Online fraud threats have skyrocketed in recent years, with losses now predicted to exceed $206 billion by 2025. As fraud increases in both prevalence and sophistication, even enterprises with strong fraud prevention programs struggle to confidently distinguish real consumers from cybercriminals. Businesses are missing a crucial element in their control frameworks: visibility of stolen information that enables criminals to evade detection and perpetrate account takeover and online fraud.
For organizations with a keen eye on customer experience, finding a balance between causing friction to validate legitimate users and transactions and preventing fraud can be tricky. However, a lot is on the line when it comes to the impacts of online fraud, including customer retention, time spent on manual review, losses due to new account fraud, account takeover and mule accounts, and compliance with anti-money laundering requirements
Organizations need to find new, cost-effective ways of detecting fraud and reducing customer friction when opening new credit and deposit accounts, accessing existing accounts online, transacting on your site, and more.
Prevalent Types of Online Fraud and Popular Attack Methods
Also referred to as “account enrollment fraud” or “new account fraud,” this type of fraud occurs when fraudsters open accounts or apply for credit and other services using stolen or synthetic identities.
ATO occurs when a malicious third-party attacker gains access to a user’s account via stolen credentials with the intent to commit fraud. The fraudster will typically modify notification settings to divert alerts from the legitimate account holder, drain account funds, have additional cards issued and sent to the criminal to use, along with other types of fraud.
Card-not-present Fraud (CNP):
The purchasing of goods online or over the phone by using stolen card and personal information.
This type of fraud occurs when a customer unknowingly purchases an item from a fake online storefront, and the criminal running the site then goes to a legitimate retail site and places the order using the customer’s name and shipping address, along with stolen credit card information to pay for the item. The fraudster makes off with the funds from the card used by the legitimate customer and the legitimate is left holding the bag for approving a transaction on a stolen credit card.
Loyalty and Gift Card Fraud:
Using stolen credentials, criminals access victim’s rewards programs and drain accounts, transfer points, obtain free rewards, collect PII, or purchase gift cards they then sell on the criminal underground, or use themselves before victims can notice.
Stolen Data – The fuel of the fraudster:
Fraudsters gain access to stolen personal information and online credentials through a number of means:
Individuals are tricked into providing their personal information or online credentials through seemingly legitimate emails or texts asking them to confirm information or logon to their account.
Large scale theft of companies or governmental units’ data that may include online credentials and personal information of all types.
Information is pilfered from malware-infected machines – including in-use credentials, active web session cookies and browser fingerprints.
Data acquired through these various means is made available to fraudsters through dark web marketplaces where the information is tested, priced and traded.
Hard-to-Detect Fraud: You Can’t Prevent What You Can’t See
While fraud detection solutions are advancing in their sophistication, one aspect they miss is how malware amplifies risk exposure. When a customer’s computer or device is infected, all of the data and activity on that system is at the fraudsters’ fingertips, enabling them to:
Siphon PII used for identity and new account fraud, as well as login credentials that facilitate ATO
Log into various accounts, including email and banking/payments, and make modifications to settings related to notifications, shipping address, etc.
Use stolen browser fingerprints and cookies to impersonate a customer and bypass login and multi-factor authentication (MFA)
Access information that can be used for social engineering or phishing
Track any changes, like reset passwords, newly stored and active browser sessions, and additional PII, and sell the updated data on the dark web
Infected systems create an extreme risk for online fraud and identity theft. Malware provides the proverbial keys to unlocking the kingdom – and as long as the system remains compromised, measures like resetting passwords and even applying MFA are not always effective. Mitigating this risk requires additional monitoring and scrutiny, and it starts with gaining visibility into the degree to which your customers may be at higher risk of suffering an attack from a variety of threats including malware.
How to Prevent Online Fraud
Traditional identity verification products draw on publicly available, commodity data and offer no visibility of the information bad actors have access to on the criminal underground. They query on basic information such as name, address, phone, identity credentials (national ID – such as social security number, drivers license ID, etc.,) device ID, and sometimes behavioral biometrics. However, these tools lack true insights into the probability that the account or identity has been by a criminal, or was created with fabricated or stolen data.
