a fraudster uses the Internet to earn money, products, or some other interest on things which they obtained illegally from people, generally through deceiving or tricking them.

Dark Web

The Dark Web, What is it?

The entirety of the web that is not accessible by search engines. Regular browsers, like Google and Bing, search the so-called “surface web", defined by public links, and the search stops there. The "Deep Web" and "Dark Web" are more in-depth, allow for privacy, and serve different purposes. When discussing them, it is important to remember their distinctions, as there are many. 

The "deep" portion of the web is just like it sounds — below the surface and not completely dark. For instance, online banking pages, legal and government documents, or scientific reports have no reason to be indexed. Personal emails and secure information, like bank statements, can also not be searched.  

The dark web, however, represents a sliver of the deep web. While many of its websites are generally harmless, it is often associated with illegal activities, and this can lead to serious consequences. Like the deep web, this portion of the web is unindexed. However, the websites are also encrypted, and this level of anonymity is why it is often dedicated to criminal activities. These sites are hosted on special domains, and you need special software to access them, such as the Freenet or TOR browser. 

The Dark Web's Risk to Your Business

A nearly infinite supply of stolen payment cards and identities can be acquired on the dark web. The cost of an identity can range from a few dollars to a few thousand dollars, depending on the detail. Many sellers offer guarantees as to the data’s validity and will provide replacement identities if out of date or inaccurate. Escrow services are available for larger purchases and fraud-as-a-service, using local proxy servers, can further improve the odds of illicit transactions getting past anti-fraud systems.

Monitoring programs can also be customized within certain bounds to address gift card and digital product theft, the sale of credentials and customer data by insiders, and other specific merchant challenges.

Learn More & Protect Your Business

To learn more, visit the Dark Web Monitoring page on our website, and contact us today to talk with our experts and receive a free demo.

Data Breaches

A data breach, also known as a data leak or data spill, is an event that includes the illegal inspection, access or retrievial of data by a person, an application or otherwise a service. It is a form of security breach that is intended to steal or broadcast the data to an unsafe or illicit site.

Data Capture

Data capture, or electronic data capture, is the process of extracting information from a document and converting it into data readable by a computer.

Data Enrichment

Data enrichment is defined as the merging of third-party data from an external authoritative source with an existing database of first-party customer data. Brands do this to enhance the data they already possess so they can make more informed decisions with a larger pool of higher quality data.

Data Mining

Data mining is the process of investigating concealed configurations of data rendering at different viewpoints for classifying valuable data, which is gathered and collected in standard zones, such as data warehouses, for effective investigation, data mining systems, assisting the corporate decision-making process plus further data needs in order to finally reduce costs and raise revenue.

Data Points

A data point is defined as a distinct component of data. In a broad common sense, every single detail is considered as a data point. In an arithmetical or systematic framework, a data point is typically imitative in terms of size or investigation and can also be exemplified in an arithmetic and/or detailed manner.

Data Protection Act

The Data Protection Act (DPA) is a United Kingdom law passed in 1988. It was established to manage how individual or consumer data could be used by any organizations or government organizations. It protects the public and also provide some instructions on how to use the data people's data.

Data Provider

The term data provider is used to describe the process of retrieving data from relational data sources in non-real time applications. The data provider manages the data at each stage by mapping the logical column definitions in the application view to physical table columns in the customer database.

Data Science

Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is a widely recognized set of rules and policies proposed to improve the security of cash, debit and credit card transactions and also to protect credit cardholders, to prevent the mismanagement of their private data. The PCI DSS was formed in association with four major credit-card companies: Visa, MasterCard, Discover and American Express in 2004.

Data Set

Data set is an assortment of data. Usually a data set match up to the subjects of a distinct database table, or otherwise a particular arithmetical data matrix, where each single column of the table indicates a specific variable, and each row match up to a set of affiliates of the query data set.

Day of the Jackal Fraud

What is Day of the Jackal Fraud?

Day of the Jackal Fraud is an identity fraud technique in which the birth certificate of a dead child is used to obtain a passport or some other certified identity document. This kind of fraud gets its name from the book which has the same name/title, written by Fredrick Forsyth. Day of the Jackal Fraud dwindled after the UK cracked down on the crime in the mid to late 2000s.

Day of the Jackal by Fredrick Forsyth vs. Day of the Jackal Fraud

The book centers around a professional assassin contracted by a French paramilitary organization conspiring against Charles de Gaulle, the president of France. The assassin is unique in that his true identity is always unknown, codenamed “The Jackal,” who acquires a legitimate British passport using the name of a deceased man. The Jackal specifically searches graveyards to find the headstone of a child who, if he had not died, would be roughly the same age as him. Then, he buys a copy of that child’s birth certificate and applies for a passport, now possessing a new identity to carry out his mission. 

The recognized crime “day of the jackal fraud” operates in the same manner as The Jackal’s instance of identity fraud. Fraudsters apply for a passport under a false name, usually someone deceased and one without much of a history. Once they have that passport, they effectively have a new identity with which they cannot be tracked.

How Prevalent Is It?

In 2003, BBC reported that around 1,500 possibly fraudulent passports were being granted in the UK each year, although the actual number may be higher. In any case, identity fraud including Day of the Jackal fraud cost the government 1.3B GBP per year around 2003, until records transitioned to a computer database that could more easily flag names of the deceased being used for passport identity fraud by cross-referencing names with the Office for National Statistics (ONS). 

In 2007, the United Kingdom Identity and Passport Service (IPS) uncovered about 1,200 cases of passport applications using identities of deceased people, and stopped 700 new fraudulent applications, virtually ruling out this type of fraud with “Operation Wisdom”, launched in 2004. Since 2007, there are only rare cases of day of the jackal fraud attempts - it is now virtually insignificant in the UK, although other countries that lack record digitization or automated security may still face this problem today.

Why Is This Important?

Day of the Jackal Fraud is a form of identity fraud and application fraud - identity fraud still targets businesses, governments, and consumers today, at alarming rates as the methods of constructing a false identity have evolved. Although government agencies are more likely to stop identity fraud with their access to public identity information, businesses and their consumers could still be at risk from application and synthetic/false identity fraud. 

Learn more:

• Definition - False Identity Fraud 
• Blog - What is Synthetic Identity Fraud?
• Blog - Synthetic Identity Fraud is Proving to Be Challenging and Stealthy
• Blog - Top 7 Steps for Preventing Loan Application Fraud

Contact Fraud.net for recommendations for fighting application and identity fraud and a free demo of our products.

Debit Card

A debit card, also known as a bank card, plastic card, or check card is a payment card that can be used as an alternative to cash when making any purchase transactions. Physically, it looks quite similar to a credit card, however, unlike a credit card, the money is transferred directly from the bank account of cardholders when making a purchase transaction.

Debit Card Fraud

Debit card fraud is any kind of fraud where debit card accounts are accessed by fraudsters without the account owner's authorization in order to manipulate or usually drain their funds. Debit card fraud is quiet easy to commit due to the fact that a debit card's information can be gained with ease.

Dedicated Hosting

A dedicated hosting service, also known as a dedicated server or a managed hosting service, is basically an Internet hosting structure where the customer leases an entire server not shared with anyone else. This is even more flexible when compared to shared hosting, since with dedicated hosting organizations have full access and control over the server(s) and all hardware involved with them.

Deep Fake

A technology that overlays a video with different audio or video, in order to make a real-looking video of somebody saying or doing something. A famous example could be a deepfake of Nancy Pelosi (in May 2019) that caught a lot of news attention before being recognized as an authentic-seeming deepfake.

Deep Learning

Deep learning is an artificial intelligence function that imitates the workings of the human brain in processing data and creating patterns for use in decision making. Deep learning is a subset of machine learning in artificial intelligence (AI) that has networks capable of learning unsupervised from data that is unstructured or unlabeled.

Deep Web

The Deep Web, What is it?

The entirety of the web that is not accessible by search engines. Regular browsers, like Google and Bing, search the so-called “surface web", defined by public links, and the search stops there. The "Deep Web" and "Dark Web" are more in-depth, allow for privacy, and serve different purposes. When discussing them, it is important to remember their distinctions, as there are many. 

The "deep" portion of the web is just like it sounds — below the surface and not completely dark. For instance, online banking pages, legal and government documents, or scientific reports have no reason to be indexed. Personal emails and secure information, like bank statements, can also not be searched.  

The dark web represents a sliver of the deep web, and while many of its websites are generally harmless, it is often associated with illegal activities, only accessible via the Tor browser, and such sites can lead to serious consequences.

The Dark Web's Risk to Your Business

A nearly infinite supply of stolen payment cards and identities can be acquired on the dark web. The cost of an identity can range from a few dollars to a few thousand dollars, depending on the detail. Many sellers offer guarantees as to the data’s validity and will provide replacement identities if out of date or inaccurate. Escrow services are available for larger purchases and fraud-as-a-service, using local proxy servers, can further improve the odds of illicit transactions getting past anti-fraud systems.

Monitoring programs can also be customized within certain bounds to address gift card and digital product theft, the sale of credentials and customer data by insiders, and other specific merchant challenges.

Learn More, and Protect Your Business

To learn more, visit the Dark Web Monitoring page on our website, and contact us today to speak with a Fraud Prevention Specialist. 

Denial of Service Attack (DDoS)

A denial-of-service or DoS is any category of attack in which hackers or attackers endeavor to prevent authentic users from retrieving the service. Within a DoS attack, the hacker or attacker typically sends extreme messages requesting the network or server to validate the requirements that actually have unacceptable arrival addresses, which can overload a system and block even authentic users from being validated to access the service.

Derived Identification

Derived Identification is the term for a unique verification device that is stored within your phone, and is used to identify that a person logging into something or making a purchase has access that phone at that moment. Its primary purpose is simply for authorization purposes, like a kind of multi-factor authentication.

Device Cloning

Device cloning is the practice of producing an accurate copy of any application driver. The term can be used to indicate a body, software design or an application that has roles and behavior related to another body or application driver, however, it does not comprise the real source code of body or the apprehensive program.

Device Emulator

A device emulator is defined as a software or hardware that allows a computer system (named host) to perform as a different computer system (named guest). A device emulator generally allows the host system to use the software or peripheral devices intended for the guest system. This system allows fraudsters to repeat multiple attempts at login, signup or payment with with different parameters so they don’t get blocked, as they make it seem as if a different computer is continuing to attempt the log-ins.

Device ID

A device ID or device identification is a unique number related to a cell phone or to the handheld device itself. Device IDs are separate from the hardware serial numbers. It could be a mixture of a number of elements and it is also able to include an inception to allow incomplete advancements.

Device Intelligence

An intelligent device is basically any type of equipment, instrument, or machine that has its own computing capability. The existing grade of intelligent devices is quite wide-ranging, and in addition to personal and handheld computers, the almost infinite list of possible intelligent devices includes cars, medical instruments, geological equipment, and home appliances.

Digital Identity

A digital identity is a network or an online identity that has been approved or applied for in cyberspace by a person, business or also electronic device. These mentioned users may also progress above a single digital identity and do so with various groups. In terms of digital identity management, the main areas of focus are security and confidentiality.

Digital Signature

A digital signature, also known as an electronic signature, proves the legitimacy of an electric file or text in digital communication and uses encryption methods to keep the content of the file secure. Digital signatures are used in e-commerce, software dissemination, economic dealings and other circumstances where counterfeiting or interfering may otherwise be possible.

Digital Wallets

A digital wallet is basically a software-based structure designed for building e-commerce transactions. With the use of a digital portfolio, online acquisitions can be made simply by using computers or smartphones. Generally, users’ bank accounts are linked to their digital wallet as well. In a digital wallet system, user identifications are securely saved and approved in all transactions.

Disintermediation

In finance, disintermediation is described as the withdrawal of cash from intermediate financial associations, like banks, investments and loan relatives, to endow them openly. In general, disintermediation is the procedure of eradicating the trader or intermediary from the forthcoming transactions. Disintermediation is generally completed to invest in implements that produce higher profits.

Dispute

A credit card dispute refers to the process of denying charges to a credit card for whatever reason. Billing errors may consist of custodies for products which you have ordered but never received, charges for products that you have returned, or charges that you never authorized.

Diverting funds

Diverting funds is defined as the use of funds by the debtor in defiance of the authorized terms of the moneylender, in a number of circumstances such as the extension of the credit facility, shifting the funds to its subsidiaries or other companies, and various other circumstances which are not in compliance with the authorized terms.

Domain Name

A domain name is a tag that recognizes a network domain: a discrete cluster of computers under a fundamental management or authority. Within the Internet, domain names are designed by the guidelines as well as the procedures included in the Domain Name System (DNS). Any name listed and registered in the DNS is considered as a domain name.

Door to Door Magazine Sales Fraud

Magazine sales fraud usually starts with a simple knock on the door with a person trying to sell a magazines to “increase the money” intended for a donations, charity, or other superficial earnest reasons. The customers who pay to sign up every so often report that they do not receive anything in return.

Doorway Domain

Doorway domains are created so that they positionate well in search engines results aimed at specific keywords, and then are used as an entry point over which visitors must pass to reach to the main domain. By matching a certain number of pages to a site designed for search engine optimization determinations, a different site is set aside to be totally improved.

Doorway Page

Doorway pages are web pages created in order to measure the influence of search engine indexes (spamdexing). A doorway page influences the index of a search engine by introducing results for specific sentences and at the same time directing the visitors to a dissimilar page.

Drop Address

"Drop Address" - What is it?

A "drop address" is the address where fraudsters send goods purchased illegally (for instance with a stolen card).

While having a secondary address or P.O. box is entirely legal, the distinction for "drop addresses" falls under the purpose of the address, and the means by which the goods shipped there were purchased.

This kind of scheme is often well planned and executed. Some will go as far as making an abandoned house look lived in. Examples of this could be mowing the lawn, plugging in electricity generator to make the property seem lived in. 

Accomplices in drop address scams are often unaware they are helping fraudsters. They are often recruited through online job offers. The fraudster pretends to be in a different country, and offers to pay the hired person to forward them the stolen goods.

Legal Concerns

Legally, this kind of fraud often falls under the classification of "access device fraud", which is a serious sentence due to the severe risks it can pose to other citizens

Under New York law, for example, an access device can be a card, plate, account number, or any other means of account access. Essentially, information that can be used to obtain money, goods, or services or initiate a transfer of funds. In New York State, it is a Class A misdemeanor, punishable by 1 year in prison and/or a fine of more than $1,000.

Criminal Use of an access device in the first degree offers worse consequences. It applies when a person knowingly uses an access device, without the owner’s consent. The consequences surmount when the fraudster uses this device to unlawfully obtain telecommunications services with a value more than one thousand dollars. This is considered a Class E felony that can result in up to 4 years in prison and/or a $5,000 fine.

We've provided a brief breakdown below.

Stop Fraud, Not Customers

Despite the risks, this occurs more frequently than you might think.

Machine learning, anomaly detection, geolocation and behavioral analyses can all be combined to detect high-risk sessions on your site and prevent most fraudulent logins. Banks, crypto exchanges and other organizations with fiduciary duties are especially vulnerable, but also have the opportunity to set themselves apart as a high-trust partner with their consumers.

Contact Fraud.net for a free a demo of our anti-fraud prevention system. Our system also includes extensive address and identity verification, to combat drop addresses and access device fraud.

Dumpster Diving

The practice of rummaging through someone’s garbage bins to find personal information (account numbers, PINs, passwords). Fraudsters often combine digital attacks and real-life information gathering. This is why it is recommended to shared important documents before discarding them.

Duplicate Payment Schemes

Duplicate Payment schemes are types of fraud where the fraudster will attempt to have someone pay a second time for goods or services already paid for a first time.

E-Commerce

E-commerce or electronic commerce refers to all transactions that occur on an electronic device between customers and businesses. It can be divided into consumer-to-consumer, business to consumer and business -to-business.

E-Commerce Apps

E-commerce applications are apps that allow consumers to choose the product they want purchase on the Internet. These applications are supported both by mobile phones and personal computers, and their functioning is quite similar to that of a retail website.

E-commerce Fraud

Sometimes, consumers don’t get the product that they order using an e-commerce application or website, which is referred to as e-commerce fraud. For instance, if a person orders an iPhone and gets an android phone instead, it would be an e-commerce fraud. It is a fairly common issue that most e-commerce users face.

E-Commerce Platform

An e-commerce platform is a type of software technology that provides merchants or e-commerce businesses an online store or shop from which customers can easily purchase what they want. An example of this is Shopify.

EID Services

eID services are used to identify users on a specific platform and are often used by key systems to ensure the security of the central building blocks of a Digital Single Market and cross-boarder electronic transactions. It allows owners of a given platform to identify the user who is visiting a specific platform.

Electronic Data Interchange

Electronic Data Interchange is an electronic communication method that provides standards for exchanging data. By adhering to the same standard, companies using EDI can transfer data from one branch to another across the world.

Email Address

An email address is a unique measure or identifier for a specific email account. It is used by people-- both to receive and send e-mail using the Internet. To send messages effectively, you need an address for both the recipient and the sender.

Email Fraud

Email fraud is a rather popular and inexpensive way to commit fraud. Fraudsters distribute fraudulent emails or messages to a variety of victims, generally with the goal of attaining their passwords, usernames, or other personal information, which they can then use to commit fraud schemes.

Email Spam

Email spam, also known as junk mail, is an unsolicited email that is sent to many people. Generally, there is no meaning to this mail and is generally meant to bring the receiver to a certain website.

Email Tumbling

Email Tumbling - What is It?

Email tumbling is a way of filtering incoming emails using variations of a specific gmail address. For tumbling an email, users only have to insert a "+" or "." into the pre-section of their email before adding other text. While this might be helpful to consumers in some regards, it could allow vehement abuse from fraudsters also. For example, a consumer can tag an email for a specified site as JohnSmith+1122233OnlineRetailerName@gmail.com, which would allow them to know that they had shopped online with a specified merchant on that day. However, this also becomes a benefit to fraudsters, as it allows them to commit fraud over and over on one account multiple times.  Using this method, a fraudster can submit forms or transactions multiple times with the same email.

Email tumbling can also refer to the use of sequential email addresses when it comes to fraud. For example, organized fraud transactions can go through multiple emails with sequential numbering.  A fraudster automatically generating email addresses can often look like johnsmith01@, johndsmith02@, johnsmith03@, dealing multiple transactions to these emails. 

What are Some Solutions?

One way to prevent such scams from happening is identity and address verification. To prevent multiple transactions from occurring, Fraud.net incorporates dozens of data attributes on shipping and billing addresses, phone numbers and email addresses. IP address verification, as well as data mining. Preventing fraudsters from taking advantage of email tumbling can be automated into your business's fraud prevention services. 

Email Verification

Email verification is a popular method of authentication that will ask a consumer to verify that it is really them trying to make a purchase by sending them an email with a link attached. Clicking on the link allows a business to see that the person making the purchase is someone who can access that email address.

Employment Scam

Employment scams refers to when advertising scammers create fake job listings in order to collect personal information of applicants, such as payment credentials and other types of information that can be used for blackmailing the applicants.

Emulator

An emulator is a special kind of robot that copies human activity when it comes to purchasing a service or product. Examples of emulators include targeted scripts which are aimed at buying a limited-quantity of items or at gaining an advantage in a time-limited sales event.

EMV

Europay Mastercard Visa or EMV is an international standard for debit and credit cards which are based on chip card technology. EMV cards are able to make in-person transactions safer than before, but the risk of card-not-present transactions has increased with it.

Encryption

A method of coding data, using an algorithm, to protect it from unauthorized access. There are many types of data encryption, which are the basis of network security. Encryption is the process of converting data into cipher text to prevent it from being understood by an unauthorized party. When e-commerce merchants need to securely transmit transaction data, including credit card information, they rely on encryption coding data so that only authorized parties can access it. Converting this regular data into ciphered (encrypted) data makes it difficult for an unauthorized third person to intercept the data and use it for illegal purposes. And even if the encrypted data is intercepted by a hacker, they’ll be unable to decode the information without the decryption key. The major data breaches of 2017 — including the exposure of the personal data of 143 million Americans — illustrate the importance of merchants encrypting customers’ sensitive information and protecting it from falling into fraudsters’ hands.

End-to-End Encryption

End-to-End Encryption refers to the protection of confidentiality and integrity which is not interrupted in terms of data by encoding them at the time of sending and decoding them at the end of the transaction. This method ensures that data is kept confidential no matter what.

Endpoint Authentication

Endpoint Authentication refers to a security system that aims to verify the identities of devices which are remotely connected along with their users like PDAs or personal digital assistant or a laptop before giving access to corporate network resources. It helps the user to know all the connected devices.

Endpoint Protection

Endpoint protection refers to a variety of solutions that are used to protect and detect a compromise of the last user's computer device linked to the mobile device and laptop, etc. Generally, endpoint protection solutions use one or more technique for protection.

EV SSL

The certification of EV SSL is actually the symbol of the highest level of trust for a virtual business. All modern browsers support a completely new technology, known as EV or Extended Validation which offers color-coded alerts which are used to inform about the website validity.

Exclusivity

Exclusivity refers to a contractual clause in which one party grants another party a right to use a specific business function. It means that the other party can now use the function as it likes.

Facebook

Facebook is a social media or networking platform that uses the internet for its operation. It allows people to connect with others by creating an account and chatting with them over the internet. Facebook is supported by a variety of devices like mobiles, tablets, and personal computers.

Facial Recognition

Facial Recognition is a type of biometric check used to identify the person and unlock the system. It focuses on the facial structure of a person and identifies whether the person has the necessary authorization or not. Normally, it is used in phones and other security systems.

Fake check

A fake check is normally used by a fraudster with either a duplicate signature or writing for withdrawing cash from bank. This is a fairly common type of scam that is done by obtaining the necessary information from the real member of the bank to create a fake check and cash it later.

Fake merchandise

Fake merchandise includes products and services that are not authorized by the original company, but are sold with the name of the company. Fake merchandise is often used on the Internet through e-commerce websites where buyers cannot actually control the product.

False Account Entries

Fake Account Entries refer to the input of wrong or misleading information in terms of financial statements. It is ethically wrong to include fake account entries in software or in a book that has to be submitted to a financial manager.

False Data

False data refers to information which is not accurate, especially the information which, in a specific context, differs directly from the required information.

False Declines

False declines are generally referred to as false positives that occur when an actual transaction is apparently flagged by a protection system of a merchant and it is declined inadvertently. Often, it occurs when a cardholder trips into a merchant's fraud detection system.

False Documents

False documents are documents created with incorrect information that cannot be used for their required purposes because the document does not contain the necessary data. These documents are created for the purpose of deceiving others.

False Expense Claims

What are false expense claims?

Many organizations focus on external threats to fight fraud. However, internal threats can be just as devastating. Employees who feel entitled to something or who take advantage of lax policies can devise schemes to steal from your business. False expense claims are among the most common methods used.

Businesses have processes for reimbursing expenses that employees incur while on the job. These expenses can include travel costs, business lunches or supplies.

With false expense claims, staff - who are authorized to be reimbursed for a certain number of expenses incurred while carrying out their work duties - submit a claim for those reimbursements when they don’t actually deserve them. Essentially, they take advantage of this practice to submit reimbursement requests for expenses that aren’t legitimate.

This type of fraud can take on different forms:

• Fictitious expenses. Employees can use fake receipts or fill out blank receipts to claim they purchased something for work and get reimbursed. They can also submit a claim for trips they canceled.
• Overstated expenses. With overstated expense reports, employees claim they spent more than they actually did. They can, for instance, say they tipped more or fail to report that an item was discounted.
• Duplicate claims. It’s possible to use the same receipt or invoice more than once to submit multiple expense reports. This scheme can be hard to notice if your HR or accounting department is busy.
• Mischaracterized expenses. This scheme is one of the common types of false expense claims. Some mischaracterized expenses are legitimate errors because there are no clear policies for what the business will reimburse, but others are malicious claims from employees disguising personal purchases as business-related expenses.

How can false expense claims affect your business?

False expense claims are more common than you might think. After all, internal agents commit 37% of all fraud. Plus, 14.5% of all fraud is expense fraud. Indeed, it’s a costly issue since occupational fraud schemes cause $1.5 million in losses on average.

There are steps you can take to protect your organization from false expense reports, starting with reviewing your current policies for issuing reimbursements.

Stronger controls can make it harder to get past the employees who approve expenses. Having more than one employee involved, establishing who has the permission to issue a reimbursement, and escalating the request to a higher-level employee for claims above a certain amount can make it more difficult to submit false expense claims.

You should also go over your expense and reimbursement policies and update them. Create a list of allowable expenses and spending limits. Determine the reimbursement rate for mileage and list the documents employees will have to submit as proof. Review these rules regularly and adjust allowances to account for inflation.

Consider adopting company credit cards to oversee what employees spend instead of relying on receipts alone. You can also create a strong deterrent against internal fraud by implementing random audits of reimbursement requests.

Enforcing disciplinary measures if you find an employee to have submitted a false expense claim is another strong deterrent. Training can also increase awareness for this type of fraud and create a company culture where employees are more likely to report internal fraud.

False expense claims can be a costly issue. Besides, they can slow down the process of reimbursing legitimate business expenses. You can go further to save time and money by leveraging tech to create an additional layer of security.

How technology can help

You can build a more streamlined reimbursement process by doing away with paper receipts and adopting email to submit reimbursement requests. With Fraud.net’s Email AI tool, recipients will see a risk score for each email they receive and will know right away if a claim has been falsified.

Adopting our Transaction AI tool is another step you can take to protect your organization from false expense claims. This tool can detect fraudulent transactions by leveraging third-party APIs, our Collective Intelligence Network, and data from dynamic device fingerprinting to track users’ behaviors.

Don’t let false expense claims hurt your bottom line. Take action now and install Fraud.net's Email AI for free. And don't forget to take advantage of a free fraud analysis to create a stronger defense against all kinds of fraudulent activities.

False Expense Reimbursements

False Expense Reimbursements occur when an employee falsely inflates costs associated with their work, so that when they ask for reimbursements they will be given more money than they should.

False Financial Statements

False Financial Statements describe when a person falsifies income reports, balance sheets, and/or creates fake cash-flow statements to deceive the people who receive them. The purpose of this activity is generally personal profit.

False Front Merchants

False Front Merchants is when a company appears to have valid businesses, but actually, all are just fronts for a number of various fraud schemes. The ability of some fraudsters to make fake companies is growing with the new ways digital payment systems perform in a business, which give the opportunities for the fraudsters to set up sophisticated, deceptive schemes of false front merchants.

False Identity Fraud

False Invoices

False Invoices could be described as the situation where a person makes an invoice that does not relate to a real sale or payment and is used to get money dishonestly and undeservedly.

False Negative

A false negative is when a fraudulent transaction fails  to be flagged as fraudulent, and gets through a system's fraud detection. It is the opposite of a false positive.

False Positive

False Positives, also known as “false declines” or “sales insults” appear when financial organizations or merchants decline valid orders. False positives are primarily caused by a businesses anti-fraud system incorrectly marking a transaction as likely to be fraud, when in truth the order is legitimate.

False Report

A false report is created when somebody knowingly reports a crime that did not occur, or knowingly reports details of a crime incorrectly.

False Reporting

False Reporting is when someone creates documents with false financial information and submits this information as legitimate.

False Sales Invoices

A contractor or supplier may commit fraud by knowingly submitting false, inflated or duplicated invoices with the intent to defraud the company they have been hired by. The contractor may act alone, or collude with payroll staff to keep the fraud going. The expression “false invoices” refers to invoices for goods or services that were never actually provided.

False Travel Claim

A false travel claim is when a person falsely claims they traveled by a certain method, and then asks to be reimbursed for paying for that method. An example would be if an employee said they had to take public transport to get somewhere, when in reality they simply walked or biked, and just want to make the money they say they spent.

False Vendors

False Vendors refer to any scheme that is completed by creating fake vendors. This can have multiple uses for fraud; for one, the fraudster can send invoices to companies asking for payments on a service or good that was never actually provided. Another example is when a fraudster will create a duplicate payment system, causing consumers to have to pay twice to buy a good, one payment going to the fraudster.

Falsified Hours

Falsified Hours is the term for when an employee records themselves as having worked more hours than they truly have in order to be paid for work they have not done.

Familiar Fraud

Familiar fraud describes when a customer asks for a chargeback instead of pursuing a refund from the merchant they made the purchase with, with the purpose of keeping their funds while also getting the product they bought.

Federated Identity

A federated identity in information technology refers to process of linking a person's electronic identity and attributes across multiple distinct identity management systems. Federated identity is related to single sign-on (SSO), in which a user's single authentication ticket or token, is trusted across multiple IT systems or even organizations. SSO is a subset of federated identity management, as it relates only to authentication and is understood on the level of technical interoperability and it would not be possible without some sort of federation.

Fictitious Refunds

In a fictitious refund scheme, an employee processes a transaction as if a customer were returning merchandise, even though there is no actual return. Since the transaction is fictitious, no merchandise is actually returned. The result is that the company's inventory is overstated.

FIDO

Fast Identity Online is a set of open technical specifications for mechanisms of authenticating users to online services that do not depend on passwords. FIDO authentication seeks to use the native security capabilities of the user device to enable strong user authentication and reduce the reliance on passwords.

Financial Crime

Financial Crime is a category of crime that is performed against property, comprising of the illegal conversion of the property rights to the personal use and benefits of the fraudster. Financial crime may involve fraud types such as securities fraud, credit card fraud, bank fraud, and more.

Fingerprint Recognition

Fingerprint Recognition is one of the most popularly used biometrics, and so far it is considered the most secure authentication method. Fingerprint Recognition refers to the automatic process of identifying or approving the identity of a person built on the comparison of two fingerprints.

Fintech Fraud

Fintech fraud refers to any fraud that takes place that is related to fintech in some way. Fintech fraud scandals can involve peer-to-peer financing platforms as well as crowd funding platforms, and have served as stark reminders of the risks from the use of Fintech where the proper rules or regulations on transactions are not present.

Firewall

A firewall is a system designed to prevent unauthorized access to or from a private network. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized internet users from accessing private networks connected to the internet, especially intranets.

Food Fraud

Food fraud is the activity of changing, perverting, mislabeling, replacing or interfering with any food product at any theme alongside the farm–to–table food supply–chain. The fraud may appear within the fresh material, inside the ingredient, in the finishing product or maybe in the wrapping or packaging of the food.

Forged Signatures

Forged signatures are signatures created to look like very similar or the same as another's signature, but that was not created/signed by the signature's original creator. This is done to provide false authentication on documents; for example, a fraudster could "forge" a signature on a check to take money from someone without permission.

Fortune Teller Scam

Fortune teller scam, also known as the “bujo”, is a type of confidence game. The basic feature of the scam involves diagnosing the victim (the "mark") with some sort of secret problem that only the grifter can detect or diagnose, and then charging the mark for ineffectual treatments.

Fraud

Fraud is defined generally as the wrongful or criminal act to deceive someone for one's own financial or personal gain. Legal definitions of fraud vary across countries, at the federal and state levels in the US, and even among states, but most have, at their core, the use of deception to make a gain by unlawful or unfair means. Many types of fraud exist, including occupational, operational, investor, accounting, credit card and insurance fraud, but all forms share the fact that the perpetrator knowingly receives a benefit to which they're not rightfully entitled. The purpose of fraud may be financial gain but also covers the acquisition of other benefits, such as obtaining a driver's license, a passport or other travel documents, or qualifying for a mortgage by using falsified documents or making false statements.

Fraud

Fraud can be described as a consciously dishonest and/or illegal act done generally for personal gain, or to afflict another. Fraud can violate civil law, and cause the loss of cash, property, or other legal rights.

Fraud Analyst

A fraud analyst is someone who investigates forgery and theft within customers' accounts and transactions on behalf of a bank or a financial institution. They track and monitor the bank's transactions and activity that comes through the customers' accounts.

Fraud Department

Insurance corporations, banks, shops, and a mass of other companies employ fraud analysts to identify and prevent fraudulent activities, and if an organization dedicates a group of their employees to this task, they are known as a company's "fraud department". 

Fraud Detection

Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses. Fraud detection is applied to many industries such as banking or insurance. In banking, fraud may include forging checks or using stolen credit cards.

Fraud Examiner

A fraud examiner is a highly qualified professional who investigates cases of criminal and civil fraud. Fraud examiners can be certified to prove their expertise within the field of fraud and fraud prevention.

Fraud Filter: Understanding an Essential Tool for Transaction Security

Fraud Guidelines

Fraud Guidelines are the practical guidelines put in place to help prevent, detect, and investigate any type of fraud that may occur within a business's dealings.

Fraud Jobs

Fraud jobs are the category of jobs that work in the fraud field, such as a fraud specialist, forensic accountant, forensic audit manager, forensic director, senior auditor, risk assurance and risk analyst, audit consultant, forensic service manager or a forensic auditor.

Fraud Lawyers

Fraud Lawyers are lawyers who practice law in the criminal fraud and civil areas. These lawyers assist companies who have been affected by fraud performed by their employees or other party by performing internal investigations, collecting proof, and communicating with the authorities as well.

Fraud Managed Services

Fraud Management Services are defined as the associations that provide support in reviewing and resolving all potential fraudulent operations of a company, assisting the company in the immediate cancellation and then refunding of illicit purchases. These associations conduct ongoing anti-fraud investigations to create innovative fraudulent policies to increase controls.

Fraud Prevention

Fraud Prevention Software

A number of merchants incorporate fraud protection software within their loss-prevention approaches. These automatic software programs support the companies to identify hazardous transactions in real time and decrease the amount of consumer fraud that occurs. Through an algorithm, the fraud protection software scans transactions, and uses previous transactional facts to uncover any potential risks and then marks the transactions to be further investigated.

Fraud Prevention Specialist

A Fraud Prevention Specialist is a person in a company who has the responsibility of taking care of certain assets and ensuring they remain protected from any potentially fraudulent actions. Their goal is both to detect any fraud occurring and then to also stop it.

Fraud Response Plan

A Fraud Response Plan is a policy aimed at ensuring that effective and timely action is taken in the event of fraud occurring. A Fraud Response Plan gives employees the details of the entire procedure for reporting any suspected fraud, defines the actions that the company needs to take and also defines authority levels, responsibilities for action, and reporting lines in the event of a suspected fraud or irregularity.

Fraud Ring

Fraud Ring

A Fraud Ring could be described as an organization which performs activities with the intention to defraud or take advantage of other people. This organization might be involved in any kind of forgery. Actions can range from creating fake claims, stealing a private identity, or even counterfeiting checks and currency. Some rings are devoted to committing fraud against ecommerce websites. Others are devoted to defrauding charities, businesses or government agencies. These organizations can consist of 10 criminals or 10,000. Most are devoted to committing specific types of fraud. 

With the rise of the internet, online fraud is rampant. Millions of consumers are filling out online forms that require them to submit personal information, including as credit card numbers, SSIDs, street addresses, etc. Consequently, identity theft is the most popular type of Internet fraud.

Methods Used by Fraud Rings

There are many known cases of organizations that have carried out insurance fraud. For example, in 2017 a small scale ring of 26 individuals was prosecuted for staging traffic accidents to file false claims. This smaller group collected more than $100,000 in payouts from 12 auto insurance providers.

Payouts can be much larger. In 2012, a federal court in Minneapolis sentenced a California man and a New York man for their roles in a $50-million bank fraud conspiracy that operated in six states. This gargantuan scheme involved a network of bank employees and victimized more than 500 individuals around the world by stealing their personal and financial information. Bank fraud rings like this one may steal large quantities of checks and forge signatures. They may complete false loan applications or use stolen credit card numbers. Additionally, identity thieves steal personal information to apply for bank accounts or debit cards.

Protection Against Organized Fraud

The Association of Certified Fraud Examiners estimates that total global fraud losses total nearly $5 trillion, and fraud rings are a large part of this. A large group working towards organized fraud can do more financial damage than any individual fraudster ever will. The more individuals added, the more complex the issue becomes.

With that said, complex problems require sophisticated solutions. Many companies thus integrate a digital risk management platform into their workflow to combat fraud at minimal costs. This enables your company to extract immediate value and gain transparency, confidence, and clarity. Make the effort to prevent this type of fraud from affecting your business.

Learn More

Contact us for a demo and recommendations for fraud prevention and identity protection.

Fraud Risk Assessment

A fraud risk assessment is a tool used by business management to identify and understand risks to their business and weaknesses in controls that present a fraud risk to the organization. Once a risk is identified, a plan can be developed to mitigate those risks by instituting controls or procedures and assigning individuals to monitor and effectuate the plan of mitigation.

Fraud Risk Profile

There are two types of Fraud Risk Profiles: that of employees who abuse company assets to obtain personal benefits, and that of people who create the fraud plan in order to give the impression that will make the company look more profitable than it really is.

Fraud Schemes

Fraud Schemes are schemes that fraudsters have created to execute a criminal or fraudulent scenario, in order to obtain the personal benefits derived from it. Corruption, money laundering, skimming cash, and more are all fraud schemes.

Fraud Score

Fraud Screening

Fraud Screening generally refers to a checking system that identifies potentially fraudulent transactions. Fraud screening helps reduce fraudulent credit card transactions, reduce the number of manual reviews, minimizes risky sales, and improves a company’s bottom line.

Fraud Statistics

Fraud Statistics are reports produced by companies and organizations that detail things like the numbers of fraudulent transactions that have occurred in a period, what kinds of fraud took place, and anything else related to data on fraud. These fraud statistics are used to figure out how much and what kind of fraud occurs, so that a better preventative plan can be created to mitigate the impacts of fraud.

Fraud Triangle

The Fraud Triangle is a simple framework that is useful to understand a worker's decision to commit workplace or occupational fraud. The fraud triangle consists of three components (sides) which, together, lead to the workplace fraud, and are: 1) a financial need, 2) a perceived opportunity, and 3) a way to rationalize the fraud as not being inconsistent with their own values. The Fraud Triangle is a common teaching aide and metaphor that has been used for decades.

Fraud Upon The Court

Fraud on the court occurs when the judicial machinery itself has been tainted, such as when an attorney, who is an officer of the court, is involved in the perpetration of a fraud or makes material misrepresentations to the court. Fraud upon the court makes void the orders and judgments of that court.

Fraud vs Abuse

Fraud vs Forgery

In today’s world, the rapid development of technology can make it difficult to fight fraud and forgery, especially for legal authorities. Knowing what charges come with each, and primarily how to prevent them, is vital to saving your business significant costs per year.

