Chargebacks, fees, and detection techniques to understand that someone tries to deceive you
The market is growing the fraud keeps up
We all live in a digital world. More and more owners of different businesses transfer them online. It is more profitable and gives more opportunities for getting clients all over the world. The same thing is with shopping: an increasing number of people are choosing to shop online. They no longer have to waste their time choosing new clothes, food, or furniture. It is more comfortable to shop in online stores and make an order by clicking the mouse within a couple of minutes. For example, at the end of 2018, $1 and $10 were spent on the Internet.
Specialists predict that the growth of the global e-commerce market will increase to $4.9 billion by 2021. The customers will make 17% of all global sales on the Internet by 2022.
It is an excellent hothouse for fraudulent activity. Large numbers of users leave their credit card details and other information on the Net. Thus, the number of cases of online payment fraud is growing.
Online payment fraud. The definition and the reasons for the growth
First, let’s look at what types of payments are more susceptible to fraudulent attacks.
By using a physical card
When a customer pays in a store, market, or restaurant with a physical card
Without using a physical card
The largest number of such payments occurs online. Here is a perfect ground for the actions of fraudsters since they work with the digital data of your card. Another point to the benefit of fraudsters is that the possibility of verifying the person making a buy is much lower.
Proof of this is the statistics that say that payment fraud affected 82% of companies in 2018.
This type of fraud is a billion-dollar business. That is the way online fraud is the biggest fear for most of the companies around the world. More frightening statistics: online sales business will lose $130 billion due to the growth of online payment fraud from 2018 to 2023. Scary? Of course. That is the reason why many people do not start their business.
Already, global companies are losing 1.8% of revenue. And the company loses $2.94 for every dollar of chargeback fraud. Moreover, retailers have to pay for chargeback fees, fraud investigations, lawsuits and spend more funds to keep software secure.
Speaking of online frauds, we have to mention not only financial loss but also the loss of customer confidence and brand loyalty. Since people exposed to the actions of fraudsters often blame the seller, not fraudsters. Will they use the services of that brand again? No. They do not have time to get into the details.
Who is at risk for online payment fraud?
- Credit card owners. They have to spend time to block their cards. As well as end the consequences due to the actions of fraudsters. It takes two business days.
- Online sellers. They suffer large losses of funds since they are obliged to make a chargeback to the person who suffered from the actions of the fraudsters. Besides, the seller has to pay a commission for the return of payment to the provider serving him.
- Payment service providers in Europe. From now on, they are responsible for fraud among all their sellers, due to the Payment Services Directive (PSD2). To be in demand, suppliers will have to spend more budgetary funds to improve fraud protection. If they can do it and provide risk analysis without using 3D Secure, then they can become more successful.
How do online fraudsters work?
One of the most popular types of fraud is called friendly. It happens according to the following scheme: the buyer receives the paid product but does not confirm it. Instead, he claims that he did not receive the goods and after, makes a chargeback through his bank. Instead, he must process returns through the seller.
Most often, fraud occurs due to identity theft in several stages:
First, criminals steal card data by viewing payment pages or buying something through the dark web.
After that, they make online purchases by entering the cardholder data.
Since the seller does not know that the information is stolen, he sends the goods.
The current cardholder sends a request for a refund through his bank. Sellers have to make a chargeback plus a commission.
The scheme is the most common among mid-level fraudsters. They buy the card data into the Dark Net. It is not so expensive there. Imagine the number of data in that place. According to the breach rate index, the number of data thefts over the Internet has grown to 14 billion records since 2013.
The situation is sad because the prevailing number of users do not know about the methods of fraud. Moreover, they are unaware that retailers will bear the cost of fraud.
Popular ways of fraud
Fraudsters successfully manage to remain invisible constantly looking for weaknesses in the system, which allows them to improve their methods of work and invent new ways to deceive.
The dark web is a habitat for criminals, which allows them to interact with each other without giving themselves away.
In this space, fraudsters exchange information on new ways to combat fraud, buy and sell bank card details, as well as tools for their activities.
