To start, we need to understand fraudsters and their motives. Most are after anything with monetary value. The more money they can make, the more likely you will be a victim of their scams. Also, the easiness of committing that scam will factor into their targets. We will explore some common types of fraud and then discover how identity verification can help stop them.
Take, for example, account takeovers. Fraudsters are operating massive operations with multiple departments, all running the scam. They collect hits on accounts with credentials and then resell them to various vendors, where they will eventually extract any value. A saved payment method, coupon code, or balance is excellent to use for many scammers who want a simple return. If you have an App vs. Website, it is also easy for fraudsters to bypass any protection since one might be more permissive on new logins. Another tactic fraudsters do that makes new login and order notifications ineffective is email/text bombing. As soon as they process an order, they flood the owner’s email, which hides the original message. Most of these fraudsters have little technical skills and are trained on the right approach to use their stolen goods. A search through Telegram and Discord will return hundreds of chats on these businesses. Fraud teams are scaling up and able to send hundreds of attacks with their recruits. The damage done to existing customer accounts and clean up can even outweigh the account heist’s cost. This is currently the most straightforward entry for fraudsters, which is another reason it is proliferating.
Fake identities are another scam that has become too easy to commit. Just search “driver license templates” in Google, and you will see all the options fraudsters have without even going on the dark web. Need a selfie or another action completed? Find a service where you can add that to your cart and checkout. Again, it has become too simple for fraudsters to outsource a portion of their work to bypass any security check. There are plenty of services on Telegram and Discord that cater to each specific type of fake ids. Even services can bypass the most extreme id/passport checks (barcodes, holograms, nfc) by border control. Requiring strict ID verifications is a conversion killer, and even the best technology will result in negative user experiences. There are many variables to consider when dealing with ID verification if you trust it as a secure method. This type of fraud requires more significant costs and preparation, making it a step up in a fraudster’s career.
Stolen cards are usually more difficult to find on the open web and take more skill to use. In many cases, fraudsters will employ someone specialized in carding. Fraud is becoming more like traditional businesses where many jobs are contracted out. To bypass machine learning tools, they create customized profiles for each card with information that mimics the user. Fraudsters know if they miss one detail, it will lead to a rejection, which burns the card to be used again on the site. This usually causes the fraudsters to go after higher-value targets to turn a profit.
Refunding is a recent trend that has hit larger stores due to their friendly policies. To reject all refund requests would be determinantal to a business’s reputation, and fraudsters are taking advantage of that to enact multiple schemes. There are some guides to follow that can be found online, or this is another service that can be outsourced on many marketplaces found by Google.
Chargebacks can be split into a few categories. Most cases are friendly where a customer knowingly or unknowingly will dispute a charge hoping for their money back. The other possibility is where the card was originally stolen. Fraudsters can get away with chargebacks a few times, but they should be tracked to ensure no suspicious repeats.
Identity Verification to the Rescue?
Identity verification can be a strong deterrent to many types of fraud detailed above. While it isn’t a silver bullet, it should be a way to protect your business from repeated attacks and eventually improve your sight on incoming novel threats.
For account takeovers, businesses should link identity verification with their other detection tools that raise risk scoring for new events. Logging in from a new location and device could trigger at least an alert about the action. If that user follows up with some risky activities such as changing contact information and ordering an expensive item, there could be some identity verification. Account cleanup is more costly after the fact, but so is a lost sale to added friction. Balancing these two actions is critical, and the reason Trust Swiftly clients start with less intensive verifications.
We have seen too many businesses rejecting orders and signups first, which leaves customers with a bad experience. Even credit card issuers decline a transaction, forcing the customer to wait on the phone or use another card. Businesses need to offer automated verification methods that can be completed immediately. Most users hate a dead-end option and want to know how to resolve their issue directly. A user experience where the user is in the dark about what to do next puts a business at risk with lost growth.
Refunding can be stopped with active deterrence. Many actors will not go through with the fraud if they have some identity verification done to verify themselves. While it doesn’t need to be applied for all refunds, only the suspicious cases could also have the requirement to verify the customer identity. If they go through with the process, there can be some tracking for the actions. Much refunding is outsourced, and if multiple refunders can be tracked in a network, it will be easier to take down the entire ring.
For identity theft, there can be biometric verification methods that can detect many fake identities. Fraudsters may have a fake id prepared for the verification, but you can catch them off guard if you change up the technique to complete. Requiring them to do a proper liveness check is critical to ensuring the person is real. Many services do checks with moving your head, blinking, or smiling. They can be bypassed by recording a video on your phone, turning a phone screen on and off quickly to simulate blinking, or having a smiling face ready. A study on user experience with ID verification shows that most fail to identify fake ids and leads to more drop-offs than that lost due to fraud. Stolen cards and chargebacks can be greatly reduced through 3D secure. Using Trust Swiftly, we provide verifications without the hassle of implementing it or facing lost conversions. 3D secure should be kept as a last resort for many online stores and is another method that stops most fraudsters.
Fraudsters are evolving, and so should your approach to identity verification. The best way to stop fraudsters is by having an adaptive set of tools for verification. If there is a type of fraud or scam, your business faces not covered, contact our team to see how we can customize a solution for you. Using Trust Swiftly’s 10+ verification methods will put an end to your fraud worries.