How to Combat the Fraud Economy in Fintech

If trust and safety experts have learned anything this past year, it’s that fraudsters will look to exploit any and all vulnerabilities—including global crises. Experts estimate that more than $1 trillion was lost globally to cybercrime in 2020—fintech being one of the many industries hit by skyrocketing fraud rates.

During a recent webinar, Jane Lee, Trust and Safety Architect at Sift, along with Anda Kania, Lead Editor for Payments and Commerce at The Paypers, discussed the growing Fraud Economy, its impact on fintech, and how a Digital Trust & Safety approach can help protect and grow your business. 

What is the Fraud Economy?

Cybercriminals are knowledgeable about the markets they target and skilled at skirting around security measures put in place by fraud teams. They have thus evolved from isolated attacks into a full-blown Fraud Economy—a sophisticated network of active cybercriminals with access to everything they need to exploit online businesses.

“The key takeaways in this definition are sophisticated and network. The Fraud Economy is a very complex ecosystem where we have many, many different players who are all coordinating to swindle not only businesses, but consumers like you and me,” explains Lee. 

The Fraud Economy operates just like traditional economies, with levels of skilled labor as well as the ebbs and flows of supply, demand, and pricing. Fraudsters operating in this economy utilize secondary marketplaces to buy and exchange fraudulent information, oftentimes on the dark web.

Throughout the recent years of digital transformation, online fraud has multiplied into a much larger landscape of abuse. In the below graphic, you can see the complexities of the Fraud Economy and the various methods fraudsters can enact to get away with account takeover, content abuse, and payment fraud.

What methods are cybercriminals using to commit fraud?

To better understand the dynamics of the Fraud Economy, Lee dives into the ever-expanding ways in which fraudsters are taking advantage of businesses and consumers through payment fraud, account takeover, and content abuse.

Payment fraud

Fraudsters use a variety of methods to commit payment fraud, including, but not limited to, refund abuse, dark web data purchases, currency conversion, BOPIS, fraudulent purchases, card testing, and money laundering. The most recognizable type of payment fraud is in the form of fraudulent purchases made via card-not-present (CNP) transactions. 

Fraudsters turn to dark web marketplaces to buy and sell stolen credentials and personally identifiable information (PII), using special software configurations to maintain their anonymity. To hide the source of stolen funds, many fraudsters convert them from a bank account or credit card into cryptocurrency, as they are easily transferrable across borders, irreversible, and difficult to track. This fact makes the fintech industry especially vulnerable to money laundering schemes, where fraudsters control both buyer and seller accounts to commit closed-loop fraud. 

Account takeover

There are also many vectors that can lead to account takeover, including password sharing, impersonation, and credential stuffing, to name a few. Data breaches are another huge source of ATOs. Data breaches make news headlines on a regular basis, and each impacted user becomes exposed to ATO threats. Fraudsters leverage bots and automated scripts to test the validity of user credentials (email/password or username/password) on a merchant’s website to resell or use themselves.

Once fraudsters take over an account, they wreak havoc by draining them of any stored value they carry, including saved payment methods and loyalty points, and perpetuate more fraud such as card testing. This type of fraud has increased significantly during the pandemic, with loyalty programs being an attractive target as more customers have been earning points shopping online, while the hospitality industry was an easy target due to stagnant (i.e. less vigilant) victims.

Content abuse

A few of the many types of fraud that can lead to content abuse include romance scams, misinformation, employment scams, fake posts & listings, phishing & spam, review boosting, and marketplace fraud. Marketplaces are particularly susceptible to fraud because they target both buyers and sellers, guests and hosts, drivers and riders, or content creators and consumers. Due to this double whammy, the possibilities for fraud and abuse are astronomical.

Cybercriminals also enact phishing, spam, and romance scams to extract victims’ personal information and build full user profiles in order to access their email, bank, and other accounts to maximize profits. 

How are fraudsters attacking fintech?

Within the fintech industry specifically, Lee reports an uptick in fraudulent transactions, money laundering, illicit activity, stolen or synthetic identity sign-ups, ACH fraud, and unemployment or pandemic stimulus fraud. Digital wallets continue to be an attractive target due to the financial value they carry, combined with the fact that the fintech industry, in general, focuses on removing barriers to entry, cross-border capabilities, and other mobile-first security limitations. 

In the above graphic, you can see the pain points of account creation, login, and money flowing in and out of various fintech categories, illustrating how attacks can come in from all angles. “If you take anything away from the Fraud Economy and this illustration, it’s that you’re not facing an attack from one dimension—it’s coming from all sides,” explains Lee. 

The complexity of the Fraud Economy makes it all the more important to have a dynamic fraud solution that can take all of these factors into account. The dated rules-based approach no longer works in such an intricate fraud environment. Lee expands upon why rules-based systems are no longer effective:

“[Fraudsters] will continuously stress-test your system to see what they need to do to just barely skirt the line and operate below detection. What ultimately happens with systems that rely on rules is one, the rules get expansive because fraud is evolving. Two, you ultimately end up blocking good users, and of course, that’s not a good experience.”

How can you protect your business?

The alternative to a faulty rules-based system is machine learning, which analyzes thousands of signals and looks for patterns to determine levels of risk. With machine learning, you’re able to digest large amounts of data pertaining to user identities, behaviors, and device information to detect fraudulent actors. The Sift Digital Trust & Safety Suite is powered by patented machine learning models that leverage a global data network that processes over 70 billion events per month from over 34,000 sites and apps. 

“The advantage of the global data network is if someone in the global network identified it and marked it as fraud, you will automatically benefit from that information, hopefully saving you the pain of dealing with it down the road,” says Lee.

Lee explains that Sift is not just evaluating an email domain, but a combination of patterns to assign a Sift Score. You can see in the graphics below the various methods our machine learning can detect potentially risky users through deep signal analysis. 

Based on these tens of thousands of signals, Sift can accurately designate a Sift Score from 0-100 to determine how risky that behavior is and allow customers to decide how to proceed with that transaction.

To get even more insights from Lee on how the Fraud Economy is impacting fintech, watch the webinar.