Rethinking online fraud through criminology, from opportunity to repeat victimization

To better stop fraud, fraud teams want to understand why people commit fraud. But most frameworks stop short of answering that question in a useful way.

At Ravelin, we have often turned to crime theory to better inform our methods, products and strategies – and, in fact, some of our colleagues have backgrounds in crime fighting and criminology, including myself.

Let’s explore the lessons criminology has to further our understanding and prevention of fraud.

Crime theory frameworks for fraud

One of the earliest attempts to systematize scientific understanding of fraud through the lens of criminology comes from the 1950s, when Dr. Donald Cressey proposed the “fraud triangle” as an attempt to explain the psychology of fraudsters.

This classic fraud triangle says that crime happens where pressure, opportunity, and rationalization intersect. Originally devised to understand occupational and financial fraud, the triangle explores the conditions that drive someone to commit a crime.

Later developments in criminology built on this concept. In 1979, researchers Lawrence Cohen and Marcus Felson first proposed routine activity theory (RAT), which adds important context, looking into not just why crime happens, but also when it becomes possible.

They proposed that crimes occur when three factors coincide in space and time:

1. a motivated offender

2. a suitable target

3. the absence of a capable guardian

Although it’s almost 50 years old, the work by Cohen and Felson translates surprisingly well to the digital arena and offers a practical way to think about crime theory and fraud today.

How opportunity for fraud is created, according to RAT

In the modern, online context, we can think of:

• fraudsters and policy abusers as the motivated offenders

• ecommerce companies as the suitable targets

• vulnerable points in the customer journey – or sub-par fraud detection strategies – as the missing guardians

When these three prerequisites occur, that’s when there is opportunity for bad actors. And just like in traditional crime, opportunity matters.

Our goal as fraud fighters is to identify what we can influence or change across the three factors – motivated offenders, suitable targets and absence of guardians – to alter the dynamic that creates the opportunity.

The tricky thing is, we don’t want to be an attractive target for fraudsters and policy abusers, but we do want to be attractive to good customers.

But the things that make us attractive to good customers can also be the same things that give fraudsters and policy abusers an opportunity to monetize bad behavior.

So, for example, a frictionless registration, login or checkout experience is way better for customers but can also make accounts vulnerable to account takeover or card-not-present fraud. A generous refund policy can be a differentiator but can also be taken advantage of.

If you are being targeted by fraudsters, and you don’t change this dynamic, you will likely continue to be targeted.

Repeat victimization in fraud

If you don't alter the dynamics at play that create an opportunity, there is a good chance you will be targeted over and over.

This is because of repeat victimization – a phenomenon central to crime theory and online fraud which allows us to understand why some organizations are continually targeted.

In fact, in the world of social media, which has helped the surge in consumer fraud massively, not only do offenders return to your online shop if they get away with previous attempts at fraud, but they also let others know that your defenses are low or non-existent – in a vicious circle that can wreak havoc on your revenue.

Fraudsters share knowledge, reuse effective tactics, and return to exploit vulnerabilities for as long as it’s possible to do so.

Prevention is really about making sure those conditions no longer exist.

You can see how this plays out in Ravelin’s work on account takeover prevention. Patterns in attacker behavior help us pinpoint the places they’re looking to exploit along the customer journey.

When thinking about the way criminals take over accounts, credential stuffing attacks are one of the most common kinds of attacks we see.

An online business that does not block this type of attack will end up being targeted again by the same fraudsters as well as other bad actors. On the contrary, if the merchant is able to identify and stop attacks effectively, the fraudster is less likely to try again.

Five questions that shape fraud detection

What makes routine activity theory so practical is the way it breaks down prevention into five clear questions.

Let’s run through them:

1. How can we increase the effort? Add targeted authentication, device fingerprinting, or step-up authentication at key points to make attacks harder. Our approach to protecting the customer journey utilizes machine learning and data science to counter fraud.

2. How can we increase the risk? Make it easier to detect suspicious behavior so that bad actors are more likely to be identified. For example, linking accounts and transactions through shared data signals to expose fraudulent patterns.

3. How can we reduce the reward? This might involve adjusting refund or loyalty systems or flagging repeat offenders before they cash in. Various return and refund abuse prevention strategies demonstrate that reducing the reward reduces most of the appeal – and results in lower fraud rates in total.

4. How can we reduce provocation? Address the environmental factors that encourage abuse, such as overly flexible promotions, unresponsive customer support, or unverified sign-ups. Small tweaks here can often shift behaviour more than people realise.

5. How can we remove excuses? Make the rules clear and visible. Transparent refund terms and easy-to-understand promotion rules reduce the “I didn’t know” defense that often drives policy abuse.

These questions are intended to help change the dynamic outlined within Routine Activity Theory and effectively reduce the opportunity for bad behavior.

Because we are balancing fraud and customer conversion, we can never completely eradicate criminal behavior.

However, we can make it difficult enough that most offenders give up and find easier targets.

Putting theory into practice

At Ravelin, we take a similarly systematic view. Our approach combines AI fraud detection that includes ML, LLMs and NLP to identify suspicious customers.

We look at how online fraud unfolds across the entire customer journey, from login to checkout, and help our merchants apply interventions that ensure the experience is seamless for legitimate customers and painful for bad actors.

Our technology helps merchants prevent payment fraud, account takeover, refund and promotion abuse, and marketplace fraud, all while optimizing payments with tools including 3D Secure and transaction optimization.

The idea is simple: strengthen the tools, systems, and features wherever the customer journey is most vulnerable. Be the capable guardian that prevents crime in routine activity theory.

Crime theory, data and curiosity

Fraud happens because people find opportunity. And the better we understand those opportunities, the better we can address them.

Criminology reminds us that behind every dataset is human behavior composed of patterns, motives, and habits. When we take a closer look at these factors, we can unearth crucial intel about how fraudsters adapt, predict the conditions they love to exploit, and then make it as difficult as possible for them to exploit them.

To see how this approach translates to real-world protection – and how sophisticated fraud detection does not just limit fraud but helps give good customers great experiences – our breakdown of Ravelin’s fraud solutions are a great place to start.

Related resources

• The lessons crime analysis has for machine learning and fraud
  
• How to raise awareness and get buy-in for an account takeover solution
• A marketing push can invite fraud – here's how to prepare
• Guest post: Credit Card Fraud – the Crimes Behind the Crime
• ML model building: Here's how Ravelin builds machine learning models