Essentially, Fraud denotes any kind of practice of dishonesty of a person or a company for financial advantage. It is generally considered a well-thought-out crime by the law. On the other hand, forgery is essentially concerned with a produced or altered object. Fraud is the crime of deceiving another, which may be performed through the use of objects obtained through forgery. Forgery is a common technique in fraud schemes, where the fraudster uses forged documents in order to gain access to information or materials they should not truly have access to. The legalities and sentencing for each is extremely nuanced, but can provide insights for your business on which steps to take to both prevent and combat existing fraud.

Acts of fraud can be legally classified up to a Class I Felony , with fines up to $10,000 and a prison sentence of up to 3.5 years, and is an overarching term for many different federal charges. The average imprisonment time for counterfeiting (or forgery) is roughly 16 months.

Contact Fraud.net to schedule a demo of our end-to-end anti-fraud prevention system or a free fraud analysis, and start mitigating both forgery and fraud risks today.

Fraud vs Theft

Fraud Waste and Abuse

Fraud Waste and Abuse is typically a term most commonly used in government and healthcare and refers to several types of negligent and possibly criminal behavior. As defined by United States Code 1347, Fraud is “knowingly and willfully executing, or attempting to execute, a scheme or artifice to defraud any health care benefit program; or to obtain, by means of false or fraudulent pretenses, representations, or promises, any of the money or property owned by, or under the custody or control of, any health care benefit program.” It is illegal to knowingly submit false information in order to receive a monetary or other benefit, the definition of fraud. Waste and abuse, on the other hand, do not require intent and knowledge of wrongdoing. Abuse might take the form of a payment for items or services that have no substantiated basis for payment and/or for which the provider has not knowingly or intentionally tried to get paid. Waste usually refers to the inefficient use of services and is generally not the result of criminal negligence.

Fraud Waste and Abuse Policy

Fraud Waste and Abuse Policy is the set of policies that a business or organization likely have in place so that if fraud or waste occurs within that entity, it has a set of procedures in place to deal with the effects of that fraud or abuse.

Fraud Waste and Abuse Training

Fraud Waste and Abuse Training is training that helps you to understand the definitions of fraud, waste and abuse, identify the principles underlying state and federal laws associated with fraud, waste and abuse, and understand the importance of responsibility for preventing fraud, waste and abuse.

Fraudulent Apps

Fraudulent apps are apps that say they provide some kind of service or entertainment, but their actual purpose is to download malware onto a device, or to discretely attain sensitive information. Some fraudulent apps completely emulate authentic apps, with the intention of tricking people into thinking they are using the real application.

Friendly Fraud

What is Friendly Fraud?

Friendly Fraud, also referred to as first-party fraud, can take many forms, but typically involves an actual consumer obtaining goods or services from a merchant, then claiming they did not make the purchase, did not receive the goods, request a refund from a false claim, or only received a fraction of items, in order to keep the goods or services without paying for them. It gets its name due to retailers believing that the customer is making an honest claim. “Friendly fraudsters” are often good at their crimes, which can sometimes make it hard for customer service to point out a fraudulent claim.

Customers committing friendly fraud make the purchase on a credit card, receive the product or service, and then demand a refund for a lost or short-shipped order, or file a chargeback through their credit card issuing bank, with the intention of receiving a full refund of the purchase amount. Also referred to as chargeback fraud, it is estimated that $4.8 billion was lost by US businesses last year to friendly/chargeback fraud. It is also estimated that as much as 80% of all chargebacks are fraudulent.

How Do You Identify Friendly Fraud?

Identifying friend fraud can be very difficult because of the customer claims that seem believable. Businesses can eliminate the amount of friendly fraud from occurring through tracking and shipping procedures. This could entail that the customer must sign upon delivery, or the business can implement paper trails to prove product orders and delivery. Clear and precise refund policies can also reduce customer fraud claims on falsified product descriptions. Lastly, providing a refund policy that states specific guidelines for the time period the customer has to return a product is critical. 

What are the Challenges?

1. Friendly fraud is hard to detect.

Monitoring systems find friendly fraud hard to spot since it’s committed by legitimate customers doing legitimate transactions. Though sometimes the friendly fraud starts as a true claim, what the customer chooses to do ultimately determines the outcome.

In most instances ‘customers’ (real, or disguised fraudsters) are more intentional with their crime; they may claim they didn’t receive items that they did, or they might state that the item received didn’t match the online description, the service provided didn’t meet their expectations, or they don’t remember making the purchase. Each of these instances can be very hard to detect since reports of this nature are often legitimate.

2. Friendly fraud is hard to predict.

Because friendly fraud is usually committed by what appears to be legitimate customers, it’s extremely hard to predict when it will occur. Sometimes, the fraudster may only request a chargeback for a portion of their order, or they may be an ongoing customer who normally doesn’t dispute anything but then chooses to dispute a rare order. It may not even be something they were initially planning or intending to do, but the fraud occurs when they knowingly accept a refund for something they know they should be paying for. 

3. Friendly fraudsters wait longer to initiate their chargebacks

The report by Fraud.net found that friendly fraud takes approximately 40% longer for a customer to report than third-party fraud. Third-party fraud is committed by someone who is not the cardholder or the merchant. Examples include identity theft and account hacking. So, a customer who notices a fraudulent charge on their account committed by a third party reports that fraud up to 11 days sooner than when attempting to commit first-party fraud. This time difference can affect the merchant’s anti-fraud attempts, return policies, accounting processes, and more.

4. Businesses are reluctant to flag friendly fraud.

Perhaps the biggest issue that online businesses face is a general unwillingness to mark these returns as fraud. Merchants using rules-based scores typically assign only 17% of the risk to a first-party fraud order as they assign to its third-party equivalent. Merchants blacklist first-party Fraudsters only 15% of the time compared to over 85% in third-party Fraud scenarios.  This enables the first-party perpetrators to continue their schemes, often habitually.  On average, the first-party fraudsters committed 9 instances of fraud, 3 times more than their third-party counterparts, and are likely still continuing their fraudulent behavior undeterred. Finally, for every chargeback received, merchants issue 7.5 refunds.  We estimate that for every first-party Fraud chargeback, there are 2 refunds that are given directly to the fraudster, heading off the necessity for a chargeback. Therefore, the true out-of-pocket cost attributable to first-party fraud is 3 times the recorded cost of ‘friendly' fraud chargebacks.

How Do You Prevent Friendly Fraud?

Because their crimes are hard to recognize, successful friendly fraudsters are often habitual offenders. However, there are some methods you can put in place to minimize risk to your company.

1. Participate in a consortium data partnership, where merchants and payment processors share anonymous data about bad actors in their systems.
2. Establish a robust first-party fraud monitoring program that includes flagging repeat offenders.
3. Incorporate deep learning models to detect the sometimes subtle patterns of first-party fraud

Learn More

• Download: 2020 Friendly Fraud Benchmarking Report
• Listen:  Podcast: First-Party Fraud Lowers Profits by 25%
• Read: Top Three Ways to Prevent Friendly Fraud
• Speak with a Fraud Prevention Specialist

Fullz

Gaming

Gaming is defined as the act of playing electronic games, whether by the use of consoles, PCs, cell phones or other intermediate tools. Although gaming is usually an introverted recreation, multiplayer online video games have become a popular hobby.

Gaming Fraud

Gaming fraud occurs when a fraudster deliberately misinforms somebody about information on a game, so that when that person makes a wager on the results of that game, they are doing so with incorrect information, generally making them more likely to lose. Sports tampering and claiming false bets are two examples of gaming fraud.

Geographical IP Detector

What is a Geographical IP Detector?

A geographical IP detector, or IP geolocation, allows you to trace where an IP address is located on the globe. By mapping the IP address geographically you can easily get information on a person's country. For example, this information might include city, longitude, state, ISP, area code, and other pieces of data. This data provides fraud detection services, marketing firms, and government agencies information to better protect consumers and curate advertising and strategy. 

How does it work?

Every device that participates in a computer network possesses a unique IP address, or an “Internet Protocol” address. Each IP packet must contain a header with the IP address of the sender. This header provides IP verification and geolocation services location information to verify legitimate purchases and bank transactions. 

Several free and paid geolocation databases exist in each jurisdiction with varying claims of accuracy (the highest is at the country level). Regional internet registries allocate and distribute IP addresses amongst organizations in their regions. For example, the American Registry for Internet Numbers (ARIN) allocates American IPs. Similarly, the API registry, Asia-Pacific Network Information Centre (APNIC) distributes IP addresses and location data in Asia.

More IP data can be determined through data or user submissions:

• Website submitted - for example, what city an IP searches for weather in, or where they order delivery). 
• Wi-fi positioning through neighborhood internet providers.
• Bluetooth device locations within a neighborhood.
• Pairing an IP address with a GPS location of the device using the same IP.
• Internet service provider data.
• Routing information.

To get a clearer picture, one can scrub data for anomalies, weigh each address against statistics of user-submitted data, or use third-party tests.

IP geolocation is not without vulnerabilities, however - just as consumers purchase VPNs to keep their geolocation data private, so too do fraudsters.

What is it used for?

Organizations often use geographical IP detection in firewalls, ad servers, routing, mail systems, websites, and automated systems that require or use geolocation. Additionally, some commercial databases even provide IP geolocation and demographic data. Companies use it for demographic-type targeting for strategy and advertising, location-based gaming (ex. Pokemon Go), and regional media licensing. Furthermore, IP geolocation assists 9-1-1 dispatchers in finding the exact location of a caller.

KYC laws

To prevent money laundering, trafficking, and illegal trading, the US government imposes strict "Know-Your-Customer" (KYC) laws on banks and e-retailers. Fortunately, geographical IP detection can help protect banks from being implicated in money laundering schemes by matching IP addresses to online visitors.

Fraud detection

E-retailers and payment processors can detect credit card fraud with geographical IP detection by comparing IP location to the billing or shipping address on the account. When used in authentication, IP geolocation and verification can also prevent phishing attacks and money laundering schemes. 

Fraud.net offers a variety of services for fraud prevention, powered by artificial intelligence and machine learning - IP verification is just one of them. With a combination of security protocols that detect and analyze potential fraud, you can protect your organization from threats.

Contact us for a free demo today.

Geolocation Detection

Geolocation refers to the identification of the geographic location of a user or computing device via a variety of data collection mechanisms. Typically, most geolocation services use network routing addresses or internal GPS devices to determine this location.

Ghost Employee

A ghost employee is a common ploy used in payroll fraud. A ghost employee is a person who is on an employer's payroll, but who does not actually work for the company, and perhaps does not exist at all. Someone in the payroll department creates and maintains a ghost employee in the payroll system, and then intercepts and cashes the paychecks intended for this person for themselves.

Ghost terminal

Ghost terminal, used in recent reports of skimming crimes, are electronic devices tailored to copy a credit card’s magnetic strip and Personal Identification Number in order to steal money from an account. They are manufactured devices that appear to be real ATM touch pads or credit-card readers. They are often placed over a legitimate ATM or other card-reading device, often in a manner that is unnoticeable to most consumers.

Gift Card Scammer Numbers

Gift cards are a popular way for scammers to steal money from you. This is because gift cards are like cash: if you buy a gift card and someone uses it, you probably cannot get your money back. Anyone who demands payment by gift card is likely a scammer.

Learn More

• How to Prevent Gift Card, Loyalty Points and Rewards Fraud

• Speak with a Fraud Prevention Specialist

Global Address Verification Directories

Address validation is the process of checking a mailing address against an authoritative database to see if the address is valid. If the address in question matches an address in the official database, the address "validates", meaning it's a real address. Addresses that do not match any addresses in the database are marked as "invalid", meaning the address either doesn't exist or isn't registered with the official postal service. Most countries around the world have their own respective databases against which addresses can be validated.

Government

The word government refers to a group of people that governs a community or unit. A government sets and administers public policy and exercises executive, political and sovereign power through customs, institutions, and laws within a state.

Government Fraud

Government fraud refers to when an individual purposefully deceives the government so as to benefit from this deception. Examples of government fraud include tax evasion, welfare fraud, and counterfeit currency.

GPS Spoofer

A GPS spoofer allows a device to pretend it is at a different location than its current location. This can be used to deceive services that attempt to track where you are located.

Grandparent Scam

In a typical grandparent scam, a con artist calls or emails the victim posing as a relative in distress or someone claiming to represent the relative (such as a lawyer or law enforcement agent). The "relative" of the grandparent explains she is in trouble and needs their grandparent to wire them funds that will be used for bail money, lawyer’s fees, hospital bills, or another fictitious expense.

Hacking

In a computer system, hacking generally refers to any unauthorized intrusion into a computer or network. The person engaged in hacking activities is known as a hacker. A hacker may alter system or security features to accomplish a goal that differs from the original purpose of the system.

Hash

A Hash or hash function is a function that can be used to transform digital data of an arbitrary size to digital data of a fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or most commonly, hashes. A cryptographic hash function takes input data, like an address or a credit card number, and transforms it into a compact string of seemingly random characters that generally renders the data useless in the event of a breach.

Healthcare Fraud

Healthcare fraud is a type of white-collar crime that involves the filing of dishonest health care claims in order to turn a profit. Fraudulent health care schemes come in many forms, such as individuals obtaining subsidized or fully-covered prescription pills that are actually unneeded and then selling them on the black market for a profit, or billing by practitioners for care that they never rendered and filing duplicate claims for the same service rendered.

High-Risk Industry

A high-risk industry describes when a type of business proves to have higher rates of failure than others. If businesses in a certain sector, like beer production, have higher rates of failure over other business types, then beer production would be considered a "high-risk industry".

Honeypot

A Honeypot is decoy computer system designed to identify and/or trap hackers and other malicious actors. A honeypot sometimes offers a tempting set of data to attract fraudsters and counteracts their attempts to hack into or otherwise compromise an information system. A honeypot acts as bait by appearing to be a legitimate part of a website, database, or computer system, but is being monitored by IT and security professionals seeking insights into new methods of attack.

Hospitality

Hospitality is a term used to describe how well a certain location or entity accommodates somebody. If a person is well accommodated for when they visit somewhere, it would likely be said that that place provided good hospitality.

Host Card Emulation

In device technology, host card emulation is the software architecture that provides exact virtual representation of various electronic identity (access, transit and banking) cards using only software. Prior to the HCE architecture, near field communication (NFC) transactions were mainly carried out using secure elements. HCE enables mobile applications running on supported operating systems to offer payment card and access card solutions independently of third parties while leveraging cryptographic processes traditionally used by hardware-based secure elements without the need for a physical secure element.

Hybrid Detection System

A hybrid intrusion detection system is used to provide increased detection capabilities. HNID integrates a neural network detection component with a basic pattern matching engine to detect anomalies in the network traffic. This approach efficiently detects known classes of attacks, and also the unknown ones. Both of the detection solutions run simultaneously so that one can provide a method to filter and group the security alerts to reduce the number of alerts which will be sent to the network administrator.

I2P Anonymous Proxy

The Invisible Internet Project (I2P) anonymous network layer that allows for censorship-resistant, peer to peer communication. Anonymous connections are achieved by encrypting the user's traffic (by using end-to-end encryption), and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world.

Identification (ID)

Identification is the process by which something denotes another object as being a part of a certain category. A human could simply be identified as a human, or could be identified as their role or profession, or by their name; an object could have multiple identifications. In the world of fraud, identificarion is a term brought up often, as people have their identity "stolen", which is when others pretend to be you in for malicious purposes.

Identity and Access Management

Identity and access management (IAM) is a framework for business processes, policies and technologies that facilitates the management of electronic or digital identities. With an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations.

Identity Fraud

Identity fraud is the situation where a fraudster uses the personal information of a victim, without any approval, to perform a criminal action or to mislead or defraud the other person. Most identity fraud is dedicated to the use of financial benefit, such as access to a credit card, a bank account, or even a victim's loan accounts.

Identity Provider

An identity provider is a federation partner that vouches for the identity of a user. The identity provider authenticates the user and provides an authentication token (that is, information that verifies the authenticity of the user) to the service provider.

Identity Spoofing

Identity spoofing occurs when a scammer assumes the identity of another person/entity and uses that identity to commit fraud. Spoofers steal credentials from people or businesses through password attacks and credential capture processes.

They use those credentials to facilitate phishing, pharming, identity theft, and business email compromise (BEC) by relying on the trustworthiness of the original identity. Identity spoofing differs from content spoofing, in that the spoofer attempts to "change" the identity of the sender rather than the content being sent. Often these spoofs lead to business email compromise and identity theft, causing organizations millions in losses and/or damages.

Most common forms of identity spoofing

It can be hard to determine whether you face an identity spoofing threat. Users often trust familiar names and addresses despite the possibility that they may be compromised. Familiarize yourself with several forms of spoofing in order to spot them in the future.

ARP Spoofing

ARP spoofing occurs by binding the spoofer’s MAC address (their Media Access Control address) to a legitimate IP address’s default local access network (LAN) gateway. Essentially, a spoofer takes the place of the destination IP and through that spoofing, gains access to their local network. With this access, they capture sensitive information and access unrestricted information on the network. They also manipulate information before it reaches the legitimate IP address. Spoofers then carry out phishing and pharming attacks and assume new identities based on the information they receive. Additionally, ARP spoofers attempt a distributed denial-of-service attack (DDoS) which overwhelms existing security systems by dramatically increasing the number of users it must authenticate.

MAC Spoofing

Each device should have a unique Media Access Control address (MAC) that should not be encountered elsewhere. However, spoofers take advantage of vulnerabilities and imperfections in hardware to spoof the MAC address. As a result, the local network recognizes the MAC address and bypasses certain security protocols. Because spoofers operate with a trusted address, other users fall victim to business email compromise fraud, data breaches, and more. In addition, with trusted access, a spoofed address can deposit malware on a local network. Spoofers then prey on vulnerabilities and steal sensitive information.

IP Spoofing

The source or destination of a virtual message traces back to an IP address associated with a physical location. However, spoofers mask themselves with a legitimate IP address or assume the IP address of someone in that low-risk geolocation. Because many systems do not implement authentication protocols, the masked IP address takes the place of the legitimate source without the legitimate sender or recipient’s knowledge. With this IP spoof, a spoofer can deploy a man-in-the-middle attack within a network, allowing them to steal sensitive information and inform themselves for future fraud attempts. IP spoofing relates to geolocation spoofing:

Geolocation Spoofing

One can spoof their geolocation using a Verified Protected Network (VPN). Some companies offer this direct-to-consumers to protect their information as well as access location-restricted content. Fraudsters use VPNs to place themselves in low-risk locations to avoid their sender information being flagged as an anomaly. Additionally, they use them to mislead security efforts and mask their location to avoid being traced.

Fraudsters also use geolocation spoofing to place themselves in particular states or countries to take advantage of lessened restrictions in the new geolocation. For example, a user in California spoofed their geolocation to play online poker in New Jersey, taking advantage of New Jersey gambling laws. State law in both states prohibits this, so both states located and apprehended the user. The user forfeited about $90,000 in winnings.

DNS Spoofing

Spoofers assume a Domain Name Server (DNS) identity by piggybacking on DNS server caching flaws. As a result, users click on a domain name they trust, but end up on a replica page that leads to phishing or pharming attacks against the user. They click on links within that page and expose themselves to these attacks because they trust the original domain. DNS spoofs, just like many other identity spoofs, often lead to a loss in reputation for the business due to users’ trust being violated by the replica site.

