How E-Commerce Merchants Can Prevent Coordinated Fraud Attacks

Learn how e-commerce merchants can fight fraud using a type of data analytics called group analysis.

E-commerce fraud has always been a problem, and the solution has always been to screen orders using the most powerful tools available. Now, however, order screening alone may no longer be enough to protect merchants. Organized criminals are increasingly committing fraud without triggering flags during order screening. That's bad news, but a type of data analytics called group analysis can help merchants fight this new threat.

How most online merchants tackle fraud

Card not present (CNP) fraud is a huge problem for the e-commerce industry. It's also a problem that's getting worse, with losses projected to reach $130 billion by 2023. Because placing orders with stolen data is how criminals usually commit CNP fraud, it's logical that merchants and fraud prevention solutions focus on screening orders rigorously. 

A typical order is screened for matches between cardholder name, card number, CVV, and billing and shipping addresses. It's likely also compared to the customer's order history, geolocation data for the device they're using to place the order and perhaps behavioral biometrics like how they use their keyboard or mobile touchscreen. If any of these elements don't seem right, the order may be automatically rejected or sent to an analyst for manual review. 

A lot of technology and expertise goes into screening each order for fraud, and that's a good thing for merchants because it protects them from the most straightforward type of CNP fraud. However, organized fraudsters know about all the resources that go into stopping fraudulent orders and they're always looking for ways to get around those barriers. Sometimes, they find ways to commit fraud that evade order screening, but which would be obvious if anyone were looking for larger patterns among the orders. 

What merchants can miss when they focus only on order screening

Coordinated fraud attacks happen when criminals find ways to work around the transaction screening process. For example, a fraudster might use stolen credit card data to order a big TV for resale. Instead of having the TV shipped to their own address or to one of their fellow criminals, they use the shipping address that's already associated with the credit card. By using the victim's shipping information, the criminal avoids raising flags during order screening, and their order is approved.

The TV never makes it to the victim's address, though. Instead, the fraudster calls the merchant's customer service line and says they need to change the delivery address. Unless the merchant screens the order data again or has a policy against post-purchase shipping changes, the criminal can reroute the TV to the new address without tripping the merchant's fraud alarms.

The fraudster may have another option as well – calling the shipping company directly and asking them to reroute the package. This avoids fraud screening and leaves the merchant completely out of the loop, just in case they might have become suspicious. 

A criminal working for a larger e-commerce fraud organization – and yes, they exist and operate like businesses – might simply contact a fellow fraud ring member working for the shipping company to have them divert the package, with no official record of a change request. 

These approaches might seem like overkill for a single transaction like our hypothetical stolen TV. That's why organized fraud rings use these tactics at scale. That's bad news for merchants because while one fraudulent order can result in a chargeback and lost product, dozens or hundreds of fraudulent transactions that bypass order screening can devastate a business. And if merchants are focused only on order screening, they won't see the coordinated fraud attack until it's too late.

How to spot patterns that can indicate a coordinated fraud attack 

To identify patterns that may be caused by coordinated fraud, merchants need a shift in perspective. Rather than focus only on evaluating transactions one by one, they also need to look at large groups of orders to spot changes and trends. 

How does this pattern detection work? One effective method is group analysis. This type of analysis tracks specific types of data over time. This helps to show a pattern of expected behavior. For example, a merchant might choose to track the number of orders that originate from different locations to establish benchmarks and trends. Maybe one ZIP code has a low number of orders each month but it's trending upward, while another ZIP code has a consistently high number of orders per month that doesn't change much. Any change that deviates from the expected pattern is a flag that calls for more investigation.

Of course, order location data is just one element of the bigger picture. Coordinated fraudsters use many tools and techniques to get what they want, including creating new credit card and bank accounts with stolen personal data. Because fraud attacks are becoming so complex, all the data associated with each customer and each transaction – including things like the email provider they use, the age of their email and credit card accounts, and the bank they use – is a resource merchants can analyze to detect coordinated fraud. 

Using group analysis to detect and stop fraud attacks

By detecting patterns that differ from what's normal, group analysis can alert merchants to potential fraud even when each individual order passes muster. 

Let's use our ZIP code example above. If a store typically gets a few dozen good orders a week from a particular ZIP code and then the rate shoots up to several hundred a week, it's worth a closer look even if each of the orders appears to be valid – because it's an abrupt change from past activity in that region.

It might be that there's no fraud. Maybe a new business has moved in and is placing lots of orders, or perhaps the residents all have new jobs at a plant that just opened, and they're spending some of their new earnings. 

But it's also possible that the spike in orders is due to something else, like a bank data breach that exposed card numbers and account holder data. If that's the case, the orders won't trip any transaction screening flags, at least until the accountholders discover the fraud. But the group analysis will reveal that all these orders are being placed with cards that have the same bank identification number. 

At that point, it's time to place holds on the orders, stop deliveries and reach out to the bank and the customers whose data has been used, to find out for certain whether the orders are legitimate or fraud. In our hypothetical scenario, the merchant may be able to avoid hundreds of chargebacks and large amounts of lost product.

We can also look at our example of fraudsters rerouting packages after their orders are approved. An increase in these requests to customer service or the carrier might indicate that the merchant is being targeted for fraud. That's especially true if there are requests from different customers in different locations to reroute orders to the same address, which could indicate fraudsters consolidating deliveries to a single location for transport or resale. Again, the only way to spot this kind of fraud is to analyze data that reflects the big picture.

As organized criminals look for ways to target merchants without raising flags at the order stage, merchants must expand the way they screen for fraud. By looking at the whole picture as well as at individual orders, merchants can protect themselves from coordinated fraud attacks that can lead to expensive chargebacks and other losses.

Original article at: