Feedzai, the world’s leading risk management platform, has today released findings from its Quarterly Financial Crime Report that analysed over 4 billion global transactions. The report found that the three most common global fraud contributors were card cloning, high speed ordering/spending and suspicious merchant category codes. Other types of significant fraudulent activities were Account Take Over (ATO) and suspicious emails.
 
Breakdown of top three global fraud threats:

1. Card cloning - Card cloning, or “skimming,” is copying stolen credit or debit card information to a new card. In card cloning schemes, “carders” buy and sell stolen payment cards on the dark web and often use bots to commit crime. Feedzai’s report showed there has been a 34% increase in the card cloning fraud across industries.
2. High speed ordering / spending - Armed with speed and velocity, fraudsters use BOT attacks to complete “add to carts” five times faster than humans. BOTs can strike hundreds of times in minutes, and some bot attacks can last as long as several hours. With e-commerce set to skyrocket this festive period due to the pandemic, this type of attack will impact online retailers and their customers as it can act as a DDoS attack and make legitimate orders impossible to transact. 
3. High risk merchant category code (MCC) - An MCC is a four-digit number that designates categories for merchants based on their primary business. A bank’s underwriting guidelines determine a merchant’s risk. The more likely a merchant is to have a high number of chargebacks, the riskier they are deemed. Upon analysis of fraud patterns, Feedzai found that some of the most common high risk MCCs are gambling, dating services, and the travel industry.

In addition, account takeover (ATO) fraud was prevalent and involves a fraudster accessing any online customer accounts, such as a bank, e-commerce or email account. Finally, suspicious emails also make up a large number of fraud schemes, so it is always worth reminding consumers to think before they click; and banks and e-commerce sites should monitor for fraudsters setting up rogue domains to trade on their good brand names.
 
Actions Financial Institutions can take to combat common fraud contributors

Feedzai recommends the following ways in which FIs can act now to limit fraud over their networks:

1. Thwart “carders” with card-not-present fraud-fighting techniques: Understand the user patterns associated with carding, such as picking up when the same card is used for multiple transactions in a short period of time; if the dollar amount per transaction is above a certain threshold; or if the number of merchant codes in a specified period of time exceeds a threshold. An advanced machine learning algorithm can allow organisations to manage complex conditions to detect and prevent crime with greater accuracy.
2. Monitor suspicious email domains: Flag any transaction originating from a suspicious email domain which can include high-risk domains, invalid emails, or unconfirmed email addresses.
3. Develop hypergranular risk profiles to detect ATO fraud: Understand your customers by looking at multiple data points when creating customer risk profiles. For example, collect the time of day a customer usually logs into their account, the mobile devices they typically use, how much time they spend on a site or online platform, and how they typically transact. Understanding what normal behaviour looks like allows teams to detect and prevent fraud when the customer’s account behaves abnormally.

Top tips for consumers to fight fraud this festive shopping season

Stay aware and vigilant. Fraudsters will use emails, phone calls, rogue mobile apps, and websites or pretend to be legitimate businesses to deceive their targets and obtain their personal information.

If fraudsters don’t have access to personal information, it’s very unlikely they are able to commit any type of fraud. For this reason, users should exercise caution when clicking on any links or responding to any messages they receive. Any communication that requires the recipient to disclose any kind of personal information should be treated with suspicion and validated -it’s better to take a little longer to access a shopping deal than to give up personal data to fraudsters!
 
Users should also be on the lookout for Account Take Over (ATO) instances, which leverage the habit of reusing passwords across different online accounts. Criminals will attempt to log into legitimate user accounts with stolen credentials, and this is among the most common type of fraud. In fact, each month, one in three fraud attempts against the world’s top merchants is ATO. Scam fraud has notably risen in the UK market, where losses reached £456 million last year.

“Consumers and businesses need to pay close attention to fraud techniques that have become common,” said Andy Renshaw, VP of payments strategy & solutions at Feedzai. “Well-known shopping events such as Black Friday and Cyber Monday can produce unwanted consequences if safety measures are not understood and adopted. There are patterns and suspicious behaviors that can be spotted in real-time and prevent people from becoming part of the statistics.”