This relates to website spoofing, the use of a replica site in order to steal user information. Spoofers target websites that employees use routinely for their work and construct an almost exact replica. Users click on the link to a trusted website, not knowing that the URL is spoofed. They interact with the website, unknowingly entering sensitive credentials or providing backdoor access to their local network. These spoofs are usually most effective when combined with phishing emails.

Caller ID Spoofing

Spoofers forge caller ID information, presenting false names or numbers and assuming the identity of particular people or organizations. Public networks and Voice over IP (VoIP) networks make this more possible. Callers answer these, believing their legitimacy, and often share credentials or bank account information due to their trust in the legitimate identity. These calls tend to originate in foreign countries where certain protections may not apply to the caller if they find out that they have been scammed.

Email Spoofing

Sender information in the “From” section of an email can be spoofed to hide the origin of fraudulent emails. As long as an email fits the protocols needed by the Simple Mail Transfer Protocol (SMTP) Server, a spoofer easily sends from a falsified email address. The consequences resemble those of IP spoofing and Caller ID spoofing. Spoofers either leverage a man-in-the-middle attack or receive sensitive information, relying on the trustworthiness of the legitimate entity.

GPS Spoofing

Although this is a relatively new form of spoofing, it poses an especially dangerous threat. Identity-based GPS spoofing takes the form of a rebroadcast of a genuine signal, or broadcasting fake signals that very closely represent legitimate signals. A spoofer takes on the identity of the trusted GPS satellites, sending falsified or genuine information with malicious intent.

What Are the Consequences?

The results of a spoofing attack are harmful and detrimental to both compromised identities and those exposed to the spoofer. Several attacks are carried out with various forms of spoofing:

1. Man-in-the-middle attacks

In a man-in-the-middle attack, a spoofer reroutes traditional virtual traffic using a spoofed IP to view the information being sent or manipulate the message on its way to its legitimate destination. Man-in-the-middle attacks are also caused by ARP spoofing and MAC spoofing, both similar to IP spoofing.

2. Phishing

Spoofing often leads to phishing, as it weaponizes the trustworthiness of a recognizable entity. Phishing attacks attempt to capture sensitive information by asking users to click compromised links. Once a user clicks the link, they make themselves vulnerable to back door attacks, where scammers then load malware onto their computer or network to capture more sensitive information.

3. Pharming

Pharming relates to phishing. It often directly results from DNS or Website spoofing. Spoofers send an email from a “trusted” entity and ask a user to click on the link to a website and enter credentials. Those credentials are sensitive data like name, date of birth, address, credit card information, bank information, and more, leading to identity theft and financial reputation destruction.

4. Business Email Compromise

Business email compromise (BEC) directly results from spoofing. Scammers use spoofed email addresses from trusted entities to deceive users into sending money or identity information. They use an organization's name to steal material goods, while the organization gets billed for items they do not receive. Much like other results of spoofing, users trust particular senders and organizations, so they input their information without verifying identity.

Is There a Way to Combat it?

Despite the attack-on-all-fronts that spoofing seems to be, there are ways to mitigate risks. When emails request sensitive information, users should follow up with the sender through another form of communication. Verifying by phone call to make sure that the request is legitimate frequently reveals a compromised identity, saving both the recipient and the spoofing victim.

Another form of protection is multi-factor authentication (MFA), much like the previous method of verifying a request. When entering credentials into an email server or an in-network computer, a user must verify their identity through a separate method. This takes the form of a phone call, text message, email, or push notification to an MFA application.

In addition, you can track how information moves within your network, screen senders based on a set of attributes, and ensure the validity of every source and destination address in your network.

Fraud.net offers a variety of products to combat spoofing, powered by artificial intelligence and machine learning. Even as attacks get more sophisticated, the product evolves with them and learns new ways to combat them.

Contact us for a demo and product recommendations today.

Identity Theft

Identity theft refers to the act of accessing and acquiring elements of another person's identity (i.e. name, date of birth, billing address, etc.) in order to commit identity fraud. Identity theft can take place whether the victim is alive or deceased. Once a person’s identity data is obtained, the data can be monetized by gaining access to their accounts, stealing their resources or obtaining their credit and other benefits. Identity theft (in combination with, and often used interchangeably with, identity fraud) is one of the fastest-growing crimes globally. A criminal can also use stolen identity information to hijack a consumer accounts, commonly referred to as "account takeover".

Improper Disclosures

Improper disclosure refers to when information is mistakenly shown to somebody that has not been authorized by the appropriate people to see it. The term usually relates to medical disclosure, when a persons personal health information is improperly disclosed to somebody.

InfoSec (Information Security)

InfoSec, short for Information Security, refers to the discipline of defending information from unauthorized access, use, disclosure, disruption, modi cation, perusal, inspection, recording or destruction.

Insider Threat

An insider threat can happen when someone close to an organization with authorized access misuses that access to negatively impact the organization’s critical information or systems. This person does not necessarily need to be an employee – third party vendors, contractors, and partners could pose a threat as well.

Instagram scammer

An Instagram scam could be described a scheme fraudsters perform through the use of social media, such as Instagram, or other related applications in the smartphone, in order to gain access to confidential and private information, money or encrypted monetary data with the use of high-level social engineering.

Insurance Fraud

Insurance fraud is any act committed to defraud an insurance process. This occurs when a claimant attempts to obtain some benefit or advantage they are not entitled to, or when an insurer knowingly denies some benefit that is due. There are two types of insurance fraud: hard fraud, which occurs when someone deliberately fakes an accident, injury, theft, arson or other loss to collect money illegally from insurance companies, or soft fraud, in which normally honest people often tell "little white lies" to their insurance company for the purposes of filing or maximizing a claim.

Intellectual Property

Intellectual property, also known as IP, describes an item or idea that has been credited as belonging to somebody in some way. Common types of IPs would be patented or copyrighted materials.

Intelligence

Fraud Intelligence is the leading practical resource for the counter-fraud professional; it provides applied insight, analysis and tools to combat fraud and corruption, whether in the corporate or non-commercial sector, together with coverage of relevant statute and case law.

Intelligence Augmention

Intelligence Augmentation, or IA, is an alternative conceptualization of artificial intelligence that focuses on AI's assistive role, emphasizing the fact that cognitive technology is designed to enhance human intelligence rather than replace it. The choice of the word augmented, which means "to improve," reinforces the role human intelligence plays when using machine learning and deep learning algorithms to discover relationships and solve problems.

Internal Fraud (Insider Fraud)

Interoperability

Interoperability describes the ability of computer systems or software to exchange and make use of information. Interoperability requires mechanical compatibility among the systems, and it is only able to take results from where profitable contracts have been settled among the systems.

Inventory Fraud

Inventory fraud involves the theft of physical inventory items and the misstatement of inventory records on a company's financial statements. A small business may be a victim of fraud perpetrated by one of its employees, or the business itself may engage in fraudulent activities to trick shareholders and tax agencies. Inventory contains rare materials and uncompleted or completed items that are normally stored in a storage room.

Inventory is one of the biggest assets on a manufacturer’s balance sheet. It’s also one of the hardest assets to measure and track. Therefore, protecting it becomes essential for direct growth. Timely fraud detection and prevention can save your business essential time and money.

Inventory Fraud: Warning Signs

Telling signs of fraud include missing packing slips and sales receipts, complaints from customers about lost goods, spikes in the number of damaged goods and sharp drops in sales, even during normally busy periods. These events can happen on a digital or physical level. Falsifying orders online, or purchasing orders for resale, is another way company employees might try to benefit.

In a June 2001 article for Journal of Accountancy, Joseph T. Wells, founder and chairman of the Association of Certified Fraud Examiners, wrote about several risk factors for what he called "phantom inventories". To clarify, The term refers to companies who falsify their information to trick tax agencies or shareholders. Attempts to fool company investors may include bogus purchase orders, fabricated shipping and receiving reports, and inflated inventory counts. Fraudsters might even stack empty packing boxes in the company warehouse to feign inventory.

Protect Your Business

 To prevent theft in physical warehouses and in offices, make sure to lock storage areas, install video monitoring and alarm systems. Likewise, consider running background checks on employees and conducting physical audits of your inventory at a random interval. As businesses digitize, it's important to have a system in place to assess the risk of customers and their purchases. A system like Fraud.net performs real-time assessments, sometimes hundreds of times per second, of payments, identities, and other data to determine risk even before the point of purchase. Online fraud systems identify and halt anomalous and problematic flare-ups as they happen to help you get in front of potential fraud.

You can prevent inventory fraud by building an environment with the right controls. Learn more about Fraud.net’s end-to-end anti-fraud solution and other tools you can leverage to mitigate threats.

Investment Fraud

Investment fraud is any scheme or deception relating to investments that affect a person or company. Investment fraud includes illegal insider trading, fraudulent stock manipulation, prime bank investment schemes and hundreds of other types of financial scams.

Invisible Web

The Invisible Web is the part of the World Wide Web, which is not indexable by search engines and is therefore invisible. In contrast to the Surface Web, the Invisible Web consists of data and information that cannot be searched with search engines for various reasons.

IOD - Impersonation of the Deceased fraud

IoT Botnet

Also known as a zombie army, a botnet is a collection of internet-connected devices that an attacker has compromised. These botnets can try to infect more computers or spread spam for affiliate fraud, amongst other reasons. They can also act as a proxy to mask a criminal’s original IP address. Botnets mainly act as a force multiplier for individual attackers, cyber-criminal groups and nation-states looking to disrupt or break into their targets’ systems. Commonly used in distributed denial of service (DDoS) attacks, botnets can also take advantage of their collective computing power to send large volumes of spam, steal credentials at scale, or spy on people and organizations.

IP Address

An Internet Protocol address (IP address) is a rational numeric address that is assigned to each computer, printer, or some other device that is considered to be a part of a TCP/IP-based network. An IP address is the main element on which the network structure design is built, and there is no network that could ever exist without any IP address.

IP Address Verification

Internet Protocol or IP Address Verification could be defined as a set of processes and procedures that ensure that everything you produce, buy, or sell on the Internet will have a legal and registered IP address.

ISP Monitoring

ISP monitoring is the practice through which ISPs record information about your online connections and activities. That means that everything from your search history to your email conversations are monitored and logged by your Internet service provider.

Issuer (Issuing Bank)

The Issuing Bank is the financial institution which issues individuals with credit cards or debit cards and extends short-term lines of credit to purchase goods and services. Familiar issues include Bank of America, Wells Fargo, Citibank and The issuer settles card transactions for the purchaser or card holder whereas its counterpart the acquiring bank or merchant acquirer, is the bank that is responsible for settling credit and debit card transactions on behalf of the merchant. Issuers generally manage the credit and debit card programs on behalf of the card networks, such as Visa and Mastercard, and for their role in the card payment process, receive the majority of the interchange and other fees in a credit card and debit card transaction. Discover and American Express are both issuers and card networks.

Jitter

Jitter is an anti-skimming method that alters the information on the magnetic stripe by changing the bustle or gesture of the card while it is swiped or dragged into a card reader or ATM. Jitter is intended to make unreadable any type of information that has been copied from a skimmer, and therefore the information will be unusable.

Keylogging

A keylogging program logs the keypresses on a device. Fraudsters covertly download these onto devices through various methods, and then read the keys recorded in order to discover things like the victim’s passwords or bank details.

Keystroke Dynamics

Keystroke dynamics or typing dynamics refers to the automated method of identifying or confirming the identity of an individual based on the manner and the rhythm of typing on a keyboard. Keystroke dynamics is a behavioral biometric, which means that the biometric factor is 'something you do'.

Keystroke Logger

A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer's keyboard. Keylogger software is also available for use on smartphones, such as Apple's iPhone and Android devices. Keyloggers are often used as a spyware tool by cybercriminals to steal personally identifiable information (PII), login credentials and sensitive enterprise data.

Kickbacks

A kickback is an illegal payment intended as compensation for favorable treatment or other improper services. The kickback may be money, a gift, credit, or anything of value. Paying or receiving kickbacks is a corrupt practice that interferes with an employee's or a public official’s ability to make unbiased decisions. It is often referred to as a bribe.

Know Your Customer

Law Enforcement

Law enforcement could be described as a system where a number of members of society act in a systematic way to enforce the law, determining, discouraging, assimilating or even punishing those who break the rules and regulations that are known and governed by that society.

Lending

Lending (also known as "financing") in its most general sense is the temporary giving of money or property to another person with the expectation that it will be repaid. In a business and financial context, lending includes many different types of commercial loans. Lenders are businesses or financial institutions that lend money, with the expectation that it will be paid back, generally with some type of interest. The lender is paid interest on the loan as the cost of receiving the loan. The higher the risk of not being paid back, the higher the interest rate.

Level of Assurance

A Level of Assurance, as defined by the by ISO/IEC 29115 Standard, describes the degree of confidence in the processes leading up to and including an authentication. It provides assurance that the entity claiming a particular identity, is the entity to which that identity was assigned.

Liability Shift

Liability shift generally refers to the responsibility of covering the losses from fraudulent transactions moving from the merchant to the issuing bank when the merchant has authenticated the transaction using any of the 3D Secure (3DS) protocols. If the merchant does not authenticate the credit card transaction with a 3D Secure method, the merchant remains liable for chargebacks and fraud losses.

Log File

A log file is a file that keeps a registry of events, processes, messages and communication between various communicating software applications and the operating system. Log files are present in executable software, operating systems and programs whereby all the messages and process details are recorded. Every executable file produces a log file where all activities are noted.

Login

A login is a set of identifications used to validate a user: this generally involves a username and password that allows a person to log in to a computer system, network, mobile device, or user account. A login might contain further information, such as a PIN number, passcode, or passphrase. Logins are usually used by websites, computer applications, and mobile apps to verify a customer's identity. They are a safety measure aimed to avoid illegal access to private data or assets.

Login Authentication

The process that recognizes and validates a user's identity is known as login authentication. A common example is having to enter both a username and password into a website in order to gain access to an account.

Lottery Scam

A lottery scam is a type of advance-fee fraud which begins with an unexpected email notification, phone call, or mail-letter (sometimes including a large check) explaining that "You have won!" a large sum of money in a lottery. The recipient of the message—the target of the scam—is usually told to keep the notice secret, and is then solicited for some amount of money in order to "confirm" the prize they have won.

Loyalty Points Fraud

Loyalty points fraud occurs when a fraudster gains access to somebody else's loyalty rewards points account, and then redeems these points for products that will benefit the fraudster. This type of fraud is becoming more popular as card fraud becomes harder, and because loyalty point accounts aren't checked for malicious behavior very often, allowing this fraud to go undiscovered for long periods.

Machine Learning

Machine learning (ML) refers to the development of computer algorithms and statistical models to perform predictions and specific tasks without explicit instructions, rather using inferences and patterns instead. Machine learning is a subset of artificial intelligence and generally falls into two main categories: 1) supervised learning, in which the outcomes are known and labelled in training data sets and 2) unsupervised learning, in which no outcome is known and the goal is to have items self-organized into clusters based on common characteristics or features. Supervised learning uses techniques like neural networks, bayesian models, regression models, statistical models, or a combination thereof. Unsupervised learning uses techniques like k-means clustering and is often used for anomaly detection. Some computer systems have the ability to “learn” or make progressive improvements on a task based on algorithms and subsequent outcomes. As an example, machine learning in fraud prevention allows algorithms to make immediate decisions on new transaction decisions, but over time "learn' from the outcomes of the purchases and from that new data, self-correct to make increasingly accurate predictions going forward. The fastest and most reliable path towards the learning component relies on analysts’ insights, assisted by machine-learned predictions, to make well-informed decisions.

Mail Fraud and Wire Faud

Mail fraud and wire fraud are federal crimes in the United States that involve mailing or electronically transmitting something associated with fraud. Jurisdiction is claimed by the federal government if the illegal activity crosses interstate or international borders.

Mail Order Telephone Order (MOTO)

Mail Order Telephone Order (MOTO) is a type of card-not-present (CNP) transaction in which services are paid and delivered via telephone, mail, fax, or internet communication. With the introduction of chip technology on most cards, there has been reduced fraud in “card present” transactions, but a corresponding increase in fraud in CNP transactions. The word stands for “mail order telephone order,” although those types of financial transactions are increasingly rare. MOTO has, therefore, become synonymous with any financial transaction where the entity taking payment does not physically see the card used to make the purchase.

Malware

Malware is software that is intentionally designed to cause damage to a computer, client, server or the network of a computer. Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, often by taking partial control over a device’s operations.

Man-In-The-Browser

A man-in-the-browser is a type of online threat, where a hacker uses a trojan horse virus to gain access to your computer. From there, the hacker manipulates the content you see within your web browser, which can allow them to record your personal information and passwords, as well as manipulate your transactions so that the money you think you are spending on an online product actually goes to the hacker, without anything looking any different from normal on that webpage.

Man-In-The-Middle

Man-in-the-middle (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.

Manpower Direct and Indirect Costs

Manpower Direct Costs include wages for the employees that produce a product, including workers on an assembly line, while indirect costs are associated with support labor, such as employees who maintain factory equipment.

Manual Review

Manual review is a technique that can be performed in-house or may be outsourced to or managed by a third party vendor. In either case, staff members perform manual checks on orders to determine the authenticity of an identity and transaction to establish which orders are fraudulent.

Manual Submission

Manual submission describes when somebody adds URLs to a search engine manually, filling out the form fields individually. This differs from automatic submissions, which involve filling out information only one time; the necessary information is then used by a software program to submit to many search engines.

Marketplace

A marketplace is the real, virtual or metaphorical space in which a market operates. The term is also used in the trademark law context to denote the actual consumer environment, i.e. the 'real world' in which goods and services are provided and consumed.

Marketplace Fraud

What is Marketplace Fraud?

Marketplace fraud is the illegal practice of making false or misleading claims through a company. This includes exaggerating the qualities of a product or service in advertising, selling imitations as the genuine article, or hiding negative aspects or side effects. False advertising is a type of the marketplace fraud.

An online marketplace creates a streamlined process for buyers and sellers to find one another. The first wave
of digital marketplaces came about with eBay’s launch in 1995. More product-focused marketplaces like these followed swiftly, from Amazon to WALMART's Jet.com.

Since then, online marketplaces have evolved to combine products and services. Whether it’s to buy something, rent a living space or get a ride, these marketplaces have spanned across various market segments from food to crowdfunding.

Types of Marketplace Fraud

1. Fake Profile or Product Fraud - Common on marketplaces like Wish.com or Alibaba, a fraudulent seller copies the profile of a legitimate seller in order to deceive victims and turn a profit. This is damaging to the original sellers as well, as business is stolen. A potential customer is lost, and in some cases may never even receive a product.
2. False Advertising - Misleading representation of goods or services through false or fraudulent claims or statements.
3. Fake Buyer and Seller Closed Loop Account Fraud - A fraudster creates multiple fake buyer and seller accounts created. The fake buyers pay the fake seller for nonexistent items or services using stolen credit cards.

How to Stop Marketplace Fraud

Stopping marketplace fraud can be difficult for businesses. Keeping an important eye on marketplaces with similar products is vital to deter product fraud. Additionally, keeping an eye on your own customers, and those who purchase with fraudulent information, might indicate further resellers. Keeping tabs not only on public marketplaces, but the needs of those who are trying to manipulate the deep web, is another practice that will keep you ahead on the latest fraud trends.

