In this edition:

• Closing the fraud prevention time gap
• Fraud-as-a-Service Spotlight: Automated account creation

Closing the fraud prevention time gap

By André Ferraz, CEO and Co-Founder at Incognia

What’s the “time gap” in the world of fraud prevention? 

It’s the time between the emergence of a new threat and the platform finding a way to counter it.

The wider that gap, the bigger the window for bad actors to commit fraud unhindered before you can crack down.

This gap is hard to decrease. Fraud prevention teams have many speed bumps that fraudsters don’t have.

You have to research new solutions, talk to vendors, get legal approval, test new software, negotiate contracts, conduct implementations, and much more.

But fraudsters don’t have all that red tape to worry about. Once they identify a vulnerability, they just get right to work stealing from your platform.

So how can you close this time gap and respond to new threats faster?

Here are three ways: 

1. Optimize speed-to-test at your organization 

Testing out new solutions and policies is critical but time-consuming, so focus on making that process as efficient as possible. Get familiar with the internal procedures you need to follow so you can move through them quickly. Equip your team with clearly defined steps for testing and implementation. This could save you weeks of fraudster free-for-all time. 

2. Attack the roots of your fraud problems, not only the branches

Look for solutions that target the source of your fraud problems. For example, multi-accounting and ban evasion are foundational fraud techniques (roots) that enable many different types of fraud, like promotion abuse, refund abuse, or chargebacks (branches). Fraudsters rely on these techniques in order to continue the fraud consistently and scale their operation. So rather than only chopping away at the branches, focus on stopping fraud at the roots.

3. Use internal intelligence to your advantage 

The longer your platform is in the dark about a new vulnerability or fraud scheme, the longer it can be exploited at will. Keeping an ear to the ground within your own organization can help you identify new fraud problems more quickly. For example, is the customer support team seeing certain patterns of refund requests outside the norm? Or are they getting complaints about the same types of issues over and over? Is the marketing team seeing unusually low retention after the latest promotional campaign? Collaborating and sharing intel across departments can help you catch emerging threats faster.

Fraudsters have certain speed advantages over fraud fighters, but there are still ways you can shrink the fraud prevention time gap.

And any reduction you make in that gap could be a difference-maker the next time a new threat emerges for your platform.

Watch Incognia’s recent webinar that goes deeper into this topic:

Fraud Prevention: Cost Center of Profit Center?

Fraud-as-a-Service Spotlight: Automated Account Creation

Fraud-as-a-Service: When cybercriminals sell their tools, services, and skills to help clients carry out fraud. In this section of our newsletter, we highlight a FaaS method that you should be aware of. 

Promo abuse, refund abuse, collusion—what do all of these fraud threats have in common? They require multi-accounting in order to become profitable, scalable fraud schemes.

In the business world, they say there are two reasons to hire someone: because they save you money, or because they save you time. Fraudsters could manually create the hundreds or even thousands of accounts they need to scale their operations, but that takes valuable time that they would probably rather spend actually making money. Instead, they can make the simple trade of their money for someone else’s time—or someone else’s bot. 

Automated account creation takes the repetitive grunt-work out of multi-accounting for fraudsters, and coding a bot to create accounts is one of the best ways to do it. If a fraudster doesn’t know how to program a bot or doesn’t want to spend the time to do it, other people are willing to rent theirs out for a fee.

For example, the screenshot below shows a listing we found on HackerForums.net: For $450, you could have a lifetime subscription to as much automated multi-accounting as you want on three separate platforms, with fingerprint obfuscation included.

Screenshot from HackerForums.net

What’s the impact of this kind of automated account creation? Fraudsters are playing a numbers game; they want to scale their fraud while putting in as little time and money as possible. Automated account creation helps them do this.

Think about it this way: One account claiming fraudulent refunds may cause limited damage, but what if they can spread those requests out over a hundred accounts, committing fraud repeatedly for high-ticket items they can resell for profit?

Or consider phishing schemes: One phishing message might be unlikely to succeed, but that’s no problem for bad actors as long as they can send thousands of messages daily from hundreds of accounts. If they play the game at a big enough scale, they know they’ll hit paydirt eventually.

Anything that makes a fraudster’s life easier makes a fraud fighter’s life harder. The easier it is for fraudsters to engage in multi-accounting, the greater the threat they pose to your platform’s integrity.

Other things to check out

Closing the fraud prevention time gap

Webinar: Fraud Prevention: Cost Center or Profit Center? | Incognia

Automated account creation

4-part series about fake account creation bots | F5 Labs

Incognia, a digital identity company, detects fake account creation and account takeover attempts for gig economy, marketplace, and financial technology applications. Benefits of using Incognia’s location-based digital identity include reduced false positives and a low friction user experience.