With an increased volume of online transactions during the holidays, retailers have less time for manual screening and review of transactions – whether they are coming from a laptop, desktop computer, tablet or smartphone. It makes automated fraud screening vital during this high-volume period.
Fraud-prevention platform ThreatMetrix has identified the following fraud threats to especially consider this time of year:
1. Mobile-device spoofing – Merchants are put at increased risk with mobile transactions simply because it’s more user-friendly for fraudsters. Today, most fraud coming from the mobile channel actually originates elsewhere; the device acts like a mobile device.
2. Use of botnets and malware – This is a prominent concern on both traditional desktop and laptop computers, as well as mobile devices, as malware can steal passwords and payment account information. On top of that, many of today’s consumers fail to install appropriate fraud-prevention software on their mobile devices, according to Faulkner. Analyzing anomalous behavior and checking third-party IP reputation can help detect malware.
3. Cookie-wiping – Merchants could previously track repeat visitors through cookies, yet many of today’s consumers and fraudsters remove cookies by using add-ons and private browsing modes. This makes it difficult to recognize suspicious repeat visitors and identify returning good customers; cookieless device identification is more important than ever.
4. IP address cloaking – It has also become easier for fraudsters to spoof or mask IP addresses today. This makes it harder for merchants to know the “true” IP of the visitor and distinguish the good transactions from the bad. Identifying proxied visitors is crucial; this can be done by inspecting HTTP headers, maintaining a blacklist of known proxy sites, dynamically detecting proxied requests and piercing the proxy with a callback request.
5. Use of Virtual Private Networks (VPNs) – VPNs use separate software on the originating device to place it on a different network, showing that traffic is originating from a different address than its true network. To identify fraudsters who are using VPNs, it’s important to monitor time zone and language settings, as well as global anomalies.
For more information about these holiday-season threats, and tactics to defeat fraudsters during this peak transaction period, check out ThreatMetrix videos The Mobile Fraud Threat, Malware and Mobile: How Big of a Threat is It?, and Top Three Tactics to Consider for Mobile Fraud Detection.