The best way you can improve your fraud prevention on either sides of the market is by relying on ecommerce fraud prevention software. Machine learning fraud detection leverages billions of consortium transactions and outcomes to detect fraud.  This is done at every stage of the customer life cycle, in real-time to detect unusual transaction patterns. AI crawlers that scan the deep and dark web keep the system up to date without the need to constantly set new rules in the software. 

Fraud.net addresses these problems with a comprehensive and flexible fraud prevention platform, including AI / Deep Learning models, consortium fraud data, highly customizable case management and advanced analytics.

Learn More

• Visit the Ecommerce Industry page on our website
• Speak with a Fraud Prevention Specialist

Medical Fraud

Medical fraud is a type of white-collar crime that involves the filing of dishonest health care claims in order to turn a profit. Health care fraud influences insurance rates every day, causing premiums individuals pay to rise to cover the insurance companies’ losses.

Medical Identity Theft

Medical identity theft occurs when somebody illegally accesses and uses a patient's personally identifiable information (PII) to obtain medical treatment, services or goods. The stolen information may be used to open credit card accounts or obtain medical services such as treatment at an emergency medical crisis location.

Merchant Account

A merchant account is a type of bank account that allows businesses to accept payments made by debit or credit cards.

Merchant Account Provider

Merchant account providers give businesses the opportunity to accept debit and credit cards for the payment of goods and services. This can be conducted face-to-face, over the phone, or even over the Internet.

Merchant Chargeback Insurance Provider

MFA (Multi-Factor Authentication)

What is Multi-Factor Authentication (MFA)?

MFA or Multi-Factor Authentication, also called Step-Up Authentication, is an approach to security authentication, in which the user of a system provides more than one form of verification to prove their identity and be granted access. Multi-factor authentication is so named because it leverages a combination of two or more factors of authentication. In the field of cybersecurity, the three major factors of authentication and verification are: 1) something a user knows (such as a password or the answer to a question), 2) something the user has (such as a smart card, a mobile phone or a security token), and something the user is (such as a unique biometric marker like a fingerprint).

Why is MFA Important?

Reducing risks is key for businesses organizations, no matter the size. As further organizations cultivate a digital workspace, credential harvesting is increasing.  According to a report from Verizon, for example, over 80 percent of hacking-related breaches are caused by stolen or weak passwords.  With this in mind, MFA becomes essential.

Fraud.net offers Multi-Factor Authentication as a feature within our Fraud Prevention Suite.   

Here's how it works:

Fraud.net's multi-factor authentication feature gives fraud analysts the ability to send a verification text message to the phone number of a transaction. The purpose of this is to authenticate that the phone number within the transaction is owned by the person who actually placed the transaction. A Yes/No question will be sent to a phone and then based on the response the transaction, it can be auto-cancelled, auto-approved or sent to a queue for further review.

1. When a fraud analyst is reviewing a transaction, they can select the option to authenticate the transaction (Send MFA) from the dropdown menu in the top right corner:

2.  The fraud analyst will then confirm that they would like that message sent:

3. The admin, from the business profile page, can manage what the message says and what action occurs based on the reply. The admin can also manage what happens when no reply is received and the time frame for the reply. The default question reads as "$business name$ here. We received a transaction from $firstname$ $lastname$ for $amount$ on $orderdate$. Was this you?"
Reply Yes or No"

4. The transaction remains in a pending authentication queue until there is a response or it expires.

Interested in learning more or enabling Multi-Factor Authentication within your Fraud Prevention Solution?

Speak with a Specialist Now

Misrepresentation

Misrepresentation is a concept of English law, which describes when a party uses misleading statements or facts in negotiations to induce the other party to take certain actions.

Mobile

A "mobile" is a term used for phones, stemming from the term "mobile phones", which differs from their predecessor, wired or immobile phones. A mobile phone is a portable device whose primary use is to "call" other phones, allowing for a conversation to be had from pretty much any two places in the world between these two devices.

Mobile Device Analysis

Mobile device analysis is a branch of digital analysis that refers to the recovery of digital evidence or data from different mobile devices under the analysis of a sound condition. Mobile devices are used to save different types of personal information such as contacts, notes, calendars, and to communicate with others.

Mobile Phone Fraud

Mobile phone fraud is simply any fraud that involves the use of mobile phones. One type of this fraud is call-forwarding fraud, where a fraudster tricks a victim into mistakenly forwarding their phone calls to another number.

Money Laundering

What is Money Laundering?

Money laundering is the process of transforming "dirty" money derived from criminal activities, such as drug trafficking, corruption, fraud, or illegal arms sales, into "clean" or legitimate money. The primary objective is to obscure the trail of illicit funds, making it difficult for law enforcement agencies and financial institutions to trace the money back to its illegal origins. This process involves several stages: placement, layering, and integration.

Here are some of the leading statistics on money laundering:

• Approximately $300 billion is laundered through the United States each year.
• Over 200,000 cases of money laundering are reported to the authorities in the UK annually
• Money laundering takes up about 1.2% of the European Union’s entire GDP, which is between EUR 715 billion and 1.87 trillion each year

Common Types of Money Laundering and Distinctions from Embezzlement

Money laundering can take various forms, including structuring deposits, using shell companies, trade-based laundering, real estate investments, and even digital currency transactions. Unlike embezzlement, which involves the misappropriation of funds by individuals entrusted with them, money laundering focuses on the process of making illegal proceeds appear legal. Embezzlement typically involves theft or misappropriation of funds for personal gain without the intent of disguising its origin, whereas money laundering aims to legitimize the illicit funds.

Solutions for Money Laundering

A multi-faceted approach is necessary to combat money laundering effectively:

• Strengthen Regulatory Frameworks: Governments must enact robust laws and regulations to prevent and detect money laundering. Enhanced due diligence, transparency in financial transactions, and beneficial ownership disclosure requirements are critical components.
• Collaboration and Information Sharing: Collaboration among financial institutions, regulatory bodies, and law enforcement agencies is crucial. Sharing information and intelligence can aid in identifying suspicious activities and patterns.
• Technology and Data Analytics: Implementing advanced technologies such as artificial intelligence, machine learning, and data analytics can enhance the detection capabilities of financial institutions, enabling them to identify and flag suspicious transactions more efficiently.
• Customer Due Diligence: Conducting thorough customer due diligence, including Know Your Customer (KYC) procedures, helps institutions verify the identity of clients and assess the legitimacy of their transactions.
• Anti Money Laundering (AML) Measures: Anti-money laundering measures encompass strategies, policies, and procedures aimed at preventing, detecting, and reporting instances of money laundering. AML compliance involves ongoing monitoring, risk assessment, staff training, and the implementation of robust internal controls within financial institutions to ensure regulatory compliance and mitigate the risks associated with money laundering.

Defeating Financial Crimes with Fraud.net's Advanced Solutions for Money Laundering

Fraud.net offers innovative solutions that leverage advanced technologies to combat financial crimes, including money laundering. Our platform integrates AI-powered fraud detection, data analytics, and real-time monitoring to identify and prevent suspicious activities.

To learn more about Fraud.net's specific solutions for money laundering and to request a demonstration, book a meeting with one of our solutions consultants today.

Money Mules

People who receive money into their account and transfer it elsewhere for a fee. It is usually done for money laundering, which makes money mules complicit in illegal crimes. 

Like with address drop scams, money mules are often unaware they are helping criminals. They are commonly found via fake job posts, and hired under false pretenses, for instance forwarding money to a charity in a foreign country.

Monitoring

The term monitoring refers to the observing and checking of the progress or quality of something over a period of time. Monitoring services generally ensure the security and authenticity of something over time.

Mortgage fraud

Mortgage fraud is a crime in which the fraudster omits information on an application for a mortgage loan to obtain to greater loan than they would likely normally be eligible to recieve.

Mousetrapping

Mousetrapping is a technique used by websites to keep its visitors on the website for longer, and also to force visitors to engage with their website. It may occur from a website launching pop-up ads to delay the user from exiting the page.

Multichannel Merchanting

Multichannel merchanting describes the process of trying to sell products to both current and potential users through a variety of channels.

Near-Field Communication

Near-Field Communication, also known as NFC, is the set of communication protocols that allow two electronic devices to share information with one another based on their proximity to each other. NFC devices are used in contactless payment systems, allowing mobile phones to act as or supplement a credit or debit card in a transaction.

Network Effect

Network Effect, is a phenomenon in which a good or service gains additional value as more consumers use it. Technically, the term refers to the effect that one individual user of a product or service has on the value of that product or service to other people. The value of a product or service increases as more people use the product.

Neural Network

A neural network is a progression of algorithms that attempt to copy the manner in which the human cerebrum works in order to draw connections between different pieces of information. Neural systems can adapt to the evolution of inputs; in this way the system produces the most ideal outcome even when dealing with not-before-seen information.

New Account Fraud

Nonrepudiation

Nonrepudiation is the assurance that somebody can't deny something. Typically, nonrepudiation refers to the ability to ensure that a party of a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. To repudiate means to deny.

Omnichannel

Omnichannel is a cross-channel content approach that companies use to improve their user experience. Instead of working in comparable communication channels, communication channels and their support resources are planned and organized to collaborate. Omnichannel indicates the combination and also the arrangement of the channels so that the experience will be attractive across all channels.

On-Premise Software

On-premises software (also known as on-premise, and shortened "on-prem") is implemented and activates on computers on the premises of the individual or company using the software, rather than at a distant facility such as a server farm or cloud. On-premises software is occasionally referred to as “shrinkwrap” software, and off-premises software is usually named “software as a service” ("SaaS") or “cloud computing”.

One-time Password

One-time Password is a password that is valid for only one login session or transaction, on a computer system or other digital device. This means that a potential intruder who manages to record an OTP that was already used to log into a service or to conduct a transaction will not be able to abuse it, since it will no longer be valid.

Open Authorization

Open Authorization, sometimes called OAuth, is an open standard for access allocation, usually used as a method for Internet users to give websites or applications access to their information on different websites but without providing them with the passwords. This method is used by some companies such as Amazon, Google, Facebook, Microsoft and Twitter to allow the users to share their account information with third parties, such as applications or websites.

OpenID

OpenID is an open standard and decentralized authentication protocol in which a user can create their own account by selecting an open ID identity provider, then after that, this account can be used to sign onto other websites. It allows users to be authenticated by co-operating sites using a third-party service, eliminating the need for webmasters to provide their own ad hoc login systems.

Out-of-band Authentication

Out of band authentication (OOBA) is a term for a process where authentication requires two different signals from two different networks or channels. These kinds of more sophisticated authentication prevent many kinds of fraud and hacking. Out-of-band authentication will effectively block many of the most common kinds of hacking and identity theft in online banking.

Pagejacking

Pagejacking is the process of illegally copying legitimate website content (usually, in the form of source code) to another website designed to replicate the original website. A pagejacker's intention is to illegally direct traffic from the original site to cloned Web pages. Pagejackers rely on search engines to index bogus site content to enable search result ranking and display with the original site.

Pass-Along Rate

A pass-along rate represents the percentage of people who pass on a message or file. Indeed, pass-along rates are a measure of word-of-mouth marketing. Objects typically passed include email messages, Web pages and multimedia files. Content typically passed includes humor and entertainment, late-breaking news, shopping specials, and technical gizmos.

Passive Authentication

In a passive authentication scenario a user is directed to a login page, and after logging in, the site directs the user back to the URL and allow the user to be authenticated on that site. The passive authentication can be achieved by using WS-Federation protocol or SAML 2.0.

Payables Fraud

Payable fraud, also known as AP fraud, is among the most ubiquitous and damaging of frauds that affect businesses of all sizes. It's also among the easiest frauds to perpetrate, since most of the money leaving a company legitimately goes through the accounts payable function.

Paying Personal Expenses

Paying personal expenses refers to the expenses of an individual that are not related to business or investment purposes. Personal expenses are not deductible unless specifically allowed under the tax law. Two examples of deductible personal expenses are medical expenses and personal property tax paid on personal-use property. Deductible expenses are returned when an employee creates and sends an invoice to the company, and in return the company will give them the money to pay those personal expenses.

Payment Application Data Security Standard

Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors to develop secure payment applications that support PCI DSS compliance.

Payment Fraud

Payment fraud is a blanket term for a variety of different frauds that all center around using false information or unauthorized means to make a purchase. This type of fraud can roughly be categorized into three kinds of situations; relating to fraudulent or illegal transactions, misplaced or stolen goods, and false requests for reimbursements or returns on goods.

Payment Gateway

A Payment Gateway processes credit card and debit card payments, as well as other forms of electronic payments, primarily on behalf of e-commerce and brick-and-mortar merchants. The Payment Gateway is responsible for authenticating, standardizing and relaying transaction data between the merchants and the payment processors. The payment gateway responsibilities include securing payment data according to PCI DSS standards, securely sending transaction data to the payment processor, and storing the transaction and subsequent settlement, refund and other financial event data for later access by the merchant. Banks often own the payment gateways, but payment service providers (PSPs) like PayPal, Square or Stripe can also create their own Payment Gateway software.

Payment Threshold

A payment threshold defines a situation in online marketing where an associate has to meet a certain criteria, generally a number of sales, before being paid by the affiliate company for their services.

Payment Verification

PayPal

PayPal Holdings, Inc. is an American company that operates a universal online payment method that supports online money transfers. It also serves as an electrical substitute for the usual paper-based methods of checks and money orders. The company functions as a payment mainframe for online vendors, auction sites, and numerous other business users. These users are usually charged an interbank fee for profits such as one-click transactions and password memory. 

History of PayPal

The Beginning

PayPal, first founded as Confinity, resulted from a collaboration between Max Levchin, Peter Thiel, and Luke Nosek. They developed it as a digital wallet solution, a way to send payments through email, releasing its first iteration in 1999.

In 2000, Confinity merged with X.com, an online banking service founded by Elon Musk. Peter Thiel then replaced Elon Musk as CEO in October 2000, and renamed Confinity to PayPal Holdings in 2001. They went public in 2002, at $13 per share, minting over $61 million.

Acquired by eBay

Within the same year, they were acquired by eBay, and the service supported 70% of auctions and transactions. Accordingly, it became the default payment method for online transactions on eBay.

Versus Anonymous

In July 2011, Anonymous was charged with attempting to disrupt PayPal operations. They attempted denial of service attacks in December of the previous year. These attacks were an act of retaliation against the company's denial to process donation transactions to WikiLeaks.

eBay and PayPal Part Ways

eBay and PayPal split into two separate companies in 2015, but their professional partnership remained alive. The latter continues to offer a payment option for eBay shoppers, but not as a transaction processing platform.

Social Media Ventures

Instagram and PayPal partnered in 2019 for Instragam shopping, offering "Checkout on Instagram" with the latter as part of the feature. In 2020 they acquired Honey, a browser extension that scrubs for the largest discounts available at various shopping locations.

Why is it so Popular?

PayPal operates in 202 global markets and has 377 million active accounts. It grew to this popularity due to the ease of use they offered for transactions.

Users could transfer money without credit cards or paper options and could do so between different banking institutions and credit unions. This was especially helpful in cases where people could not obtain credit cards due to their financial history. In these cases, it acted as a prepaid "card", in which one could transfer money from their debit card to create a "balance" to then use to pay for transactions.

It also offered automatic currency conversion options for those making international transactions. Due to their investments in transaction security and providing a variety of options and personalizations for users, PayPal has sustained itself as a major payment platform.

What Does PayPal have to do with Fraud?

While PayPal has invested in securing its platform over the years, the platform is still vulnerable to fraudulent activity and has a history of combatting it.

2001

International hackers targeted PayPal accounts, transferring small amounts of money out of multiple accounts. In response, they developed an AI-powered fraud detection system to detect potentially fraudulent transactions. Peter Thiel, inspired by this development, went on to create Palantir.

2015

In this instance, a PayPal service provider charged 150,000 Spanish cardholders an unauthorized €15. Most funds were returned.

Retaliation for Banning Transactions

As stated earlier, PayPal fell victim to a denial of service attack by hacktivist group Anonymous, in retaliation against their banning of donations to WikiLeaks. They may continue to face these types of attacks due to their controversial banning of several transactions and accounts associated with human rights activism or non-traditional work.

Additionally, PayPal's service acting as a "prepaid" card of sorts provides an opportunity for scammers to facilitate money laundering through their service. PayPal does comply with AML standards set forth by government cybersecurity jurisdictions, but the service still faces audits for failed compliance and deals with laundering today. 

Fraud.net's Protection and Detection Solutions

Fraud.net offers a wide variety of products and solutions to combat money laundering, business email compromise, and invoice fraud. Contact us for a free demo today, and product recommendations and best practices for your business.

Paypal Fraud

What is PayPal Fraud?

PayPal fraud is fraud related to using the paypal payment system. It can be initiated or performed through emails, phishing sites, malevolent ads, doubtful links, and many more. These scams try to appear authentic in order to trick users into releasing personal information, such as usernames and passwords, or to illegally obtain payments and payment info. 

A fake paypal invoice or email may look like the consumer has to take an action by clicking on any fraudulent links. If you review an item purchased that was not made by you on your account, report a problem, select the transaction, hit dispute and click continue. It’s extremely important to report any suspected instances of Paypal fraud immediately after you view your transactions to protect your account and information.

How to Protect Against PayPal Fraud

The most effective protection against PayPal fraud is education on what to look out for. Phishing emails can usually be spotted under close scrutiny. There are tells like misspellings or a “re:” at the beginning of the subject line. 

If you receive an email or notification that you owe money or there’s been a mistake with your account, it’s almost definitely a phishing attempt. To double check, log into your account through the PayPal website rather than through any links present on the notification. 

Fraudsters will sometimes also try to tempt their victims with offers of payment that sound too good to be true. Sounding too good to be true is a major indication that it isn’t true. 

Fraud.net Solutions

Fraud.net offers a variety of solutions using AI and machine learning to prevent fraud attacks of all kinds and therefore, your bottom line. We offer dark web monitoring, analytics and reporting, identity protection services, and more.

Contact us for a demo and recommendations for fraud prevention and identity verification.

Payroll Fraud

Payroll Fraud is a category of accounting fraud typically carried out by people who have access to employee information, their incomes or their wages. Companies that have not applied the accurate controls in their financial section – particularly in times of financial distress – will face more complex fraud risks than other companies.

PCI Compliance

What is PCI Compliance?

Payment card industry (PCI) compliance refers to the practical and operational principles that companies need to follow to ensure that credit card information provided by cardholders is secure. PCI compliance is prescribed by the PCI Standards Council, and all companies that automatically store, process or convey credit card data are required to follow these procedures. Created in 2004, PCI compliance aims to secure credit and debit card transactions against data theft and fraud.

Compliance is validated on an annual or quarterly basis and evaluated by a PCI auditor. The system is divided into four levels. Methods range depending on the volume of transactions handled:

1. Highest Level (1): Applies to companies who process more than 6 million credit or debit card transactions annually. These merchants must have an internal audit once a year. Additionally, merchants must submit to a PCI scan by an Approved Scanning Vendor (ASV) each quarter.
2. Level 2: Applies to companies processing between 1 and 6 million annual credit or debit card transactions. Requirements include a yearly Self-Assessment Questionnaire (SAQ). A quarterly PCI scan may also be required.
3. Level 3: Applies to companies processing between 20,000 and 1 million transactions annually. They must complete a yearly SAQ. A quarterly PCI scan may also be required.
4. Level 4: Applies to sellers processing less than 20,000 transactions annually. These merchants must complete a yearly SAQ. A quarterly PCI scan may also be required.

