The 6 Holiday Fraud Questions You STILL Need Answered

Holiday fraud has a ripple effect, and downstream damage can take time to materialize. The only option is to establish effective defenses now.

It’s December 24th, and all over the world, millions of people are busy with last-minute preparations for their upcoming holiday festivities. Unfortunately, millions of fraudsters are also busy with holiday activities, working to steal as much as they can, as fast as they can. Worst of all, their activities don’t stop when the presents are all unwrapped and decorations are back in their boxes.

DataVisor VP Priya Rajan made this point recently in an article for Digital Commerce 360, when she wrote that “increases in online shopping, an expanded array of promotional activity and intensified shipping volumes all combine to create fertile ground for fraud and abuse, and post-holiday sales cycles will be just as vulnerable as mid-season ones, so short-term fixes will not suffice.”

*Pro tip for the holidays and beyond: Be on the lookout for malicious user-generated content!

https://www.datavisor.com/intelligence-center/reports/datavisor-fraud-index-report-q3-2019/

Priya has many valuable insights to offer on the subject of holiday fraud, as do Yinglian Xie (Co-Founder & CEO, DataVisor) and Swetha Basavaraj (Senior Product Manager, DataVisor). Below, we’ve gathered their answers to six of the most pressing questions about holiday fraud. Their answers are gathered under two headlines: Detection and Prevention.

DETECTION

1. Why is fraud so prevalent during the holidays?

Swetha, in a post for DataVisor, offers three answers to this vexing question:

1. It is easy to attack during this time of the year because marketplaces, eager to capitalize on the high spirit of the holiday season, often take extra steps to loosen security on their platforms, in order to make them frictionless to use.
2. Legitimate buyers tend to display unusual or anomalous activity as they shop specifically for the holidays (e.g., larger purchases from new retailers); this makes it difficult to accurately differentiate between legitimate and fraudulent transactions.
3. There is often a scarcity of resources within fraud and safety teams, and the spikes in traffic associated with the holidays make it easy for fraudsters to hide behind the surges.

2. Can anything be done about shipping fraud during the holidays?

Shipping fraud is obviously one of the most common attack types seen during the holidays, and preventing it is a uniquely difficult proposition. Yinglian, writing for PYMNTS, offers the following perspective, highlighting the vital importance of early detection strategies:

To prevent reshipments and other fraudulent shipping actions, businesses have to block fake and malicious accounts at the point of registration, before they can be used for malicious purposes.

• Determining which accounts are legitimate can be done with advanced AI and unsupervised machine learning (UML) technologies that can reveal connections and patterns across large numbers of newly registered accounts.
• Advanced data analysis can produce actionable insights from large volumes of data by taking a holistic approach to reviewing and analyzing a wide variety of event types, digital fingerprints, and profile information related to accounts, shipments, and deliveries.

Comprehensively detecting and preventing sophisticated shipping fraud necessitates implementing proactive strategies that can expose fake and malicious accounts early — before downstream damage can occur.

By analyzing registration data holistically using UML, it is possible to expose the shared attributes across accounts that identify them as being part of a coordinated attack. Adopting strategies like these enables shipping platforms to continue offering friction-free experiences without fear of incurring increased risk of attack.

3. What are some of the other most common types of holiday fraud?

Priya, in her Digital Commerce 360 piece noted above, highlights the following three fraud types:

1. Content abuse: Because of e-commerce sites’ dependence on user-generated content, these businesses are especially vulnerable to content abuse that can hurt reputations, slow sales, and cause significant customer churn. Of particular concern is the speed at which criminals operate. DataVisor’s Q3 2019 Fraud Index Report found that criminals launching content abuse attacks move very quickly: 60% of fraudulent accounts posted or sent malicious content within two hours of registration, and 76% did so within 24 hours of account registration
2. Account takeover: Financial fraud is a major concern during the holidays, and account takeovers (ATO) are uniquely damaging — not only are the financial implications immediate, but so are the attacks themselves. DataVisor’s Q2 2019 Fraud Index Report found that 72% of financial accounts made fraudulent transactions within one hour of compromise.
3. Mass registrations and fake accounts: Fraudulent transactions using stolen credit cards have always been a serious concern for retailers, particularly during peak shopping seasons. In addition to ATO, in which criminals take over legitimate users’ accounts and use the credit cards on file, retailers have to contend with mass registrations and fake accounts that use compromised credit cards fraudsters have acquired elsewhere. Mass registration fraud is carried out using a complex array of techniques, including user behavior simulation, device and IP obfuscation, and identity theft.

*Pro tip: Phishing and Spam increase significantly during the holidays.

https://www.datavisor.com/intelligence-center/reports/datavisor-fraud-index-report-q3-2019/

4. Why is it so hard to stop holiday fraud?

Priya sees three factors and trends as particularly significant:

1. Today’s attackers have the same access to emerging technologies as the businesses they target. That can make it hard for legitimate platforms to get the upper hand.
2. Criminals exploit the dramatic increases in transaction volume during peak seasons and benefit from increased cover for their malicious activity. Fraudsters are keenly aware that many retailers relax detection rules during the holiday season to prevent being overwhelmed by a flood of triggered alerts due to the increased order traffic.
3. Malicious or unwanted activity can take on many additional different forms during sales and promotion events. Exclusive discounts for new customers can be taken advantage of by criminals who set up multiple fake accounts. Using these bogus accounts, they can purchase limited-quantity items in bulk that may not typically be discounted, and resell those items on P2P marketplaces and auction sites.

