Solutions overview
Harness the power of your data
Support and investigations
Support services for Ravelin
Online payment fraud
Account security
Policyabuse
Marketplace fraud
3DSecure
Resource Zone
Deep dives on fraud & payments topics
API & developer docs
APIs, glossary, guides, libraries and SDKs
Global Payment Regulation Map
Track PSD2 & more with a full report
Blog
The latest fraud & payments updates
Insights
In-depth guides to fraud, payments & security
About Ravelin
Discover the story about Ravelin
Careers
Join our dynamic team
Customers
Read more about our happy customers
Press
Get the latest Ravelin news
Support & investigations
Accept more payments securely
Protect your customer accounts
Policy abuse
Stop policy abuse to protect your bottom line
Ravelin for marketplace fraud
3D Secure
Ravelin 3DS & SDKs
Resource zone
Global Payment regulation map
Read more about our happy custmomers
Blog / Fraud Analytics
Tonya Robertson, Airline Fraud Expert with South African Airways, shares insight into the murky underworld behind credit card fraud covering corporate referral fraud, social engineering and human trafficking.
Share this article:
Passionate about tackling fraud, Tonya has assisted and contributed to the success of many high profile investigations for a number of international law enforcement and government bodies. She currently oversees fraud prevention in Europe for South African Airways (SAA), takes part in the European Airlines Fraud Prevention Group and Europol’s Airline Global Action Days, and is on the IATA Fraud Payment Standards Working Group. Tonya also shares her knowledge at major industry events, conferences and webinars.
Recently my friend's credit card got compromised. If I’m honest, I wasn’t really that surprised. She has more cards than her purse can hold and only reconciles her purchases when she happens to find some crumpled receipts in her coat pocket. She called me for advice and once she’d read through the suspicious transactions and convinced me that she definitely hadn’t made the purchases for £500 of champagne and 3 airline tickets to Majorca, she decided to call her bank's fraud department to report it.
About half an hour later she called me back to say it was all sorted and then followed this up with, “I still don’t understand what’s so bad about credit card fraud? It’ victimless, right? The banks happy, I’m happy, the merchants are insured and nobody got hurt.”
I’ve heard this sort of reasoning many times and as comforting as it may be to some, it is very far from the reality of what the real consequences of fraud are, and the human element behind every transaction.
We often hear that fraud is a facilitator for other crimes and that the actual fraud is not the most damaging crime itself. But what other crimes are actually being committed and who are the victims? What is the true cost of credit card fraud – both personal and financial?
As we delve deeper into this murky underworld, the true impact of this apparently victimless crime should fuel everyone’s desire to stop this activity, in every form. Not just from a financial perspective, but a moral one as well.
The scale of the crimes varies but the outcome and the repercussions can reverberate long after the event. A lot of the lower level operators will target individuals. This is rather for personal gain than part of a larger organized crime group. While this may be an easy payday for a criminal, there are those who are much more ambitious and perhaps feel that the gains of something on this level are not worth the risk or their time and this is where the serious and organized criminal elements enter the playing field.
So how do you extract maximum gains from one piece of plastic? With fraud screening solutions improving, criminals are increasingly turning to more complex and sophisticated methods to maximize gains.
One of the most severe examples I’ve seen is how three compromised credit cards destroyed a 50-year-old family-run business in one day, through an elaborate Corporate Referral Fraud scheme. And they weren’t the only victims of this crime who would have to deal with the consequences for years to come. In many ways, this is the perfect fraud. A combination of good old fashioned impersonation, a fake referral and the anonymity and speed that the digital world of internet and email affords us. Couple that with a way to bypass technology and fraud checks and you have an almost guaranteed success rate. But what other types of crime was this fraud facilitating?
Let’s take a journey to the other side to see how this version of a social engineering scheme plays out.
The fraudster performs some online research to find a Company with multiple international offices. He searches for an executive’s name and title and then sets to work creating an email address which is very similar to the real corporate email address but just adds an extra character.
The fraudster then impersonates a genuine employee, usually a senior executive, of one of the companies’ overseas branches and contacts the main office to ask who their corporate travel agent is, usually under the guise that their usual agent is closed due to relocation or similar. Once he finds this out, the fraudster will contact the travel agent and advise of the referral with the aim of securing flights for numerous employees either through a credit line or using stolen credit cards as payment.
The fact that the fraudster presents himself to the agency through a “chain” and through a recommendation from a known corporate client, creates false trust and the agency may then feel safe issuing the ticket as the sale came through the referral of a trusted corporate company employee.
In the numerous examples I’ve seen, it was obvious that airline tickets were being purchased for large groups of travelers using compromised card details and large groups meant maximum gains but who were these people and what was their reason for travel? What struck me as particularly odd is that they would never utilize the return portions of their tickets. It turns out that the unfortunate passengers were indeed victims of trafficking and en route to an unknown fate in their destination country. The travel agent didn’t escape unscathed either. Bookings of this volume are usually worth in excess of €100 000 and that’s a significant amount for one business to lose in a day.
Criminals know where the vulnerabilities and weaknesses are and rely on their being some level of disconnect amongst the various players. The ability of an industry to work collectively towards solving this problem is also key, and so is disrupting the ‘business model’ of criminal enterprises behind human trafficking and the funding of other crimes.
Criminals also rely on the fact that many cross border frauds such as this one traverse so many jurisdictions that it is very difficult for law enforcement to take any action. Often the credit card may be issued in the United States, the travel agent who has been defrauded is in Europe and the actual flights are booked between Accra and Dubai. With multiple police reports filed in dozens of different countries, many times even though the same crime is being perpetrated over and over again there is no central point of intelligence collation.
Having knowledge of how this kind of fraud works enables potential victims to detect red flags and cease transacting before it’s too late. Never underestimate the due diligence you perform on both referred and new clients. You could be one phone call away from saving your business and the unfortunate destiny of one of the many victims on the receiving end of this crime.
Jessica Allen, Head of Content
Fraud prevention is a delicate balance between stopping fraud and maintaining good customer experiences. But what is the most effective way to measure this outcome?
Ravelin Technology, Writer
Blog / Machine Learning
Online payment fraud is one of the biggest threats facing grocery merchants. And it’s only gotten worse. How are fraudsters using the cost of living crisis to take advantage of your business?
There’s a new fraud threat on the rise – and it’s your customers. First-party fraud is infamously tricky to catch and a huge revenue risk. How can you detect and deter criminal behavior in your customer base?