Basics Needed for PCI Compliance

1. A Secure network with original passwords.
2. Secure and encrypted cardholder data.
3. Vulnerability management.
4. Anti-virus software that is used and regularly updated.
5. Secure systems and applications for users.
6. Restricted and controlled access to cardholder information.
7. Consistent network monitoring and testing.
8. Information security policy and maintenance of that policy.

PCI Compliance and Digital Payments

With the rise in new payment technologies, such as contactless payments and digital wallets, payment fraud has never been more sophisticated Likewise, the financial rewards for the perpetrators have never been greater.

These new changes will affect all industries, from banking to e-commerce. Experts believe these new technologies will soon represent the majority of all transactions.

Since then, fraudsters have taken advantage of businesses ' limited ability to adapt. Even among well-funded organizations, resources may not be used properly. For example, key resources and critical forensic data, investigative expertise, and data science capabilities are broadly scattered. Actions occur across cybersecurity, accounting, fraud, compliance, legal, and IT departments. With this comes little coordination or sharing in between departments. This is where PCI compliance is vital, and also where fraudsters have opportunities.

PCI Compliance and Beyond

Combat fraud leveraging data science and analytics, gradually moving away from a narrow focus on false positives and loss prevention. Harness Fraud.net’s capabilities to reduce losses, detect and prevent emerging fraud, and enhance the customer experience. Get in touch with us today to learn more.

PCI DSS

The Payment Card Industry Data Security Standard, also known as PCI DSS, is an IT security standard for companies that handle branded credit cards from the major card providers. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud.

Persona

A persona is an artificial profile for a type of customer, created on certain identifying criteria. Personas are generally used in marketing efforts as a way of figuring out how to best target different segmented audiences.

Personal Details Compromise

Personal Details Compromise, also known as a data breach, is the planned or unplanned relief of protected or confidential data in an unreliable environment. Other types of this occurrence include unplanned data revelation, data leaks and data spills. A data breach is basically a security occurrence in which delicate, secured or confidential data is imitated, conveyed, observed, taken or used by a person who is not entitled to do so.

Personal Information

Personal Information can be described as any accurate or personal information, whether documented or not, about a recognizable person. Personal Information can include name, e-mail, address, civilization, race, identification number, occupation history, and other more related information.

Personally Identifiable Information

Personally identifiable information is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.

Phantom Debt

Phantom debt collection fraud appears in many variants, but the most common component among them is the claim that a customer is indebted and has to pay it, or else they will incur heavy penalties. Regardless of whether the customer really took out a loan or not, they may accept a call later during which they will be asked to pay the money of the loan.

Pharming

Pharming is a cyber-attack aimed at exchanging traffic from an official website to a different website. The second website is usually a copy of the original, designed to gather personal information such as credit card numbers. Pharming could be performed either by varying the hosts folder on a victim's computer or by misusing a weakness in DNS server software. Pharming involves undefended access to a target computer, such as a customer's home computer, rather than a corporate server.

Phishing and Pharming

Phishing and Pharming are two methods of cyberattacks to lure a victim to false websites in order to send them malware or get his/her personal information. Phishing involves getting a user to enter personal information via a fake website. Pharming involves modifying DNS entries, which causes users to be directed to the wrong website when they visit a certain Web address.

Phishing Kit

The phishing kit can be described as a collection of several software programs that allows an individual to manage and launch specific types of campaigns and phishing scams. The phishing kit makes it easy for those with even few technical skills to launch some kind of phishing exploit.

Phishing Schemes

Phishing schemes involve getting a user to enter a website and input their personal information for the fraudster to then steal and take advantage of. This website often times emulates the design of a legitimate business's website, in the hopes of tricking people into entering their information on a site they think is real and trustworthy. Phishing is usually performed through deceptive emails or phone calls, but other methods exist.

Phone Verification

It is the process of identifying if a number used by a user is valid or not, as well as if a phone number being used is the phone number of the person trying to use it. Phone number verification is used in different forms of multi-factor authentication.

Plagiarism

Plagiarism refers to the illegal act of copying someone’s work and presenting it as one’s own original work. This act may include the stealing of handwriting, online drawings, or any other online aspect that can be stolen and presented as original. Plagiarism is believed to be a crime in almost all the countries over the world.

Platform

On the internet, a platform refers to a virtual space where a company, a person, or a community can create its own page or website, or even a network that can serve the people who come to visit. This type of business is referred to an e-commerce and most international organizations have their own online platforms.

Point-To-Point Encryption

P2PE, or point-to-point encryption, refers to all the processes and tools involved in protecting different online procedures and actions throughout all steps of the process. It is usually provided by a third-party, and often when an organization purchases this solution from an outside party, that party will then help the company in setting up the encryption.

Policy Violation

A policy violation occurs when a user records an expense with details violating the company's expensing policies. There are different types of sanctions which are put in place in the event of a breach of policy, and some of these sanctions are set by the authorities. Policies and sanctions can differ across fields and organizations, based on many different factors.

Privacy

Privacy is the practice or idea of keeping certain information a secret from a certain group. It also describes the capability of the individual to protect the information he or she considers personal.

Processing Unauthorized Payroll

The processing of unauthorized payroll refers to the act of identifying whether payroll has been calculated for an unauthorized person in the organization's list. This process is done to prevent payroll fraud, where a payroll manager knowingly approves fraudulent payroll transactions, generally with the purpose of taking that money for themselves.

Proofing

Proofing refers to the act of verifying and authenticating the identity of legitimate customers. Identity proofing is required when a person wants to withdraw money or take any other confidential information from online resources.

Proxy Piercing

What is Proxy Piercing?

Proxy piercing refers to a technology that enables hosts to determine whether a person is making a proxy purchase or not. A proxy purchase describes a transaction made where a customer disguises their IP via the use of a proxy server. 

Proxy piercing allows one to see if there is a proxy being used by a customer attempting a transaction. Then, depending on the level of the piercing program, it will “pierce” the proxy server and determine the original IP of the transaction. At an even higher level, proxy piercing can also determine the physical location of that user.

Why is Proxy Piercing Important in Fraud Detection?

Fraudsters often use proxy servers to mask their true identities when making fraudulent purchases or chargebacks. They do this to avoid detection that the address on their payment method does not match their IP address’s geolocation. Proxy piercing cuts through that protective wall, identifying whether a purchaser is using a proxy. It also determines to what extent, and the true IP address of the purchaser. 

Once this address is found, verification services then take over. They weigh the true IP address against the location of a purchase’s shipping address or common bank transactions to determine if the purchase is fraudulent. In addition, this IP address can be weighed against the frequency of past transactions and such frequencies in certain locations. 

Proxies for Consumers Aren't Always Bad

Not all purchases using proxies are fraudulent - some consumers use proxies to avoid sharing location and behavior data with browsers. Or, they use them to avoid targeted ads and the sale of their internet behavior and social network data. They may use VPNs to avoid tracking or data spying on public shared networks, like those at cafes or libraries. They may also use proxy servers to avoid government censorship, to access restricted websites in their countries like YouTube or Facebook. Unfortunately, the use of these proxies can open consumers and businesses up to potential phishing or pharming attacks. This vulnerability contributes to fraudsters obtaining credentials they can sell as part of “fullz” packages.

Fraud Detection and Protection with Fraud.net

Through IP verification and Dark Web Monitoring, among other solutions, Fraud.net's suite of AI-powered fraud detection and protection services can help your institution combat fraudsters.

Weighing IP geolocation data and dark web activity allows for better tracking of fraudulent purchases. Additionally, these services weigh past fraudulent activity against the IPs or credentials in use. Therefore, if a user employs a proxy server to make fraudulent transactions, our services can identify how problematic the true IP is.

Contact us today for recommendations and a demo of our services:

• Contact Us
• IP Verification with Verify
• Dark Web Monitoring with Authority

Purchase Amount Filter

A purchase amount filter is a technology, method, or practice that allows e-commerce website hosts to identify or prevent scams that occur with ease by setting up limitations on the amount of a product that can be purchased at one time.

Pyramid Schemes

A pyramid scheme is a fraudulent business model where an initial group of people recruit others to join their company, but charge them an upfront-fee in order to become an employee, and then urges those new employees to recruit others and get up-front fees from them as well. As new recruits join, their upfront fees go towards paying earlier members of the pyramid scheme, and so the goal of the business is really just to trick people into joining the company and paying this fee; the company may have an actual product to sell, but selling the product is often not the focus of this business.

Ransomware

Malware that blackmails the user in order to have the program be removed. It is a virus that blocks access to a computer via encryption, unless a certain sum is paid (generally through cryptocurrencies to maintain anonymity). The criminals usually threaten to delete important files, or disable the entire computer if the money isn’t paid by a certain deadline.

Real-Time Risk Management

Real-time risk management is a process which enables a person to handle risks associated with payments as the payment happens. It allows the person to effectively ensure that all the transactions are being carried out in a proper way, and can be denied at the business owner's discretion in case they believe a purchase to be fraudulent. This solution can be provided by a third-party as well.

Record Destruction

Record destruction refers to the process of illegally destroying information stored in the form of documents. This is an ethically wrong practice and if spotted within an organization can lead to the termination of that person's employment.

Relying Party

Relying party or third party is a computer term used to refer to a server providing access to a secure software application. Claims-based applications, where a claim is a statement an entity makes about itself in order to establish access, are also called relying party (RP) applications. Actually RP refers to the person who provides services to the customer not directly but just by connecting the customer to the actual seller. Usually, the host or the merchant has to identify the real party that is delivering services to the customers.

Reshipping Fraud Scheme

In a reshipping scam, the criminals purchase high-value products with stolen credit cards and recruit willing or unsuspecting people (reshipping mules) to receive and forward the packages on behalf of the criminals. In the package, there will be stolen items and in case of arresting, the re-sender will be arrested first.

Retail Loss Prevention

Retail loss prevention is actually a set of practices and methods which are employed by retail companies to preserve profit, so to ensure that there are as few scams associated with transactions as possible. Profit preservation is any business activity specifically designed to reduce preventable losses. Usually, most crimes are related to retail and in order to minimize this risk, these practices are adopted by the retailer, and are known as retail loss prevention methods.

Return Fraud

What is Return Fraud?

Return fraud is an online scam that occurs when a person purchases an item from a retail store with the intent to return it immediately or use duplicate receipts to get money back. It is the act of defrauding a retail store via the return process. Fraudsters commit this crime in various ways. For example, the offender may return stolen merchandise to secure cash, steal receipts or receipt tape to enable a falsified return, or use somebody else's receipt to try to return an item picked up from a store shelf.

There are several types of return fraud, including:

• Returning stolen merchandise - shoplifting and returning merchandise for a refund of the full price.
• Receipt fraud - stealing or falsifying receipts to return merchandise for profit. Another version of this is purchasing goods at a low price from one store and returning at another with a higher price to profit off the difference.
• Employee fraud - assistance from employees to return stolen goods for full price. This is a form of insider fraud.
• Price switching - placing higher price labels on merchandise to later return them at a higher price than the initial purchase. This is similar to profiting off the price difference in receipt fraud. 
• Price arbitrage - purchasing similar-looking but differently priced goods, and returning the cheaper item as the expensive on and profiting off the difference. 
• Switch fraud - purchasing a working item, and returning a damaged or defective item that was owned before the purchase of the working item. 
• Bricking - purchasing a working electronic item, and stripping it of all valuable and necessary components to make it unusable, then returning it for profit. 
• Cross-retail return - returning or exchanging an item purchased at another retailer for cash, store credit, or a similar, higher-priced item at another retailer. 
• Open-box fraud - purchasing an item from the store and returning it opened with the intent to repurchase at a lower price under “open-box” store policies. This is similar to price-switching.
• Wardrobing - purchasing merchandise for short-term use with the intent to return the item (ex. purchasing a dress, wearing it for a night with the tags still on, and returning it). 

The Cost of Return Fraud

The retail industry loses about $24 billion annually in return fraud and policy abuse, accounting for 8% of returns. In 2020, of the 10% of returned transactions, 6% were fraudulent, leading to a loss of $25.3 billion for retailers. As retail shifts online, 38% of merchants see an increase in buy online, return in-store purchases, and 29% of merchants report an increase in fraudulent returns among such transactions. Furthermore, 21% of returns made without a receipt are fraudulent. As a result, merchants often raise prices to offset losses, unfortunately affecting customer experience. 

Holiday Shopping Seasons Increase the Risk

25% of annual product returns occur between Thanksgiving and New Years Day and return fraud increases during this time as well. According to the National Retail Federation, a quarter of holiday shoppers buy items with the intent of returning them later. This leads to merchants preparing for a large volume of returns. In 2018’s holiday season, about 10% of returns were expected to be fraudulent, leading to a loss of $6.5 billion in holiday return fraud. Due to high customer volume, sometimes loss and fraud prevention measures become more relaxed despite the increased vulnerability. 

As a result of increased purchase and return volume, retail staff becomes overwhelmed with handling returns as well as investigating fraudulent ones. Often this leads to more staff being hired over the holiday season, increasing the merchant’s operating costs. If they choose not to or cannot hire more staff, the existing staff becomes overworked trying to keep up with the increased volume. 

How to Prevent Return Fraud

Returns are necessary for retail to promote customer loyalty and satisfaction. Unfortunately, this poses a challenge for combatting return fraud. Policies must be clear and restrictive enough to effectively prevent return fraud, but flexible to avoid discouraging legitimate returns and exchanges. They also should be easy to access on online shopping sites and packaging/receipts for shipped goods.  

In addition, as much data as possible must be collected from fraudulent returns to prevent repeat offenses and inform fraud prevention for future threats. Collective intelligence informed by transaction data helps fight future fraud by arming prevention and detection services. 

Fight Return Fraud with Fraud.net

Fraud.net has a large suite of solutions helpful in fighting return fraud, among other types of fraud. With identity verification, dark web monitoring, and datamining services, fighting return fraud becomes easier and more efficient.

Contact us today for a free demo and recommendations to help you protect your profits from return fraud.

Return On Investment (ROI)

Return on investment (ROI) is a performance measure used to evaluate the efficiency of an investment or compare the efficiency of a number of different investments. ROI tries to directly measure the amount of return on a particular investment, relative to the investment’s cost.

Risk Assessment

Risk assessment is the systematic process of evaluating the potential risks that may be involved in a projected activity or undertaking. To assess the risks, different tools and methods can be utilized. In addition, risk assessment also involves determining the likelihood of risks that will threat the system in the future.

Risk Management

Risk management describes the process and practices of companies in attempting to prevent malicious or fraudulent activity from occurring within their systems, as well as addressing any other issues that would create financial risks. It can be more simply defined as the practice of forecasting and evaluating potential financial risks alongside identification procedures that aim to avoid or minimize their impact.

Risk-Based Authentication (RBA)

What is risk-based authentication?

Risk-based authentication (RBA) is a non-static authentication system that takes into account the profile (IP address, User-Agent HTTP header, time of access, and so on) of the agent requesting access to the system to determine the risk profile associated with that transaction. This type of authentication method is used to determine high-risk security threats to protect sensitive information. When the risk level increases, authentication becomes more extensive. False insurance claims are insurance claims filed with an intent to defraud an insurance provider.

A common example of risk-based authentication is when a user accesses their bank account outside of their home state or country. Because the user's geographic location is different, the indication of potential risk is alerted. The user will then proceed to answer their security questions in order to access their bank account information. 

User and Transaction Dependent Authentication

Risk-based authentication can be user-dependent or transaction-dependent. A user-dependent authentication means that the authentication process will look the same for the user, every time. This means that a user can expect to input the same credentials when authentication is prompted during a login attempt. A transaction-dependent authentication means the user could have to input different credentials if authentication is promoted, even after inputting a username and password. Instead of answering the same security questions, they may have to answer other credentials such as their social security number, date of birth, etc. to gain access to their account.

Fraud.net and Fraud Prevention

Fraud.net offers a variety of services to help prevent fraud through identity verification and risk-based authentication, among other methods. With our software and service suite powered by machine learning and artificial intelligence, organizations can spend less time doing detection and more doing analysis - saving money, time, and profits.

To learn more about the services Fraud.net offers, contact us for a demo and security recommendations today.

Romance Scams - How To Avoid Losing Millions To One

Read our related content:

• • • Fraud.net for Financial Services
    • Fraud.net's Solution for Insider Threats
    • Solution Fact Sheet for our AI and Machine Learning Platform
    • Case Study: Leading Bank Takes Fraud Prevention to the Cloud

Rules Engine

A rules engine is a software system or a program that is capable of executing one or more than one business rules in an environment of run time production. The rules might be coming from a company policy, legal regulation, or some other sources. Most organizations tend to them.

Rules-Based Fraud Detection

Rules-based fraud detection identifies fraud based on a set of unusual attributes, including unusual time stamps, account numbers, transaction types, and amounts, among other criteria.

How Rules-Based Fraud Detection Works

This methodology of fraud detection operates on a set of "rules", or a set of conditions that when detected, signify potentially fraudulent transactions.

Rules commonly include:

• Location - if a transaction occurs outside of the usual location of the user. For example, if a user whose purchases commonly occur in Santa Fe suddenly has a transaction appear in rural Ohio, or Eastern Europe.
• Frequency - If a user rarely uses an account that suddenly lights up with transaction activity. Further, if an account number is used in a variety of transactions with little to no connection, or if there is an unusually high amount of small transactions for the user.
• Sender/Receiver - If a user receives payments in large amounts from multiple newly created accounts. On the other hand, if someone from the same IP address is creating multiple credit card accounts in a short period of time and sending money.

The Gatekeeper

If a transaction does not fulfill any of these rules that define a fraudulent transaction, it goes through as a non-fraudulent transaction. The system serves as a gatekeeper - it lets some transactions through, but flags or denies others based on what rules they satisfy. Unfortunately, this gatekeeper fails sometimes, with false positives and negatives.

Strengths and Vulnerabilities

Rules-based systems effectively detect fraud based on a set of rules, cutting human intervention down, therefore lowering overhead security costs for businesses. Despite this, there are some weak spots that rules-based systems could address.

Vulnerabilities

1. Blind Spots

   These systems contain blind spots, areas which rules do not cover. In these situations, fraudsters spoof transactions or circumvent existing rules. Traditional systems rely on rules set by human security officers, and must manually be updated in response to threats. Between the updates, fraudsters take advantage of blind spots.

2. Lack of Data

   Rules-based systems work best with a large aggregation of data, to better address all vulnerabilities that institutions face. If an institution is limited to a small data pool, it cannot accurately and effectively identify fraudulent transactions. This is also true in machine-learning systems.

3. Incorrect Data

   A rules-based system works best when the human security officer sets useful and effective rules. Incorrect or badly defined rules lead to lower fraud detection and false positives.

Strengths

1. It Works Quickly

   The benefit of rules-based systems is their low complexity. They scan through all transactions and identify fraud based on rules, allowing for more transactions to be screened quickly. This, combined with machine-learning systems for more sophisticated attempts, provides great security for transactions.

2. Transparency

   Because rules-based systems operate based on what rules are satisfied, they are easy to interpret, or "transparent". If an issue arises in reporting, such as a false positive or negative, human intervention can quickly identify and correct it.