GF Solutions team always monitors the actions of such individuals in the communities to be able to be one step ahead of them.
Let us look at some of the most popular trends we saw:
The ability to go unnoticed with the latest software
The dodgiest criminals use high-powered software such as Anti-Detect or Kameleo, which allows them to hide the browser ID. Working with such software, fraudsters can create several virtual machines at once in different browser windows. By using location blocking, such persons make it very difficult to be detected.
The dark web includes credit card data from all over the world. Thus, by buying it, a fraudster can immediately find out where the card was registered. After that, he uses the substitution of the location to simulate being in this particular place.
Call service and phone number substitution
By purchasing real phone numbers of customers tied to a bank card, the fraudster does not have access to the phone itself. To fix this, the perpetrator contacts the telephone company that serves the victim and leaves a request to forward calls to his number. It makes it possible to check purchases. The “calling services” offer is also in demand on the Dark web. It looks like that: one of the criminals calls the bank of the alleged victim or the manufacturer of the credit card and applies to changing the registered phone number.
Imitation of real customer behaviour
If earlier criminals gave away their actions very quickly, now they became smarter. They can impersonate real customers very successfully, adding or removing purchases from the basket. They can also place small orders first before making large ones.
Getting more advanced customer information
It includes buying and selling device IDs and documents such as driver’s licenses. This also allows fraudsters to look more believable, as well as combine different customer data and create new profiles under this data. It is a very common banking fraud tactic.
How does the chargeback scheme work?
The first thing a cheated buyer does is informing his bank of this situation. After that, the seller is obliged to make a chargeback. Also, the seller has to pay a commission for the chargeback to the payment provider he works with. This fee can be up to $ 50. The seller must pay it even if the chargeback is not confirmed.
Besides all the above, such schemes can set limits on the number of chargebacks for an online seller before even greater penalties.
There are chilling statistics that show a huge amount of fraud. Visa and MasterCard lost $ 750 million through credit card fraud between 1988 and 1998. In response to this, each of these companies created special monitoring programs called disputes. Moreover, since October 2019, Visa has updated the threshold for the chargeback program. More details on the table.
Sellers understand the need to invest in fraud detection and prevention. It makes it possible to cut the number of chargebacks. Payment providers that provide fraud detection are more beneficial. They offer security and reduced risk of commission fees. Now let’s figure out what to do if you find fraud.
Three key factors in fraud protection
As fraudsters change their methods of work, the ways of exposing them are changing and improving. The three main types of fraud protection are:
- Sophisticated rule engine
- Machine learning
- Link analysis using graphic databases
Sophisticated rule engine
This method was the most effective until machine learning came along. The last is faster and much sleeker, making dealing with fraud detection more powerful. But, some situations need rules. These are the cases where professionals have to work directly with prevention. Thus, rules are an integral part of the fraud prevention package. Let’s take a closer look at what specific situations they are necessary.
Act here and now
Rules are needed to block a fraudulent attack right at the time of its origin. For example, if an analyst can track the location of an attack, he can use a blacklist of locations and thus block all orders from a specific location or address. Often, criminals fake data such as email, but don’t change the location.
The ability to block actions in advance
Machine learning operates on data that is about 3 months old. It happens because sometimes the duration of the refund can be up to 90 days. This is not always effective, because the system may not yet be aware of new fraudulent schemes.
If the fraud analyst is aware of any of these, he can prevent fraud in advance, using rules. The advantage of rules is that they can detail popular fraud patterns with more than one condition. And this, in turn, allows choosing the right behavior.
The possibility to attract quality customers
It is important to understand that rules help not only prohibit something but also allow it. This thing plays into the hands of the business. Especially, if it wants to make any changes. Resolving customer behavior is useful when the anti-fraud department works in conjunction with other departments. For example, with the marketing department. Here, the rules, in turn, can be used to allow certain promotions.
The more power the rules have, the greater the level of responsibility
If the rules are used incorrectly, it can provoke a lot of complications such as blocking traffic or allowing every transaction. This, in turn, can entail a big business fail. To prevent it, GF Solutions offers tools to ensure that the rules are used right.
Protection and guarantees
Incorrectly configured rules can lead to serious business complications. This can happen, for example, if there is a typo or the specialist does not know fraud analytics well. We provide guarantees to protect you from such situations.
How does it work? We test each new rule to understand what results it leads to. We also calculate specific combinations. It allows us to correctly assess which part of customers would be allowed, viewed, or blocked. If the mark is above 5%, then the rule must be activated by a member of our team. Remember that while working on the rules, our activities do not affect the main user base in any way.
We have introduced a rule testing mode so that fraud analysts can change them without affecting the user base. Thus, they can independently test specific combinations. Also, it helps to understand what is best for a specific task.
For example, the ability to view a list of customers who could be blocked by the consequence of the introduction of a new rule. Moreover, you can track how a rule might work in the future using the analytics aggregator.
The rules do not lose their relevance if used correctly
It is not surprising that machine learning is more effective. It does not mean that you have to refuse the rules. They work great when you need to quickly stop an attack, build your strategy, or figure out how to achieve a specific goal. Combine it with test mode and guarantees, use it cleverly and you will have a great tool to protect your business from fraudsters.
One of the main advantages of machine learning is a high speed, proactive work in real-time, and the ability to use a large amount of information. The performance of a machine learning model can be compared to a large team of analysts. You just don’t need to hire it. One solution for machine learning takes a split second.
To understand what link analysis is, one can cite as an example the wall of a private detective, on which all Clues, traffic routes, and other data are attached to help track a specific person. This analysis is very similar. Using link analysis, you can keep abreast of routes, collect all evidence from around the world, and prevent future fraud.
When you combine machine learning and link analysis, you get mutual reinforcement. For example, you can train a machine learning model to recognize and block payments from rapidly expanding networks. This will prevent fraudsters from using many accounts at once. There are a lot of such examples.
To buy or to build your own fraud protection?
Before you start building your fraud detection system, you need to answer a few questions. This is necessary to understand whether your business needs it.
Is identifying fraudsters one of the core competencies of your business?
You must understand that the creation of a system like this is a costly and complex thing. It is not enough just to create a system; you also need to constantly maintain it.
Before thinking about creating a fraud protection system, answer yourself the following questions:
- Does the ability to predict risks accurately determine your business?
- Does this system extent with the systems and skills you already have naturally?
- Is your business so unique that the only solution is to create a fraud protection system in-house??
- Is there any normative reason that compels you to create this in-house??
- Will such a system become your competitive advantage?
If you answered “Yes” to a couple of these questions, this is already a good reason to consider building your own system.
Do you have enough data?
General information is not enough for creating a fraud protection system. For the system to work as efficiently as possible, you should have enough data within the company that is the most accurate.
Working only with experts
Besides, you should understand that such a task as protection against fraud should be entrusted to a team of experienced specialists. Our team has experience in combining the ability to transform information into proven functions and build robust and scalable systems.
Besides all the above, you must be sure that your budget will allow not only creating but also developing the system, as well as constantly finding new specialists.
Credit card fraud is not the only type of fraudulent activity. DeARM can also be successfully used for the following tasks:
Account takeover protection.
This is a combination of data analysis and discovery, as well as security checks, to protect the account from constant hacking attempts.
It is an instant creation of graphical networks that show connections between objects in databases. Such an analysis is needed for them to predict machine learning as well as analyze the investigations.
A combination of threat analysis methods for all participants in the trade process: from the seller to the courier.
Authentication and Acceptance.
Everything is simple here. For payments to be successful, you must be sure that your system can accept them without any problems.
Analysis of fraud between similar businesses. This thing helps to understand that there were fraudulent activities of a similar nature in different enterprises. This is confidential data that is transmitted only through third parties. It can be a phone number, email, or a payment method.
The methods of fraudsters are constantly evolving, so the schemes for eliminating them should also be different. You must understand that this is a constant investment and a lot of work. Which, but, can take your business to new heights.