FIGHTING ONLINE FRAUD IS A LOT LIKE FIGHTING ZOMBIES…
Karisse Hendrick, Owner/Principal ConsultantChargelytics Consulting
Thi Ph b U k A h i li d d CC BY SA NC
-13 YEARS OF FRAUD FIGHTING EXPERIENCE
-HAVE WORKED WITH HUNDREDS OF ONLINE MERCHANTS IN VARIOUS VERTICALS, INCLUDING
ONLINE GAMING
-CO-HOST OF “ONLINE FRAUDCAST” PODCAST
-WORK WITH CARDNOTPRESENT.COM AND CNPEXPO
-PASSION TO HELP THE ONLINE MERCHANT COMMUNITY IN FRAUD FIGHTING & CHARGEBACK
REDUCTION IN SEVERAL WAYS
WHY IS ONLINE FRAUD A BIG DEAL?
• Card Not Present companies are liable for all fraud committed on their websites (they’re the ones re-paying the cardholder)
• For every $1.00 in online fraud, the cost to the online company is $2.96
• Visa/MasterCard impose additional fees & fines if a CNP company has chargebacks over 1% of total sales count; if over 1% chargebacks continue, merchant can face merchant account termination
• In 2015, EMV was implemented in the US; As a result, much of the card present fraud migrated to CNP channels
• Breaches since 2015 have been targeting “rich account data” more than credit card numbers, resulting in fraud methods more difficult to identify than traditional card # fraud
0
1
2
3
4
5
6
7
2012 2013 2014 2015 2016 2017 2018
Credit Card Fraud Losses (in Billions)
CNP Counterfeit (CP) Lost/Stolen (CP)
2018 Report by Statista
OLD HACKS VS. NEW HACKS
Credit Card / CVV
Address
User Names
Passwords
Employee Info
Account Info
Fingerprints
Medical / Tax Info
EMV’S DIRECT IMPACT ON CNP FRAUD
“For years, card fraudsters have been looking for information to complete “fullz”. The Equifax breach just gave that to them.” –Brett Johnson, Former Online Criminal & Co-Host of “Online FraudCast”
FIGHTING FRAUD IS NOT EQUAL TO FIGHTING DRAGONS
Fighting Fraud is Like Fighting Zombies
TO FIGHT A ZOMBIE, LEARN THEIR TACTICS…
REMOTE DESKTOPS APPEAR LEGITIMATE
Path of Least Resistance: An Uptick in Social Engineering
As fraud identification systems continue to improve, fraudsters are going back to a non-
technical solution
DIFFERENT COMPANIES = DIFFERENT ISSUES
While shop-lifting methods in a brick & mortar store are similar whether that store sells electronics or groceries; online is not the case.
Variables:
Physical vs. Digital Goods
Business Vertical/Category
Average Order Value
Business Model Popularity of Brand/Items sold
FACTORS THAT IMPACT ONLINE GAMING FRAUD TACTICS
Gaming Business Model• Console• In-app• Facebook Games• PC Games• Streaming
How the Games Monetizes Their Service• Free-to-Play (in game purchases)• Subscription• Purchase full game• Digital Content purchase• In-game currency• Player-to-Player purchases• Micro-transactions
ONLINE GAMING FRAUD EXAMPLES
Account Takeover: Many League of Legends accounts have been hacked and used to send spammy messages to random players with offers of free skins and Riot Points.
Selling accounts and in-game content: In Fortnite, stolen accounts are often sold and can bring in big money, especially if the player was high-level and/or had rare skins.
Spam Sells: Final Fantasy XIV can leave players locked out of the game for days or weeks on end. Meanwhile, hackers use their character to spread spam and ruin their reputation, which often results in players being blacklisted by other players.
AUTOMATION TECHNOLOGY
69%
61%
56%
55%
41%
38%
29%
23%
21%
1 2 %
5%
4%
4%
Rules-based fraud case management system
Bank-issued tools (e.g., AVS, CVV, etc.)
IP Geolocation service
Machine learning-based fraud case management system
3D Secure
Two-factor authentication
Other
Device ID / Fingerprinting technology
Public records information (e.g. address, phone, etc.in an automated fashion
Fraud case management solution(combination of rules-based & machine learning-based)
Behavioral biometrics
We outsource all of our fraud tools and decisioning to a third party
Physical biometrics
MANUAL REVIEW VERIFICATION
57%
56%
48%
46%
42%
39%
17%
1 3 %
1 0 %
Social media verification
Call to customer
Premium/"Pro" public records verification tools
Free maps lookup
Free reverse phone number search
Free reverse address lookup
Credit history check
Manual verification provided by closedloop card brands
None, we don’t do manual review
FRAUDSTERS WORK TOGETHER…..WE SHOULD TOO
OUR ULTIMATE GOAL….
QUESTIONS?
CONTACT:[email protected]
Subscribe to Online FraudCast on iTunes or CastBoxto be alerted to new episodes every week!