3. Simplicity

   In some cases, keeping it simple is actually better - this holds for rules-based system implementation. Rules-based fraud detection systems are easy to develop and validate, and they work rather quickly in operation. While rules-based systems are not necessarily a "set it and forget it" solution, their simplicity offers quick and easy implementation.

Rules-Based Fraud Detection and Machine Learning

Algorithmic fraud detection, better known as machine-learning-based fraud detection, operates similarly to rules-based fraud detection. However, instead of relying on human intervention to quality check and update rules as it gathers more information, these systems do this work automatically. Algorithmic systems change their rules and responses based on both past and emerging threats. The human intervention occurs mostly at the data input stage and the quality assurance stage at the end of the process. In any case, algorithmic models cut the necessity for human intervention down significantly, saving institutions money in overhead and labor.

Rules-Based Fraud Detection and Protection with Fraud.net

Fraud.net has a large suite of products that operate using a combination of rules-based processes, artificial intelligence, and machine learning. These products offer top-of-the-line security against fraud attempts, and self-regulate based on both your and your consumers' transaction behavior.

Learn More

• Rules & Workflows - Flexible, Customizable, and Powerful

• Video:  Fraud.net Rules and Analytics

• Speak with a Fraud Prevention Specialist

Run of network (RON)

Run of Network, or RON, is actually a form of internet marketing where an online advertising campaign is applied to a wide collection of websites without the ability to choose specific sites. In run-of-network advertising, advertisers generally give up say over placement in return for low rates and broad reach. Ads may be placed randomly in unsold, less valuable portions of sites within an ad network.

Sales Scam

Sales scams are a type of crime associated with online retailing, where money is snatched from the users without delivering the products. On the other hand, a scammer solicits payment and delivers counterfeit goods. Sales scams are also known as “consumer scams” or “business fraud”. Scammers use a variety of e-commerce fraud methods to commit crimes and fool customers:

Types of Sales Scams

Classified Scam

In a classified scam, an online retailer lists merchandise on classified websites like Craigslist, eBay, or Backpage without actually possessing that merchandise. A scammer lists photos, details, and “reviews” to fool a customer into purchasing, but steal information from legitimate listings. They often advertise a lower price compared to similar items in that category, further enticing a customer to buy it.

However, once the buyer shows interest, the scammer dodges face-to-face interaction. They claim to have moved and that a friend or agent will deliver following payment. The customer pays, never receives the goods, and cannot contact the seller or the “agent” for a refund.

Scammers take these same steps when listing cars or rental properties, making excuses as to why the customer cannot inspect them. They increase the urgency of the purchase by saying that they’re being deployed or have to leave their property soon. They ask for payments as a “deposit” for interest, but the customer never receives keys to the rental properties or for the car.

Health and Medical Product Scam

This type of fraud takes advantage of both the trustworthiness of health professionals and distrust of common medical practices. In some cases, a scammer builds a fake online pharmacy with listings that resemble legitimate items found at recognizable retailers. On this website, they list wellness products, medicines, and drugs at cheap prices without prescription requirements.

When the customer pays the retailer for these goods, they never deliver them. If the customer does receive the products, they are likely counterfeit and filled with dangerous chemicals that damage their health.

Furthermore, scammers offer “miracle cures”, quick and easy remedies for a health issue or medical condition. These scams weaponize alternative medicine, advertising as cure-alls for serious conditions. They claim to be able to treat AIDS, cancer, the common cold, and many other diseases, but are not backed by reputable doctors or studies.

Scammers deflect criticism by claiming a “medical industry conspiracy” to silence them, and some customers believe them and buy their products. However, these products are usually not proven safe for human consumption, lack reputable research, and interact with current medications, all potentially harming the customer.

Cosmetic and Skincare Product Scam

Scammers list counterfeit cosmetics, often manufactured using cheap and harmful materials, on several online retailers or sell them in street stalls in major cities. They advertise products as reputable legitimate goods, label them with benefits such as “anti-aging”, and sell them at a major discount compared to the real product. Unfortunately, counterfeit products contain cheap or dangerous ingredients like arsenic and cadmium, high levels of abrasive metals, and bacteria from urine or feces. These products cause adverse skin reactions such as eye infections, acne, and rashes. They may also cause various forms of cancer due to the highly carcinogenic materials.

Psychic/Clairvoyant Scam

Most people recognize this type of scam. Scammers claim a customer is in some sort of trouble or “see” a positive event in their future. They offer a solution or help through “winning” lottery numbers, removing a jinx, or offering protection. If the customer refuses to bite, some scammers threaten to invoke a curse or bad luck charm on them. When a customer does pay, the scammer sends them a worthless item or absolutely nothing, or warns of a future event and promises to protect them for ongoing payment. Often, clairvoyant scams lead to a customer being added to a victim list, leading to more scam approaches like lottery or inheritance scams.

Lottery/Sweepstakes Scam

In these, scammers tell victims that they can access lottery winnings or inheritance if they pay a fee. They say a customer has been “selected” as part of a sweepstakes or to use an offer. If they send the message through email or text, they often ask the customer to click a link leading them to a fake web page and pharming their information. Also, that link may be corrupted and make the customer vulnerable to a phishing attack. On the other hand, if they call, they often ask for a credit card or identity information to then use for fraudulent purchases and identity theft.

Auction Scam

Scammers advertise on auction sites like eBay, misrepresenting the product, shipping a low-quality counterfeit, or delivering nothing at all upon sale. They often relist the item with the same information to scam another customer. These scams tend to reap a high reward for scammers due to the nature of online auctions. In addition, foreign auction websites prevent domestic customers from rectifying issues if they don’t receive the product they bid for.

Affiliate Scam

Scammers pose as international companies willing to ship goods to domestic sellers for commerce. They contact individuals, offering a chance to sell high-end items at reduced prices but fail to deliver once the individual makes the sale. Consequently, the buyer at the end of the chain pays for something they never receive, and the seller (if they’re not in on it) loses their reputation and/or profits.

Ticket Scams/Scalping

Scammers advertise tickets to a show whose seats are in high demand or sold out. They sell fake, or “scalped” tickets that often do not work. Scammers may also solicit money from a customer but never deliver tickets.

The variety of sales scams seems daunting, but there are steps customers (and businesses) can take to protect themselves.

Methods to Avoid Sales Scams

Pay Attention to Warning Signs

Scammers use similar methods to commit sales scams - look out for a few signs:

• Listing the product at an unbelievably low price, or advertising amazing benefits and features.
• Insistence on immediate payment or payment through gift cards, money orders, or wiring funds. Scammers want customers to pay quickly and will make excuses as to why they should pay immediately.
• The store is new and selling items at low prices, with limited information about the seller or their policies.
• Retailers that do not provide information about privacy, dispute resolution, or ways to contact.
• Contact information that cannot be verified or is false.
• Resistance to accepting payment through more secure means like credit cards or third-party services like PayPal.

Scam-Specific Warning Signs

• Lottery, sweepstakes, or inheritance scam: insistence on paying upfront to access deals or rewards.
• Health and medical product scam: emails offering pills or treatments that are hard to get or only available through prescription. Moreover, the pharmacy is based overseas or lacks contact information, and/or the product lacks scientific evidence.
• Cosmetic and skincare scams: advertising as "secret formulas" or "breakthroughs", and without any sort of unbiased approval process.
• Classified scams: Sellers who refuse to meet in person or let the buyer physically inspect the merchandise.
• Ticket scams: charging prices much higher than face value. Also, tickets printed with imperfect English or unusual phrases, with the wrong date and time, or with seat numbers or sections that do not exist. Sellers have unverifiable or false addresses, negative reviews, and insist on money orders or gift cards as payment.

Be Proactive

Every time customers shop, they can take a variety of steps to avoid being scammed:

Verify, Verify, Verify

• Verify the identity and contact information of the seller, the product information, and the sales and return policies. Scammers often have addresses or phone numbers that don't exist or don't match their identity, and often have no refund or return policy. If purchasing a used or secondhand item, ask for proof of the original purchase when possible. 
• For classifieds, avoid sellers who refuse to meet in person or allow inspection of the product before purchase. If purchasing a vehicle, look up the vehicle identification number (VIN) and the license plate. Look up the name of the last owner to verify, too.
• Avoid doing business with international sellers - these sellers are not beholden to domestic laws if an issue arises. Look up the contents of the product (if purchasing health and wellness products or skincare). Avoid products with ingredients not backed by reputable doctors or studies, or domestically banned.
• If the name of the seller looks like one that you recognize, look up the original seller and verify that they sent you a message. Scammers send emails or promotions that may differ from the legitimate seller's behavior, so keep an eye out for strange wording or behavior. A promotion that the legitimate seller doesn't advertise is most likely a scam.

Use Secure Transaction Methods

• Instead of money or gift cards, money orders, wire transfers, and other forms of payment that are not secure, pay with a credit card. Disputing charges on a credit card is much easier if a customer receives a counterfeit good or nothing at all.

Avoid Unfamiliar Sellers

• When dealing with a new seller, do not make any payments until you verify the seller's identity and reputation. Scam sellers often have little to no reviews or overwhelmingly negative reviews.
• Do not open unfamiliar texts or emails or click links from non-trusted senders. Block unfamiliar senders and do not click on unsubscribe links for clearly fraudulent senders. Clicking the unsubscribe link may be a phishing or pharming ploy.

How Do I Protect My Business?

Fraud.net offers a variety of products to assist with securing online retail sites and preventing fraud. Fraud.net's product offerings are powered by AI and machine learning, to detect and block scammers in real-time. By taking actions to secure online storefronts, fraud becomes less daunting to conquer.

Contact us for a demo or product recommendations today.

SCA (Strong Customer Authentication)

SCA is defined as “an authentication based on the use of two or more elements categorized as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is).The process considers national identity of the customer, tracking of the position, analysis of interest and information of the services. Strong customer authentication is required before any type of business transaction in order to have full access to customer accounts in case of fraud.

Scammer

The term scam refers to fraudulent schemes in which goods and money are taken from unsuspecting persons, generally through the deceit of the victim.

Scams

A fraudulent scheme performed by a dishonest individual, group, or company in an attempt to obtain money or something else of value. Scams traditionally resided in confidence tricks, where an individual would misrepresent themselves as someone with skill or authority, i.e. a doctor, lawyer, investor.

Scareware

Malicious software, messages or threats designed to scare people into installing malware and software. A website popup that claims your “computer may be infected with harmful spyware” will send you to a download link for a real malware program.

Scholarship Scam

Scholarship scam is described as a situation where fraudsters offer a fraudulent scholarship to attract the victims. Sometimes the seminars do provide some useful information, but actually they are disguised sales pitches for financial aid consulting services (e.g., maximize your eligibility for financial aid), investment products, scholarship matching services and overpriced student loans.

Scraper

A site scraper can be defined as a kind of software that duplicates content from a website. Site scrapers work similarly to web crawlers, which essentially perform the same function for the purposes of indexing websites. Web crawlers cover the whole Web, however, unlike site scrapers, which target user-specified websites.

Script Kiddie

A script kiddie is an offensive term used to refer to non-serious hackers who use existing computer scripts or code to hack into computers, rather than them creating their own due to them lacking the skills or expertise to write their own.

Second Party Fraud

Second party fraud, or money mules, is where a person allows another to use their identity or personal information to perform fraud. Businesses may find second party fraud difficult to detect and challenge since the identity of the person that is used to carry out fraud has largely allowed it to take place.

Secure Element

A Secure Element (SE) is a microprocessor chip which can store sensitive data and run secure apps such as payment. It acts as a vault, protecting what's inside the SE (applications and data) from malware attacks that are typical in the host (i.e. the device operating system).

Security Protocol

Security protocol, also called cryptographic protocol, could be described as a sequence of operations that ensure the protection of data. Used with a communications protocol, it provides secure delivery of data between two parties.

Security Threat and Risk Assessment

Security Threat and Risk Assessment can be defined as a technique that classifies the overall business and security risks with the aim of defining the competence of security controls, together with the service, in order to reduce the set of risks that appear for the business.

Security token

A security token is a physical device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Some tokens may store cryptographic keys that may be used to generate a digital signature, or biometric data, such as fingerprint details.

Sensitive data

Sensitive data is defined as information that is protected against unwarranted disclosure. Access to sensitive data must be safeguarded. Protection of sensitive data may be required for legal or ethical reasons, for issues pertaining to personal privacy, or for proprietary considerations.

SEO

SEO is an abbreviation for Search Engine Optimization, which is the art of having your website optimized, or attractive, to the major search engines for optimal indexing. It refers to the process of increasing the quality and quantity of the traffic of the website and this process is used to increase the visibility of web pages for search engine users.

Serious Fraud Office (SFO)

The Serious Fraud Office (SFO) is a non-ministerial government department of the Government of the United Kingdom that investigates and prosecutes serious or complex fraud and corruption in England, Wales and Northern Ireland.

SERP

Search Engine Results Pages (SERP) are the pages displayed by search engines in response to a query by a searcher. The main component of the SERP is the listing of results that are returned by the search engine in response to a keyword query, although the pages may also contain other results such as advertisements.

Shopping Cart

A shopping cart is a feature in online shopping that works as a temporary record of items selected for eventual purchase from the online vendor's website.

Shoulder Surfing

Shoulder surfing is the practice of spying on the user of an ATM, computer, or other electronic device in order to obtain their personal access information. This is generally done by looking over someone's shoulder at the information on screen, hence its name.

SIM Cloning

Single sign-on

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. SSO can be used by enterprises, smaller organizations, and individuals to mitigate the management of various usernames and passwords. In a basic web SSO service, an agent module on the application server retrieves the specific authentication credentials for an individual user from a dedicated SSO policy server, while authenticating the user against a user repository such as a lightweight directory access protocol (LDAP). The service authenticates the end user for all the applications the user has been given rights to and eliminates future password prompts for individual applications during the same session.

Skimmer

Skimmers are essentially malicious card readers attached to real payment terminals so that they can harvest data from every person that swipes their cards. The typical ATM skimmer is a small device that fits over an existing card reader.

Skimming

Skimming is considered a type of white-collar crime,and is described as the theft of cash from a business prior to its entry into the accounting system for that company. Although skimming is one of the smallest frauds that can occur, it is also the most difficult to detect.

Skimming cash receipts

Skimming is slang for taking cash "off the top" of the daily receipts of a business (or from any cash transaction involving a third interested party) and officially reporting a lower total. The formal legal term is defalcation. Even though skimming is one of the smallest frauds that could appear, they are considered as the most difficult fraud to detect.

Smart Card

A smart card is a physical card that has an embedded integrated chip that acts as a security token. Smart cards are typically the same size as a driver's license or credit card and can be made out of metal or plastic. They connect to a reader either by direct physical contact (also known as chip and dip) or through a short-range wireless connectivity standard such as radio-frequency identification (RFID) or near-field communication (NFC).

SMishing

SMishing is a security attack in which the user is tricked into downloading a Trojan horse, virus or other malware onto his cellular phone or other mobile device. SMiShing is short for "SMS phishing."

Smurfing/Structuring

The process of laundering money by breaking up large funds into multiple bank accounts to operate under the radar of law enforcement agencies. 

In the gaming industry, the term refers to players who create multiple accounts, so that what they do on an alternate account (cheating, losing) will not affect their main account.

Sniffing

Sniffing is the process of monitoring and capturing all data packets passing through given network, and is illegal to be done by an unauthorized party. This stolen information can be used for fraud and obtaining other significant data from users. Sniffers are used by network/system administrators to monitor and troubleshoot network traffic. Attackers use sniffers to capture data packets containing sensitive information such as password, account information etc.

Social Engineering

Psychological manipulation done through human interaction that gets people to reveal personal information for fraudulent purposes. It can happen in one or multiple steps, and can range from basic to complex methods, like attackers impersonating co-workers or officials to solicit information.

Social Media

Social media is a large platform where people entertain, communicate, and connect with the world. It consists of different social networking sites which can be used by hackers and fraudsters to steal personal information of users. This information includes credit card numbers and other personally identifiable information, which are often solicited through "phishing" attacks done on social media sites.

Social Media Intelligence

Social media intelligence refers to the collective tools and solutions that allow organizations to begin conversations, respond to social signals and synthesize social data points into meaningful trends and analysis based on the user's needs.

Social media tracking

Social media tracking or monitoring is a process of using social media channels to track, gather and mine the information and data of certain individuals or groups, usually companies or organizations, to assess their reputation and discern how they are perceived online.

Social Security fraud

Social Security fraud usually occurs when an unauthorized third-party gains access to an individual's Social Security number and exploits it for their own financial benefit.

Social security number (SSN)

A Social Security number (SSN) is a nine-digit number that the U.S. government issues to all U.S. citizens and eligible U.S. residents who apply for one. The government uses this number to keep track of your lifetime earnings and the number of years worked. Using a social security number, personal data can be obtained, and can let a criminal use the information for purposes of defrauding the owner of that social security number. Often this involves stealing money or the identity of that SSN owner.

Software Piracy

Software piracy is the illegal copying, distribution, or use of software. It is such a profitable "business" that it has caught the attention of organized crime groups in a number of countries. According to the Business Software Alliance (BSA), about 36% of all software in current use is stolen.

Spam

Spam refers to an irrelevant or inappropriate message sent on the Internet to a large number of recipients. These messages are often used by scammers to trick people into providing their personal data so that they can be used to blackmail the person. Normally, spam offers an advertisement which is not validated under the actual name of organization.

Spear Phishing

Spear phishing describes when phishing is done with specific targets in mind; this allows messages to these people to appear more legitimate, or as if they are being sent by a legitimate user. For example, a person may get an offer from an organization that he knows. He might click on it and provide confidential information, perhaps to log-in to the website. In reality, the message is not from the actual organization, and he has given his credentials to the actual site to the spear-phisher.

Spider

A spider is a program that visits Web sites and reads their pages and other information in order to create entries for a search engine index. All major search engines on the Web have these kinds of programs, which are also known as "crawlers" or a "bots". Spiders are usually programmed to visit sites that have been marked by their owners as fresh or modernized.

Spoofs

A spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware or bypass access controls.

Spyware

Spyware is software that can be installed on a computer system or computer device without the device user's knowledge. The software allows the installer to directly obtain or convert information from a computer and to transmit all that data to their own hard drive.

Statute of Limitations

A statute of limitations is a law that sets the maximum time the parties involved have to initiate legal proceedings from the date of an alleged offense, whether civil or criminal. However, cases involving serious crimes, like murder, typically have no maximum period under a statute of limitations.

Stealing

Stealing is the action that occurs when someone takes possession of another person's identity, posessions, or information without any legal rights and without any permission, without any intention of returning it. In computer system the stealing means the unauthorized or illegal copying, sharing or usage of copyright-protected software programs. Software theft may be carried out by individuals, groups or, in some cases, organizations who then distribute the unauthorized software copies to users.

Stealing or providing business secrets

Stealing business secrets is the act of accessing a business's confidential information and revealing it to people who are not properly authorized to see that information. Intellectual property theft is a kind of stealing of business secrets.

STR (Suspicious Transaction Report)

A suspicious transaction report (STR) refers to the information demanded by the Internal Revenue Service (IRS) from banks and other financial institutions regarding suspicious transactions. It provides a report of the financial flows and other information related to the money flows in a regulated private sector.

