Solutions overview
Harness the power of your data
Support and investigations
Support services for Ravelin
Online payment fraud
Account security
Policyabuse
Marketplace fraud
3DSecure
Resource Zone
Deep dives on fraud & payments topics
API & developer docs
APIs, glossary, guides, libraries and SDKs
Global Payment Regulation Map
Track PSD2 & more with a full report
Blog
The latest fraud & payments updates
Insights
In-depth guides to fraud, payments & security
About Ravelin
Discover the story about Ravelin
Careers
Join our dynamic team
Customers
Read more about our happy customers
Press
Get the latest Ravelin news
Support & investigations
Accept more payments securely
Protect your customer accounts
Policy abuse
Stop policy abuse to protect your bottom line
Ravelin for marketplace fraud
3D Secure
Ravelin 3DS & SDKs
Resource zone
Global Payment regulation map
Read more about our happy custmomers
Blog / Other
Our CEO Martin Sweeney predicts what's new trends we're going to see in fraud in 2017.
Share this article:
2016 felt like the breakout year for awareness of online fraud. High level cases like Tesco Bank, Instagram, Yahoo! and more led to sensationalist headlines. But what many headline writers miss is the reality of dealing with the consequences of these breaches. For online businesses dealing with the the deluge of small-time criminals possessed of bogus credit cards and stolen identities is a constant battle. Take this chilling offer, one of thousands anyone can find with a few seconds' browsing:
So how do we see it evolving? Here are some predictions:
The longer that crimes committed with card details purchased on the dark web go unpunished the more incentive there is for people to participate. It’s already the most common crime in the UK with 2.3M estimated incidents in 2015-2016. There needs to be a way for businesses to report these crimes to police and have offenders face the consequences of what is, unambiguously, the crime of theft. This will require not just legislation but determination on the part of the legal authorities to act.
Credit card details bought on the dark web with Bitcoins is the typical source of cybercrime and will continue to be so. However we are now seeing the emergence of widespread account takeovers focused at the weak points of security - often user passwords. Details are cheap to buy, the takeover is relatively simple to execute, and the rewards can be rich.
While credit cards details will remain the top target for breaches, increasingly the login details to popular services and a username and password combinations that can be tried in multiple environments are valuable, especially as credit card checks toughen up.
Android Pay, Apple Pay, PayPal; while no individual payment scheme launches without thinking seriously about security, for a merchant and its payment processing the plethora of payment choices means complexity. And complexity inevitably means an opportunity for something to go wrong, an opportunity rarely missed by a fraudster. While no-one wants to slow the emergence of alternative ways to pay, they do need to be considered in the aggregate rather than as discrete services.
Most of the world’s transactions are still being screened for fraud by a combination of rules and manual review- read more about this here. These processes are struggling to cope with the volume and the sophistication of the fraud threat that is out there. 2017 will see the continued transition to more scaleable methods of managing fraud but the cost while that happens is the frustration (for everyone) of increased declines of good transactions.
Some companies in high risk industries will cease trading specifically due to their inability to manage the volume of fraud that they are seeing. This will either be because of losses to fraud or because their merchant accounts are suspended.
It’s a surprising fact that the majority of high risk transaction reviews at the merchant level are undertaken by human analysts. Human insight is a vital tool in the battle with crime, but the actual review of transactions at anything approaching a scaled-up business is difficult to support. 2017 will see the transition of that activity into the creation, correction and maintenance of algorithms that will automate the approval process.
Algorithms, or more likely combinations of algorithms will need to cope with the threats that merchants face. Customers and orders will need to be assessed not just for a single threat vector (e.g. card crime) but also whether there is a risk of account takeover or a breach of some policy that the business has in place. An analyst’s instinctive feel that something is ‘wrong’ with an order is a challenge to replicate but one that data science needs to work hard to do so.
Both cybercriminals and fraud detection tools will increase their usage of social media. Fraudsters will use social media for reconnaissance and identity theft. Fraud detection tools would leverage social media to prove your online identity. Following BYOD, bring your own identity will grow as people will use their private accounts in multiple sites, making social media attacks even more popular
As criminals become more organised we will start to see the rise of services whose purpose is to trawl the web in search of vulnerabilities. The level of technical skill required and relative cost of computing power has limited the extent that AI has been used by criminals. But bot attacks will evolve and become hard to differ from ‘normal’ human activity, which in turn will require more sophisticated approaches to detect and prevent these attacks.
A version of this article first appeared at Information Age.
Learn more about online payment fraud here.
Martin Sweeney, CEO
Blog / Fraud Analytics
Fraud prevention is a delicate balance between stopping fraud and maintaining good customer experiences. But what is the most effective way to measure this outcome?
Ravelin Technology, Writer
Blog / Machine Learning
Online payment fraud is one of the biggest threats facing grocery merchants. And it’s only gotten worse. How are fraudsters using the cost of living crisis to take advantage of your business?
There’s a new fraud threat on the rise – and it’s your customers. First-party fraud is infamously tricky to catch and a huge revenue risk. How can you detect and deter criminal behavior in your customer base?