Darknet data-enriched analytics solutions add a new dimension to fraud prevention by providing extremely valuable contextual information for the risk models that serve to protect victims from attacks. With more detailed information about users’ risk exposure, including their prevalence of password reuse, recency and type of breach exposure, and appearances in botnet logs indicating malware infections, organizations can make more confident fraud decisions when trying to differentiate between legitimate customers and opportunistic fraudsters.
Level the playing field against bad actors How recaptured data from the criminal underground can protect your customers - and your bottom line:
Use recaptured identity data and analytics to make better fraud decisions based on consumers’ risk of ATO, synthetic identities, and fraud tied to malware
Identify compromised credentials and reset them to prevent ATO and other online fraud
Prevent users from creating accounts with previously exposed credentials that make them easy targets for credential stuffing attacks
Identify and invalidate recaptured malware-stolen cookies that can be used to impersonate your users
Bolster fraud investigations with the ability to attribute crimes to specific individuals and crime groups
Receive insights into your customer base’s security hygiene, alerting to users with high password reuse rates
Assess risk for users without an account or any historical data at vulnerable points, such as guest checkout, by querying as little as an email address for phone number
Since SpyCloud recaptures credentials directly from the criminal underground, we now have a level playing field with fraudsters – with the same data, we can easily identify compromised consumers and be more proactive in protecting them.
– Mobile Ecommerce Marketplace
Fight Back Against Fraudsters
With SpyCloud, you get enterprise-level online fraud prevention solutions powered by the most up-to-date and actionable recaptured data from the dark web.
By using this intelligence and better knowing your customers, you can predict user risk, help prevent account takeover and follow-on ransomware attacks, and identify malware-infected devices. This enables you to manage each customer’s experience with the appropriate journey, avoiding process interruptions, more closely monitoring certain interactions when necessary, and making fraud decisions upfront to create a more seamless overall interaction.
SpyCloud Identity Risk Engine
Provides actionable, predictive fraud risk assessments based on breach data and malware-stolen credentials from the criminal underground. Backed by powerful metadata like recency of breach, password hygiene, anomalies within a user’s information, and more, organizations can identify high risks of ATO and synthetic identities and minimize tedious manual reviews.
Helps organizations prevent fraudulent account creation using previously exposed credentials, as well as alerts an organization as soon as their customer’s exposed data appears in the criminal underground, allowing them to reset passwords before criminals have a chance to use them for fraud.
Uses recaptured malware data to alert enterprises when consumers’ web sessions and device cookies have been compromised so they can invalidate active sessions and block bad actors from using antidetect browsers to bypass login and impersonate users.
SpyCloud is the only provider using recaptured data from the criminal underground to help prevent fraud without adding undue customer friction. With SpyCloud, businesses can lower their fraud losses, manual reviews, and risk from synthetic identities.
SpyCloud offers the largest collection of recaptured darknet data in the world, combined with the earliest possible recovery. Our proprietary engine quickly ingests data from breaches, malware-infected devices, and other underground sources, then cleanses and enriches the data – adding context to the records so you understand the severity of the exposures (the source, breach description, and the actual password in plaintext). Our customers get notifications of compromised accounts and passwords far sooner than any other provider.
In today’s threat landscape, backups alone are not effective to recover from a ransomware attack. Neither is endpoint protection in a remote work world where employees are accessing corporate applications from personal devices outside of your control. A layered defense focused on credential management is required – one in which proactive monitoring and remediation of compromised credentials and malware-infected devices is considered essential.
Global Financial Services Provider
Challenge: 550 new accounts that were later identified as money laundering mule accounts passed KYC controls because of a lack of negative history associated with the email addresses.
Outcome: SpyCloud Identity Risk Engine flagged the majority of accounts as showing signs of synthetic identity, with 90% of accounts flagged as high risk.
Challenge: Increased frequency of data breaches exposing customer credentials and PII, it became a struggle to determine when a customer was interacting with their site versus a criminal using stolen data without a constant monitoring of exposed accounts.
Outcome: With SpyCloud, the team discovers 3,000-11,000 exposed consumer accounts every hour, enabling it to better protect its customers from account takeover with more automation.
Financial institutions must strike a balance between prevention controls and fraud mitigation while ensuring a quality customer experience. Our report delves into a new framework for understanding the risk that each individual consumer presents at key points in their journey.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.