fighting online fraud is a lot like fighting zombies… · fighting online fraud is a lot ... to...

FIGHTING ONLINE FRAUD IS A LOT LIKE FIGHTING ZOMBIES…

Karisse Hendrick, Owner/Principal ConsultantChargelytics Consulting

Thi Ph b U k A h i li d d CC BY SA NC

-13 YEARS OF FRAUD FIGHTING EXPERIENCE

-HAVE WORKED WITH HUNDREDS OF ONLINE MERCHANTS IN VARIOUS VERTICALS, INCLUDING

ONLINE GAMING

-CO-HOST OF “ONLINE FRAUDCAST” PODCAST

-WORK WITH CARDNOTPRESENT.COM AND CNPEXPO

-PASSION TO HELP THE ONLINE MERCHANT COMMUNITY IN FRAUD FIGHTING & CHARGEBACK

REDUCTION IN SEVERAL WAYS

WHY IS ONLINE FRAUD A BIG DEAL?

• Card Not Present companies are liable for all fraud committed on their websites (they’re the ones re-paying the cardholder)

• For every $1.00 in online fraud, the cost to the online company is $2.96

• Visa/MasterCard impose additional fees & fines if a CNP company has chargebacks over 1% of total sales count; if over 1% chargebacks continue, merchant can face merchant account termination

• In 2015, EMV was implemented in the US; As a result, much of the card present fraud migrated to CNP channels

• Breaches since 2015 have been targeting “rich account data” more than credit card numbers, resulting in fraud methods more difficult to identify than traditional card # fraud

0

1

2

3

4

5

6

7

2012 2013 2014 2015 2016 2017 2018

Credit Card Fraud Losses (in Billions)

CNP Counterfeit (CP) Lost/Stolen (CP)

2018 Report by Statista

OLD HACKS VS. NEW HACKS

Credit Card / CVV

Address

User Names

Passwords

Employee Info

Account Info

Fingerprints

Medical / Tax Info

EMV’S DIRECT IMPACT ON CNP FRAUD

“For years, card fraudsters have been looking for information to complete “fullz”. The Equifax breach just gave that to them.” –Brett Johnson, Former Online Criminal & Co-Host of “Online FraudCast”

FIGHTING FRAUD IS NOT EQUAL TO FIGHTING DRAGONS

Fighting Fraud is Like Fighting Zombies

TO FIGHT A ZOMBIE, LEARN THEIR TACTICS…

REMOTE DESKTOPS APPEAR LEGITIMATE

Path of Least Resistance: An Uptick in Social Engineering

As fraud identification systems continue to improve, fraudsters are going back to a non-

technical solution

DIFFERENT COMPANIES = DIFFERENT ISSUES

While shop-lifting methods in a brick & mortar store are similar whether that store sells electronics or groceries; online is not the case.

Variables:

Physical vs. Digital Goods

Business Vertical/Category

Average Order Value

Business Model Popularity of Brand/Items sold

FACTORS THAT IMPACT ONLINE GAMING FRAUD TACTICS

Gaming Business Model• Console• In-app• Facebook Games• PC Games• Streaming

How the Games Monetizes Their Service• Free-to-Play (in game purchases)• Subscription• Purchase full game• Digital Content purchase• In-game currency• Player-to-Player purchases• Micro-transactions

ONLINE GAMING FRAUD EXAMPLES

Account Takeover: Many League of Legends accounts have been hacked and used to send spammy messages to random players with offers of free skins and Riot Points.

Selling accounts and in-game content: In Fortnite, stolen accounts are often sold and can bring in big money, especially if the player was high-level and/or had rare skins.

Spam Sells: Final Fantasy XIV can leave players locked out of the game for days or weeks on end. Meanwhile, hackers use their character to spread spam and ruin their reputation, which often results in players being blacklisted by other players.

AUTOMATION TECHNOLOGY

69%

61%

56%

55%

41%

38%

29%

23%

21%

1 2 %

5%

4%

4%

Rules-based fraud case management system

Bank-issued tools (e.g., AVS, CVV, etc.)

IP Geolocation service

Machine learning-based fraud case management system

3D Secure

Two-factor authentication

Other

Device ID / Fingerprinting technology

Public records information (e.g. address, phone, etc.in an automated fashion

Fraud case management solution(combination of rules-based & machine learning-based)

Behavioral biometrics

We outsource all of our fraud tools and decisioning to a third party

Physical biometrics

MANUAL REVIEW VERIFICATION

57%

56%

48%

46%

42%

39%

17%

1 3 %

1 0 %

Social media verification

Call to customer

Premium/"Pro" public records verification tools

Free maps lookup

Free reverse phone number search

Free reverse address lookup

Credit history check

Manual verification provided by closedloop card brands

None, we don’t do manual review

FRAUDSTERS WORK TOGETHER…..WE SHOULD TOO

OUR ULTIMATE GOAL….

QUESTIONS?

CONTACT:KARISSE@CHARGELYTICSCONSULTING.COM

Subscribe to Online FraudCast on iTunes or CastBoxto be alerted to new episodes every week!