Online Fraud Is Getting Smarter: Firms Must Respond In Kind With Behavior-Based Tools

Digital transformation initiatives across the globe are generating billions of dollars, with the analytics segment alone expected to reach an estimated $74 billion this year.1 But while organizations focus on getting closer to their customers with innovative new services, and streamlining business processes, the bad guys are also hard at work. As a new report from analyst firm Javelin Strategy & Research reveals, cybercriminals are developing increasingly sophisticated techniques to steal identity and financial data, compromise user accounts and stay hidden from detection tools.2

The answer must be a focus on data-centric fraud prevention platforms which provide a 360-degree view of user behavior — to spot and stop malicious activity in its tracks.

Fraudsters Pulling Ahead

Online fraud is predicated on the steady supply of identity and financial data, with which scammers can open new accounts in their victims’ names, hijack existing ones and make fraudulent transactions. A large part of this is provided by major data breaches at mid- and large-sized organizations. In 2018 nearly 450 million records had been exposed in such incidents in the US alone.3 However, personal data can also be harvested from individuals.

The attack chain often begins with a phishing attempt. According to Javelin, recent developments designed to make these attacks more successful include overlays, where a malicious window pops up over a legitimate application, requesting sensitive details. It’s designed to mimic the real app’s look-and-feel, tricking users. Other techniques include dynamic phishing pages which relay info from the legitimate website to the phishing page, requesting more log-in info if 2FA is required.

Alternatively, hackers may decide to exploit vulnerabilities on a device/PC, bypassing the need for human interaction altogether. This could be followed by a banking trojan designed to harvest account log-in data, as well as victim contact lists and stored cookies — the latter making it easier to impersonate the user online. Mobile versions are also available, and sometimes sneak onto official app stores.

Cybercriminals and fraudsters are deploying these and other tools and techniques across multiple verticals: from retailers, to mobile network providers, fintechs and banks. In retail, they are also using so-called “formjacking” attacks to harvest user card details as they are entered into a website payment page. They do this by covertly inserting digital skimming code into the site, either directly or via a supply chain provider.

Staying anonymous is another key requirement for the modern digital fraudster. And that is increasingly being made possible via the use of legitimate browser-based emulation tools, often used by developers to test software in controlled environments. These enable fraudsters to emulate legitimate users’ device profiles, allowing them to bypass device recognition systems, and reduce the chances of being challenged by 2FA.

Simility Hits Back

So how do fraud teams hit back, in the face of increasingly sophisticated attempts to stay hidden, harvest identity data and hack user accounts? According to Javelin, the key is being able to accurately analyze behavior. We agree. Simility taps into the power of data, applying machine learning algorithms to spot patterns that human eyes may miss.

This provides that all-important insight into user behavior to raise the alarm when something is suspicious, and automate decision-making so that high-risk transactions are always blocked. With tools like our Adaptive Decisioning Platform, organizations can respond to the heightened threat from digital fraud with advanced tools of their own, to help reduce chargeback losses, administrative overheads and brand damage, and tackle fraud without impacting the user experience.

To learn more about how Simility’s industry recognized Adaptive Decisioning Platform can help you better understand user behavior to accurately screen for fraud, schedule a demo now.

1. Statista, https://www.statista.com/statistics/784098/digital-transformation-market-size-in-the-us-by-solution/

2. Javelin, https://www.javelinstrategy.com/coverage-area/new-criminal-toolbox-tools-and-tactics-modern-crimeware

3. Statista, https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/

Eric Newman

Eric Newman

Eric Newman is the Vice President Business Development at Simility. He has a rich history within the fraud and cybersecurity industries, holding executive roles at RSA, SilverTail Systems, Pindrop Security, RiskIQ, and Phoenix Technologies, among others.
Eric Newman