By Marija Solovjova, Head of Fraud AML Disputes Oversight, ECOMMPAY
Skyrocketing levels of payment fraud, accelerated by the growing adoption of digital commerce and the ever-increasing sophistication of fraudsters, have overwhelmed traditional anti-fraud controls. In fact, fraud hit £4 billion in the United Kingdom last year alone, up significantly from £2.4 billion in 2021. It is imperative that digital businesses continually adapt to this new age of fraudulent activity through modern solutions and preventative measures. Without the right technologies, many companies will struggle—particularly with solutions that are unable to identify or defend against chain attacks.
A fraud ring is an organised group of criminals involving specialists from various fields, such as social engineering, carding and identity fraud. Fraud rings create various patterns in merchant traffic. Numerous accounts controlled by fraudsters may be related to each other by the same features or behaviours. For example, a stolen credit card might be used to make a purchase at an e-commerce or online retail store. The online business would then pass the payment information to its payment processor to complete the transaction. In this scenario, the chain involves numerous pathways, including the purchase transaction, the payment information and multiple entities such as the online store, banks and payment processor.
Previously, fraud-detection solutions focused on individual transactions rather than identifying suspicious patterns. Within this system, basic transaction data would be analysed to identify suspicious patterns. For example, it would flag any exceedingly large or unusual transactions that would not align with the customer’s previous spending behaviours. In the modern day, however, these solutions are becoming increasingly limited, unable to detect more in-depth fraudulent activities.
Identifying chains
In 2023, fraud solutions that fail to flag or identify chains are simply redundant, particularly as fraudulent activities become increasingly sophisticated and individuals continue to use long chains to hide their processes. These fraudsters have become experts at covering their tracks; an average fraudulent scenario sees a chain involving bank accounts, fund transfers and purchases using the funds alongside various pathways, such as two to three banks, the fraudster and the entities receiving the funds.
Implementing fraud solutions that fail to identify chains can also result in false positives and negatives. False positives are when legitimate activities are flagged as fraudulent, while false negatives are instances during which fraudulent activities are missed. Both of these outcomes can be detrimental to businesses, with unnecessary disruptions in normal business operations and significant financial losses as the possible results.
Therefore, to detect fraudulent activities, it is imperative that fraud solutions identify transaction chains and link them appropriately to different entities. To truly understand the extent of fraudulent activities, businesses must map out entire chains of events. This requires a more comprehensive approach that includes data analysis, pattern recognition and link identification between seemingly unrelated activities.
Enhancing tech solutions
A strong risk control management system (RCMS) is, in most instances, not enough to detect and prevent chain attacks. Instead, it is crucial that payment providers and e-commerce stores continue to turn to the most innovative technologies to support their prevention and control measures. One example of this is innovative graph analysis, known to further the work of an RCMS. With this model, fraud patterns can be analysed, and not only one but multiple fraudulent activities in a chain can be blocked. Graph analysis allows the discovery of accounts involved in a fraudulent attack and so-called “hidden fraud”—fraudulent accounts that look genuine and cannot be discovered using traditional approaches. If fraudulent activities are found, chains are blocked, and when fraudsters attempt malicious actions again, the graph model neutralises the threat. This process is repeated until the fraudsters have exhausted all their efforts and ended their activities.
The graph analysis adds another layer of protection to already sophisticated fraud solutions, which should combine an automated monitoring feature with manual analysis. For ECOMMPAY, this approach ensures a 97-percent+ fraud-detection and -prevention rate without interfering with customer interactions.
Data collected by ECOMMPAY while working with merchant clients found graph analysis to be extremely effective, resulting in significant decreases in the fraudulent transaction amounts suffered each month. For example, graph analysis was implemented in November 2020 for one merchant after a peak of $73,961 in fraudulent transaction amounts. After integrating the graph-analysis system, the amount of fraud fell by $6,680 in December 2020—a 90-percent decrease in one month.
Similarly, graph analysis was added in May 2021 to another merchant’s security system after significant fraud spikes in March ($27,793.59) and April ($22,323.23). After the addition, May statistics were lowered to just $4,612—decreases of 83 percent and 79 percent, respectively.
Ultimately, there are numerous advantages to working with graph analysis. The continued difficulty with fraud chains is dynamism, with new users appearing over time and continuing to alter current practices. It is crucial to match this dynamism and terminate the chains’ activities—quickly depleting the scammers’ resources and ending their attacks.
A further advantage of graph analysis is that it doesn’t matter if the data is recent; the more available data, the stronger the ability to detect fraud chains becomes. This means that the system can be used to identify new fraudulent attacks based on information about attacks that happened months or even years ago.
Considering strategic partnerships
Alongside revolutionary technology, payment providers and e-commerce stores must consider how their fraud-detection and -prevention measures are structured. For example, many companies have looked to outsource their fraud-protection capabilities to cybersecurity and other preventative firms. This trend continues at a crucial time when fraudsters are aware of the influx of new adopters of digital transactions and online e-commerce brought about by the pandemic. These new customers are among the most vulnerable, as they may be exposed to these new methods to trick people out of their personal data and money.
Whilst merchants continue to look to grow their conversion rates and attract new customers, this cannot come at the expense of those consumers’ data and money; those merchants using risky practices to boost business also risk suffering major reputational damages.
Payment providers have a responsibility to keep merchants educated and informed about risks and how to improve their risk-control systems. Therefore, it is key that merchants ensure that their anti-fraud controls are tailored to their needs and customised to their industries—whether finance, retail or travel. By utilising their own proprietary systems, they can adjust their anti-fraud filters accordingly to both maintain high customer-conversion levels and achieve maximum revenues for the merchants that employ their services.
Ultimately, fraud solutions that do not identify fraud rings are redundant in 2023.
Fraudsters’ increasing sophistication and fraud schemes’ growing complexities make having solutions that can detect chains and link them to specific entities essential. Organisations must invest in fraud-prevention and -detection solutions that use advanced technologies, such as innovative graph analysis, to track data across numerous transactions. Additionally, merchants must reflect on their payment-provider relationships and decide if they can further tailor their product suites to their business needs. By utilising innovative technologies that detect chain risks and tailor payment-provider supports, merchants ensure they effectively protect against, block and mitigate the risks of fraud.