*Pro tip: Counterfeit goods are a major holiday headache, but their sale can be spotted and stopped with the right detection tools.

https://www.datavisor.com/intelligence-center/reports/datavisor-fraud-index-report-q3-2019/

Having gained a better understanding of why holiday fraud is so prevalent — and so challenging — we can move now to the essential subject of stopping it.

PREVENTION

5. How can businesses protect their organizations, and their customers, during the holiday season?

Swetha weighs in on this crucial question with five strategic recommendations:

1. Focus on fraud types that have a financial impact. Fraudsters want to make money, so you need to focus on those fraud types that have a direct fiscal impact. By the time we hit the holiday season, fraudsters will have already conducted their account takeover (ATO) activities and created their fake accounts, and they will have likely already tested those accounts for detection risk by buying or selling small-ticket items, to ensure they can go undetected. So now, they are incubating, and waiting to strike.
2. Do not ignore fraud types that affect the integrity of the platform. While it is common to have checks and balances in place to prevent or detect fraud that would cause direct monetary impact, organizations shouldn’t just look at cost-of-business. Good fraud detection is about more than just preventing loss. It is about increasing revenue by allowing more good customers through and given them friction-free shopping experiences, especially during the critical holiday shopping season. Therefore, instead of only looking at a point solution (for example, one that reduces chargebacks), consider a holistic solution that can deliver both financial and reputational protection.
3. Equip yourself to adapt to new and evolving fraud patterns. It is easy for fraudsters to hide behind holiday traffic surges. They have access to many sophisticated tools and are well prepared. Too many solutions in place today depend on old labels and train their models based on historical patterns. While it’s good to know past trends, your solution cannot rely solely on historical data — modern fraud moves too fast. A proactive solution that can adapt to the constantly shifting attack patterns adds real value, and can serve to curb both known and unknown fraud.
4. Have an efficient review system in place to empower fraud moderation teams. The fraud team is a sales enabler as much as it is a fraud prevention team. However, during vacation seasons, there are often resource crunches. So, you need to prioritize work according to the business needs. Moderator productivity is especially important, so automating some of the processes based on the fraud score can help mitigate personnel shortages. Moderators also need to be aware that buying patterns change during the holiday season, and remain cautious when taking actions.
5. Implement and integrate a fraud solution that helps you focus on serving your customer. Preparing for the holiday season means working through inventory, shipping, and staff issues. It should also include planning for effectively managing fraud. Invest in a good fraud prevention solution that helps you realize the tremendous opportunity presented by the busiest time of the year.

6. What are some best practices businesses can follow during the holiday season, to help prevent holiday fraud?

We return to Priya for three key recommendations:

1. Don’t rely on rules alone. If you are currently using a rules-based fraud detection system, do not rely entirely on this technology during peak shopping seasons. Criminals are continuously adapting their techniques, and attacks are growing in both scale and complexity. Rules — and other legacy systems that might have detected yesterday’s attacks — are not able to detect the advanced attacks we see today.
2. Be on the lookout for anomalous activity or transactions. Your organization must proactively keep watch for any anomalous activity that your existing systems is not capturing. If you currently do not have good unsupervised machine learning capabilities, regular manual reviews are the only way to uncover fraudulent behaviors that escape detection by rules-based or supervised machine learning systems.
3. Keep one foot on the brake. While it is tempting to celebrate successful sales or promotions, there may be bad actors under the surface trying to game your promotions in ways that you won’t be expecting. While your campaigns are active, it’s important to continuously analyze user activity to make sure that the promotions are being used by legitimate customers who will provide continuing revenue to the business.

Customer Experience vs. Organizational Risk

Issues associated with balancing customer experience and organizational risk are never more acute than they are during the holiday season. Businesses eager to make the most of high consumer demand during the holidays need to make the experiences they offer as seamless and as friction-free as possible. However, any reduction in the rigor of fraud prevention practices represents an open door to fraudsters, who are equally eager to take advantage of all revenue potential that the holiday season offers.

The only solution is to embrace proactive fraud prevention measures that enable early detection through comprehensive, UML-powered holistic data analysis. This is the only way to consistently reduce friction for good customers, while simultaneously increasing it for bad actors.

We’ll leave you with one final thought:

It’s never too late to embrace better threat protection.

As Priya noted, “holiday fraud has a ripple effect, and downstream damage can take time to materialize. Credit card information stolen during a busy holiday sales cycle, for example, might not be used right away, and hijacked accounts might be incubated for later attacks. Then, before you know it, the 2020 sales season begins anew with Valentine’s Day — only 51 days after Christmas — so there’s little if any downtime. The only option is to establish effective defenses now.”

Going Forward Into A New Decade

Yinglian wrote a piece recently for VMblog titled, “Friction Is For Fraudsters In 2020.” In that article, she states the following:

“Organizations that successfully protect their customers-and that consistently demonstrate their commitment to keeping customer data and information safe-are going to make significant competitive gains and see increased growth. In short, gaining and maintaining customer trust will be a key competitive business advantage.”

Trust is the name of the game. It can take years to earn it, and just one mistake to lose it. Don’t make a mistake—during the holidays, or beyond.