Solutions overview
Harness the power of your data
Support and investigations
Support services for Ravelin
Online payment fraud
Account security
Policyabuse
Marketplace fraud
3DSecure
Resource Zone
Deep dives on fraud & payments topics
API & developer docs
APIs, glossary, guides, libraries and SDKs
Global Payment Regulation Map
Track PSD2 & more with a full report
Blog
The latest fraud & payments updates
Insights
In-depth guides to fraud, payments & security
About Ravelin
Discover the story about Ravelin
Careers
Join our dynamic team
Customers
Read more about our happy customers
Press
Get the latest Ravelin news
Support & investigations
Accept more payments securely
Protect your customer accounts
Policy abuse
Stop policy abuse to protect your bottom line
Ravelin for marketplace fraud
3D Secure
Ravelin 3DS & SDKs
Resource zone
Global Payment regulation map
Read more about our happy custmomers
Blog / Account Takeover
Ravelin and KPMG hosted Addisson Lee, Deliveroo, Eat First, Gett Taxi, Hailo, One Fine Stay, and Just Eat for the inaugural roundtable to discuss tackling payment and account takeover fraud on an industry level rather than merchant-by-merchant.
Share this article:
We were privileged to host a roundtable with KPMG to discuss the fraud threatscape and how it specifically affects the the on-demand industry. We were joined by representatives from Addison Lee, Deliveroo, Eat First, Gett Taxi, Hailo, Just Eat, and OneFineStay, all contributing under the Chatham House rule. As it was the initial meeting, the discussion was wide-ranging as we looked to tease out areas of mutual interest, which ended up being a rich seam.
All participants agreed that the scale of fraud was enormous and growing. This was independent of whether the company was managing fraud threat well or struggling, and whether they were dealing with thousands of transactions or tens. There is a standing army of fraudsters whose bots are checking the edges of security, keen to exploit any weaknesses. Although it is impossible to estimate precisely, there was a general consensus that the numbers of people attempting online fraud is growing year on year - logical if we consider the young age of the typical online fraudster.
Add to that there is a definite improvement in the sophistication of the techniques being used. Some of the participants had seen fingerprinted devices cloned in 10 minutes. The group also reported that credit card details are ‘cleaner’ meaning the stolen details correspond to where the fraud is taking place. Card testing is done efficiently today with successful card details being ruthlessly exploited in minutes. And perhaps the most damaging evolution within the fraudster community is heightened co-operation amongst fraudsters- with coordinated attacks becoming more common and more effective.
Thirdly the behaviour is becoming brazen. Fraudsters are happy to call in to support lines to query rejections. For larger scale frauds they will even invest in false IDs. Fraudsters have also been known to evade online security checks by placing an order via phone, if the option is available. And even companies that provide a service where the person has to be present to receive or use it - a natural deterrent one would think - will still be targeted as the perception is that there is little chance of being caught.
With a very notable exception most participants had rarely resorted to engaging with the legal authorities to tackle fraud. For the simple reason that the police are focused on larger scale fraud and therefore either uninterested or under-resourced to deal with low-level fraud. The book of evidence required to convict someone of lower level fraud is fairly onerous and hard to resource as it can be expensive in terms of time to attend court along with compiling the evidence required - read more about this here.
One participant however took a different view. They invest in active detective work: filming fraud in progress and catching people in the act. The goal is to earn a reputation amongst street-level fraudsters that they will prosecute in an effort to deter future fraud. This company budgets for these prosecutions as part of an overall revenue protection budget from which are drawn the resources to not just prevent fraud, but to pursue perpetrators when the prevention has failed. This approach is notable for its rarity in on-demand but may become a model for others.
Another shared observation was that in on-demand where new companies emerge regularly, each of them seems to have to independently experience fraud before taking action. One unexpected consequence of emerging companies having lax security as they bid for growth is that they keep low-level fraudsters in play, as there is a constant supply of new targets to attack.
The table was agreed therefore that it made sense to try to educate new B2C-focused businesses on the fraud threat and what steps they can and should take to avoid becoming targets. Perhaps the VCs and incubators could be a route to doing this as it is investor money that inadvertently sponsors fraud. There will need to be further discussion on what those education materials look like but that they are needed is without question.
Perhaps the major theme to emerge was a desire from the whole group to see active, meaningful and ongoing co-operation between companies within the on-demand industry. While more established industries have been sharing information on fraud threats and fraudsters for some time, the on-demand industry is so new that these don’t exist yet. A consequence of this is that companies are trying to manage the problem independently when it would be much more efficient to tap into the experiences of others and share not only best practice but also data and specific information on active fraud threats.
This roundtable was a really encouraging first step. Now we just need to keep the conversation going so that we can look at ways to co-operate and educate one another along with emerging companies. A key takeaway was a keen desire to look at ways of sharing data to stop fraud while taking into account that there are potential privacy implications that need to be considered Moreover, we collectively want to move away from an atomised approach to solving this issue. We know that fraudsters co-operate so it is time that those who battle with them do too. For anyone interested in further participation or to find out more details they can contact me at gerry dot carr at ravelin com.
To learn more about online payment fraud visit our insights page.
Gerry Carr, CMO
Blog / Fraud Analytics
Fraud prevention is a delicate balance between stopping fraud and maintaining good customer experiences. But what is the most effective way to measure this outcome?
Ravelin Technology, Writer
Blog / Machine Learning
Online payment fraud is one of the biggest threats facing grocery merchants. And it’s only gotten worse. How are fraudsters using the cost of living crisis to take advantage of your business?
There’s a new fraud threat on the rise – and it’s your customers. First-party fraud is infamously tricky to catch and a huge revenue risk. How can you detect and deter criminal behavior in your customer base?