Supervised Machine Learning

Supervised machine learning is the machine learning task of learning a function that maps an input to an output based on example input-output pairs. It infers a function from labeled training data consisting of a set of training examples.

Sweepstakes Scam

Sweepstakes scams are when a company or fraudster tells someone they have won a sweepstakes prize, but that as the winner they must first pay a fee to insure delivery of their prize. The winner may pay and then never recieve anything.

Sweetheart scam

A sweetheart scam is a situation where a scammer will pretend to be romantically interested in somebody, with the intention of learning their personal information so that they may commit fraud with it.

Swindling

The term 'swindler' refers to a person who takes advantage of others through deceit. Swindling occurs when a person defrauds another, causing the victim to suffer damage through unfaithfulness or abuse of confidence. Swindling can be committed by a group of people or individuals involved in defrauding actions to get financial benefits or property by exploitation or fraud. These schemes often are deployed within organizations, as a form of insider or friendly fraud. 

While "swindling" potentially applies to all forms of fraud, it is mostly attributed to sales and investment scams, such as:

Ponzi Schemes

Named after Charles A. Ponzi who defrauded hundreds of people in the 1920s, this scam targets inexperienced investors by promising high rates of return. A "promoter" offers to pay an initial investor their principal plus the rate of return, and in order to pay those "returns", targets other investors. Then, more investors become interested because the opportunity seems legitimate and profitable, putting their money into the scheme.

The initial promoter never invests the principal amount, instead siphoning off funds from the investors' initial investments. They pay off "profits" using funds from other investors, and the chain continues until the promoter disappears and the scheme collapses.

Pump-and-Dump Market Manipulation

This scheme is a form of market manipulation, in that the swindler employs this to inflate or deflate prices to earn a profit. Swindlers use false reports, social media, and message boards or chat rooms to manipulate investors into investing their money and inflating share prices, or dump their stocks and make money on a short.

Market manipulation is illegal, and many investors actually lose money in the process.

Pyramid Schemes

In these, the original buyer or swindler obtains the right to enlist others in the "marketing process". This marketing process is most recognizable in beauty product pyramid schemes, in which each seller obtains a supply, and with every buyer and new investor, earns a commission. While this method, also known as "multi-level marketing", isn't technically illegal, the method of recruiting and the language of potential profits mirror those of other swindling schemes. The recruiting method also mirrors that of a Ponzi scheme, in that the most profits come from recruiting new members rather than the product or investment.

These schemes frequently target people in affinity groups (people with shared interests or beliefs), as they often find it easier to recruit investors within these groups.

Fraud.net vs. Swindling

Fraud and swindling are illegal in the US with Title 18 US Code § 1341, which states that those found guilty of fraud are punished with up to 20 years of imprisonment, or a fine of one million dollars. Despite this codification, many businesses choose to mitigate fraud rather than prosecute it. Often, it is easier to mitigate due to the volume of fraud attacks, than prosecute and seek damages.

For this reason, many businesses and institutions employ preventative measures through fraud detection and prevention services. In combination with security best practices training, institutions (and consumers) can avoid being targeted by these schemes or losing money due to dishonest investment recommendations.

Fraud.net offers a wide variety of security solutions to combat money laundering and insider fraud, among other issues. Contact us for a free demo today, and recommendations for fraud prevention.

Synthetic identity

A synthetic identity is created by using a combination of fabricated credentials, leading to a fake identity that is not associated with an actual, real person. Fraudsters may create synthetic identities using potentially valid social security numbers (SSNs) with accompanying false personally identifiable information (PII).

Synthetic Identity Creation

Synthetic Identity Creation (SIC) represent the process of creating a false identity. Synthetic Identity Creation (SIC) as a generic term shows how fraudsters collect information about real people and manipulate their identities with false and fabricated information to ensure the creation of a new identity, which is assigned to no actual real-life person.

System integrator

A systems integrator (or system integrator) is a person or company that specializes in bringing together component subsystems into a whole and ensuring that those subsystems function together, a practice known as system integration. They also solve problems of automation.

Tax Identity Theft

The term "tax identity theft" represents fraud made by someone to get advantages in tax returns and tax payments. Tax-related identity theft occurs when someone uses your stolen Social Security Number to file a tax return claiming a fraudulent refund. People create false identity by using the personal information of another person to demand a fraudulent tax return. The only way to detect this kind of fraud is a notice from IRS (The Internal Revenue Service).

Tech Support Scams

A technical support scam refers to a type of telephone fraud, where a scammer claims to be able to provide a legitimate technical support service, frequently through cold calls to innocent users, with the hopes of eliciting a payment without completing the services requested. These calls are mostly targeted at Microsoft Windows users, with the caller often claiming to represent a Microsoft technical support department.

Technology Theft

High technology crimes (or cybercrimes) are generally defined as any type of illegal activity that makes use of the internet, a private or public network, or an in-house computer system. Technology theft can be described as a scheme where different activities are conducted by one or more thieves, in order to steal techniques, resources, or devices, with the aim of obtaining personal benefits from those actions.

Telecommunication fraud

Telecommunication fraud is the theft of telecommunication services (such astelephones, cell phones, computers and so on) or the use of telecommunication service to commit other forms of fraud. Victims of the fraud include consumers, businesses and communication service providers.

Telecommunications

Telecommunications refers to the exchange of information by electronic and electrical means over a significant distance. A complete telecommunication arrangement is made up of two or more stations equipped with transmitter and receiver devices.

Theft of Assets

Theft of assets refers to the actual theft of a person or entity's assets. Causing an organization to pay for goods and services not actually received (for example fictitious vendors or employees) or using an organization's assets for personal use are types of theft of assets.

Theft of Checks

Check theft involves stealing, and usually cashing, the check of another. Check theft may also refer to receiving goods or services by passing a bad check which is noncollectable due to insufficient funds or closed account. Penalties for this fraud vary by state.

Threat

A threat is any condition or event that may negatively influence managerial operations (include assignment, purpose, picture, or status), organizational resources, or individuals through an information scheme by using illegal access, devastation, confession, alteration of information, and/or rejection of service.

Timecard Tampering

Timecard Tampering, also known as time sheet or time card fraud, is when an employee puts down hours they did not work and collects payment for them. There are rules and laws in place against it but some employees still try to game the system to get more pay and commit time theft.

Token

A token is a unique frame that is approved from node to node about a ring system, it is a sequence of bits passed continuously between nodes in a fixed order and enables a node to transmit information. When it gets to a node that requires transmitting data, the node modifies the token into a data frame and transfers it to the receiver. A token is fundamental to the internal workings of a token ring network.

Tokenization

Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. Tokenization, which seeks to minimize the amount of data a business needs to keep on hand, has become a popular way for small and mid-sized businesses to bolster the security of credit card and e-commerce transactions while minimizing the cost and complexity of compliance with industry standards and government regulations.

TOR

TOR is a free and open-source software that allows anonymous web surfing and protecting against traffic analysis. The name comes from an acronym for a software project named "The Onion Router." The browser uses exit relays and encrypted tunnels to hide user traffic within the network.

Transaction Authentication Number (TAN)

A transaction authentication number (TAN) is a one-time use code involved in processing online transactions. It offers additional security on top of a password to log in to an account or make transactions. To decrease chances of fraud in transactions, some companies may require a TAN as a form of multi-factor authentication (MFA), in addition to a PIN number or CVV. New TANs may be provided with each interaction, or a list of trusted TANs may be provided to an individual that they can choose from when conducting business.

If the document or token containing a TAN is stolen, it is useless without the original password. Conversely, if one logged in without a valid TAN, they would not be able to gain access.

Types of Transaction Authentication Numbers

Institutions offer a variety of forms of delivering TANs to users. Each institution has its own preference based on what it requires and what its users desire. Below are several types of TANs, and the vulnerabilities they each have.

Classic TAN

Financial institutions provide a list of about 50 TANs, usually enough to last about half a year for each user. These TANs comprise of six- to eight-digit unique codes for a user to enter to verify online transaction activity and identity. Users obtain this list at their financial institution or receive it by mail, separate from their login credentials. When a user logs into their account and verifies a transaction, the TAN they use becomes defunct and unusable for future transactions. If someone steals a TAN list or disposes of it by accident, the user can obtain a new list from their institution. All codes on the old list are unusable for that particular user.

Unfortunately, scammers successfully engage in phishing attacks with these TANs. A scammer prompts users to enter both their PIN and TAN (or several TANs) into fraudulent login pages. They then use those credentials to authorize fraudulent transactions. Further, TANS provide little to no protection against man-in-the-middle attacks (MitM). In these, scammers intercept the TAN and use it for their own purposes, especially in compromised or vulnerable systems.

Indexed TAN (iTAN) and iTAN with CAPTCHA (iTANplus)

Users enter a specific tan identified with a sequence number, or "index". These are randomly chosen by the bank, so if a scammer obtains a TAN, it is worthless without the index. However, scammers are still able to conduct MitM attacks, including phishing and man-in-the-browser (MitB) attacks. Scammers conduct these attacks by swapping transaction details in the background and concealing fraudulent transactions in account overviews.

Some organizations combat this with the use of CAPTCHA. Users complete a challenge before, after, or during entry of their TAN. If they cannot complete it, the page denies access. CAPTCHA provides further protection through embedding transaction information, so scammers spoofing this would have their transactions flagged. Despite added protection, scammers still successfully conduct automated attacks like distributed denial-of-service (DDoS).

Mobile TAN (mTAN)

These TANs are more recognizable to common users than TAN lists. Users conducting transactions enter a code sent by SMS or phone call to access the service and verify transactions. Sometimes, the SMS itself includes transaction data so users can verify details before the transaction transmits to the bank.

This form of authentication is also vulnerable to fraud. Scammers use SIM Swap Fraud to obtain TAN numbers for fraudulent transactions. In SIM Swap, scammers impersonate victims, asking for replacement SIMs from their network operator. When the scammer logs in using the user's credentials, obtained through other means, they receive the TAN message and gain access to the account. The victim often realizes too late, when they discover their phone has stopped working or see their accounts compromised.

Further, as smartphones act as mobile computers, attackers can more easily attack both the computer and phone. This leaves them both vulnerable to spoofing and phishing attempts.

TAN Generators

These provide a one-time use code through a token or keychain device. The token displays the TAN after a user logs in, or when a smart card is inserted. Unfortunately, these TANs do not contain specific transaction details, so scammers easily conduct phishing and MitM attacks.

pushTAN

Similarly to mTAN, when users log in to their accounts, they receive a single-use TAN from a third-party multi-factor authentication app like Duo Mobile. It does not incur text message charges. Therefore, it protects against SIM Swap Fraud, since messages are encrypted and do not rely on phone numbers. As an added precaution, the pushTAN app stops functioning if it detects a "rooted" or jailbroken phone.

ChipTAN/SmartTAN/CardTAN

One of the strongest forms of TAN generation, this type of TAN is generated when users insert their bank card into a handheld device. Each generated TAN is specific to that bank card and current transaction details. Nowadays, these devices generate TANs through verification of a flashing barcode on the computer screen. Users must then confirm the transaction on their TAN device.

Because the generator consists of independent hardware provided by tech companies and banks, this method protects against computer attacks. The generated TAN works only for transactions confirmed by the user on the generator screen itself. Furthermore, in case of device loss or theft, users can request new ones without worrying about fraud - specific TANs can only be obtained with a bank card. Despite added protections, scammers successfully persuade users to authorize "test transfers" or "return of falsely transferred money", posing as a bank or company.

How Do I Prevent Banking Fraud?

Despite the added security of TANs, businesses and financial institutions commonly find themselves vulnerable to banking fraud attempts. To protect customers and institutions, implementing the strongest TAN methods and cybersecurity solutions will only prove beneficial.

Fraud.net offers a variety of cybersecurity solutions specifically engineered to protect commercial and financial institutions. Our products, powered by artificial intelligence and machine learning, keep your systems protected from phishing and spoofing attacks. With the automation that AI and machine learning provide, these products evolve with you, learning from previous attacks to suit your needs down the line. By protecting your transactions, you protect your customers, your business, and your bottom line.

To learn more about Fraud.net's product offerings and request a demo, contact us today.

Travel

Travel is defined as the progress of people between two distant locations. Travel could be done by foot, bicycle, vehicle, train, boat, bus, airplane, ship or further means, with or without baggage, and could be one way or round trip.

Triangulation Fraud

What is Triangulation Fraud?

Triangulation fraud is when a customer makes a genuine purchase on a third-party marketplace (for example Amazon or Sears.com), but the product they receive was fraudulently purchased from a different retailer's website. This practice harms businesses of all kinds.  Customers usually aren't aware.

Triangulation fraud denotes that there are three individuals who play a role in the order.

1. An unsuspecting customer who places an order on an auction or marketplace using some form of credit, debit, or PayPal tender.
2. A fraudulent seller who receives that order and then places the order for the actual product with a legitimate eCommerce website using a stolen credit card.
3. A legitimate eCommerce website that then processes the criminal’s order.

The illegitimate purchase is made using stolen card information from someone else, but the shipping information of the original customer. So the customer is shipped the product, and fraudster keeps his money. Meanwhile, the fraudster charges the legitimate retailer with other credit card information, further boosting net profit.

Often, the person with the stolen credit card details will dispute this charge, causing the original retailer to refund the purchase. The customer at the beginning of the transaction has no idea. Consequently, the fraudster in the middle wins big.

The Costs

These chargebacks indefinitely hurt the merchant most. Studies show that these fraudsters will cost merchants upwards of $30 billion a year by 2020. Even at the scale of medium to small size businesses, the losses can be detrimental. A brief look at any third party marketplace forum will show hundreds of disputed transactions and mystified sellers. These losses can add up to hundreds of thousands of dollars for even the smallest enterprises. The numbers will continue to grow with the rise of eCommerce.

Protect Your Business

However, triangulation Fraud can be stopped. Address and location verification that matches the customer are just some examples of how Fraud.net's software combats fraud. With insights from user behavior, location, and fraud scoring, Fraud.net can stop transactions in place. Advanced AI technology keeps an eye on fraudsters, card information, and more. Dark web monitoring and continuous testing allow fraud prevention to develop with the fraudsters.

Above all, eCommerce will only expand. And so should your solution. With a powerful portfolio of solutions, Fraud.net can meet your unique needs to quickly and cost-effectively. Contact us for a free demo.

Trojan

A trojan, or trojan horse virus, is a computer program that seems legitimate, but adds malware to a device once downloaded. It’s name comes from a famous Greek tale.

True Negative

True negative, also known as specificity, is the ratio of correctly identified non-fraud cases to total non-fraud cases. A true negative test result is one that does not detect the condition when the condition is absent. It is an outcome where the model correctly predicts the negative class, for example if a disease test correctly identifies a healthy person as not having that disease.

True Positive

A “true positive” occurs when something innocent is wrongly deemed suspicious. Card issuers have developed sophisticated, automated fraud detection systems that work by detecting activities and patterns associated with fraud, but these systems don't work perfectly.This differs from false positives, which are negative results that a system incorrectly marks as positive.

Trust

A trust is a fiduciary connection where one person places some type of trust, confidence, or reliance on another person. The person who is delegated that trust and confidence would then have a fiduciary duty to act for the benefit and interest of the other party. The party who owes a duty to act for the best interest of the other party is called the fiduciary. The party to whom the duty is owed are called principal. The main purpose for fiduciary connection is to establish an honest and trusted relationship between two parties where one party can rely and be confident that the other person is working for their interest and are not using their power for their own interest or the interest of a third party.

Trusted Third-Party

In cryptography, a Trusted Third-Party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; the Third Party reviews all the critical transaction communications between the parties. TTPs are ordinary in profitable transactions, cryptographic digital transactions, and in cryptographic protocols.

Two tier affiliate program

In a two-tier affiliate program, or a multi-tier program (two or more levels), the first tier of commission is the same as in a regular affiliate program. The only difference is the additional tier(s), whereby marketers also earn a commission on sales generated by people they referred to the program.

Two-Factor Authentication (2FA)

2FA or Two-Factor Authentication, also called Step-Up Authentication, is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. Two-Factor Authentication gives users an extra layer of security when accessing their online accounts. In addition to a typical combination of username and password, a second 'factor' is added, such as a numeric code displayed on a trusted device, to heighten the certainty that you are the one attempting to access your account. 2FA is a method of determining a user's identity by confirming two factors among 1) something the user knows (i.e. mother's maiden name), 2) something the user has (i.e. mobile phone) and 3) something the user is (i.e fingerprint). 2FA is a subset of the broader multi-factor authentication (MFA).

Fraud.net offers Two-Factor Authentication as a feature within our Fraud Prevention Suite.   

Here's how it works:

Fraud.net's 2FA feature gives fraud analysts the ability to send a verification text message to the phone number of a transaction. The purpose of this is to authenticate that the phone number within the transaction is owned by the person who actually placed the transaction. A Yes/No question will be sent to a phone and then based on the response the transaction, it can be auto-cancelled, auto-approved or sent to a queue for further review.

1. When a fraud analyst is reviewing a transaction, they can select the option to authenticate the transaction (Send MFA) from the dropdown menu in the top right corner:

2.  The fraud analyst will then confirm that they would like that message sent:

3. The admin, from the business profile page, can manage what the message says and what action occurs based on the reply. The admin can also manage what happens when no reply is received and the time frame for the reply. The default question reads as "$business name$ here. We received a transaction from $firstname$ $lastname$ for $amount$ on $orderdate$. Was this you?"
Reply Yes or No"

4. The transaction remains in a pending authentication queue until there is a response or it expires.

Interested in learning more or enabling 2FA within your Fraud Prevention Solution?

Speak with a Specialist Now

U2F (Universal 2 Factor)

U2F or Universal 2-Factor Authentication is a form of 2-factor authentication, in which the user completes a login process using a physical device as one form of verification to prove their identity and be granted access. U2F devices are physical security keys in and are usually combined with one of the other two major authentication factors: 1) something a user knows (such as a password or the answer to a question) or something the user is (such as a unique biometric marker like a fingerprint) - in order to grant access to a system. The benefit of a physical key over its counterparts, usually software-based keys, is that software keys, which generate one-time passwords delivered by phone or email, are known to be vulnerable to phishing attacks.

Unauthorized Disbursements

A disbursement is a payment made on behalf of another person for which reimbursement in the future is expected. An unauthorized disbursements could be defined as an amount of disbursements or expenditures made without any authorized approval. Unauthorized disbursements include five type of categories which are; check tampering, billing schemes, payroll schemes, register disbursements, and also expense reimbursement schemes.

Unauthorized use of assets

Unauthorized use of assets describes the intentional, illegal use of the property or funds of another person for one's own use or other unauthorized purpose, particularly by a public official, a trustee of a trust, an executor or administrator of a deceased person's estate, or by any person with a responsibility to care for and protect another's assets.

Unauthorized Withdrawals

Unauthorized Withdrawal refers to the withdrawal or transfer of funds from an individual's banking account without proper authorization or consent by the individual.

Underdelivery

It is the delivery of less impressions, visitors, or conversions than contracted for a specified period of time. Underdelivery can occur for a variety of reasons. A site or network may experience an unexpected drop in traffic. Low CPM campaigns may be bumped for high CPM campaigns. Pay-for-performance may be bumped for any CPM campaigns, plus there is the added risk that the creative units fail to generate the anticipated level of response.

Understanding Device Fingerprinting: How It Works and Can Help Prevent Fraud