Blog / account takeover
A simple introduction to Connect, Ravelin's graph database
Connect shows all the links between new accounts and existing ones, creating vast networks of relationships. This means it is easy to spot when a new account is linked to past fraud activity.
Ravelin’s graph database is called Connect, it allows you to create a graph of your customers using high-cardinality data points, such as emails, phone numbers, device IDs or payment methods. These are totally unique data points which are unlikely to change. When two customers share an attribute, they will be connected in the network.
Connect can be used to detect:
- Online payment fraud
- Account takeover (ATO)
- Voucher and promotions abuse
- Refunds abuse
- Fraudulent insurance claims
Data points shown in Connect
Depending on the use case, Connect can display the below data points in the network:
The graph can be enhanced to show additional information about customers including chargebacks or manual reviews. Connect also allows you to add a tag to customers (for example VIPs), and the search for customers with specific tags.
It’s also very easy to add new unique, sharable data points, dependent on your business case - just ask us.
Example genuine customer in Connect
This is a snapshot of a genuine customer network and the numerical data behind it. The network is five years old.
The network is relatively small - there is a connection between two users in a shared card, but there are no other users. It’s also important to note that both users have several devices they use independently, rather than having few shared devices.
Using Connect to detect fraud and negative activity
Connect can be used to detect a range of fraudulent and negative user activity - here are some examples.
Online payment fraud
With typical online payment fraud, or card-not-present (CNP) fraud, fraudsters create new accounts to appear as new customers and use stolen credit card details to make purchases.
Card details can easily be blocked, so fraudsters often buy hundreds or even thousands of card details.
We commonly see:
- Users adding multiple credit cards to an account to make new orders.
- One device being used to open lots of new accounts in a short space of time.
Often fraudsters will have used the same device or email in another account previously, and so when they open a new account it will be linked to their past activity.
A steady stream of data breaches and the widespread tendency for customers to reuse passwords have led to an increase in account takeover (ATO) activity.
You can use Connect to identify ATO networks through searching for:
- Multiple existing accounts being accessed from the same device
- Multiple accounts existing accounts suddenly becoming linked by new details (address, phone number)
Connect allows you to see when an account joined a network, so that you can investigate genuine accounts so that they can be recovered for the customer quickly.
Merchants often offer vouchers, referral schemes or promotions to attract new customers, especially during expansion. Fraudsters, or even genuine customers, may abuse the voucher system by attempting to use the same voucher multiple times with new accounts.
Using Connect, we can assign each voucher an ID to enable you to:
- Set limits on the number of uses per voucher
- Configure how many vouchers within a set network distance counts as abuse
- Apply different levels of control for different voucher types
Even though this activity is not strictly fraud, it’s important that merchants can stay in control, otherwise the cost of running promotional schemes may end up being wasted on people who are already users, instead of attracting new customers.
Similar to voucher abuse, refund abuse is not technically a form of fraud, however there are still some serial offenders. Fraudsters or genuine customers can request refunds on most of their orders - sometimes up to 80%. In many cases, this means the merchant is losing money through the customer.
Connect allows you to:
- Tag customers abusing your refund policy
- At time of score, check each customers network for the tag (within a set distance)
- Offer different terms and conditions to protect yourself from abuse, or block users in refund abuse networks
A fake account network
Insurance firms can be vulnerable to claims abuse - for example car insurers. Customers either fake crashes or perform ‘crash for cash’ schemes and submit excessive claims. This activity is often repeated with the same actors, vehicles and locations involved.
Connect can help the insurance merchant to act on this by:
- Tagging customers with claims and checking a customer’s network for the tag (within a set distance)
- When a policy is requested, offer different terms and conditions, adapt the pricing, or investigate further before offering a quote