The tools and skills needed to carry out online fraud were once shrouded in murky corners of the dark web, where users needed specialist software to find and learn them. Now, those same tools are available to all through a simple internet search, according to Rich Stuppy, chief operations officer at Kount, which partners with payments company Braintree, a PayPal service, to provide its customers with award-winning anti-fraud technology.
What’s more, customers are becoming increasingly aware of the possibilities of fraud, and as a result companies are losing revenue. “We know that 42% of millennials limit their mobile transactions due to security concerns,” says Klas Bäck, head of international sales at Braintree, “which is akin to almost half of your customers being too scared to come into your store.”
The “toolkits” of fraud – tutorials on how to carry out credit card and online theft – are now so commonplace and freely available on the internet that children have created videos on how to carry out cybercrime, offences which will almost certainly not result in a prosecution, says Stuppy.
The tutorials and instruction materials have graduated from areas of the dark web – the part of the internet only accessible using specialist browsers such as Tor – and now enable a new generation of career criminals and opportunistic thieves to steal from businesses and consumers.
“You used to have to be sneaky about it, you would have to use Tor. Now you can go out to a site and everything you need to know about how to be a smarter fraudster [is there],” says Stuppy. Kount works to combat these cybercriminals by building sophisticated anti-fraud systems that detect and prevent ecommerce and credit card fraud for online and card-not-present merchants.
The spate of large-scale data breaches in recent years, including the theft of the personal details of 500m Yahoo account holders in 2014, now means that the information needed to take over someone’s identity and defraud them are available online.
“Due to data breaches and other factors, all the information that you need to assume someone’s identity is in the hands of malicious parties. They might not have weaponised it yet but if you go out and look at the size of the breaches that have happened – literally billions of records are available,” says Stuppy.
However, the chances of prosecuting this new swath of fraudsters is unlikely, so Stuppy urges businesses to become familiar with commonly occurring types of attacks in order to protect themselves more readily. In many cases, these attacks result in customer accounts being taken over, or created from scratch, and corrupted credit cards used to commit payment fraud.
The key is finding the points where security breaches can occur. Online commerce has created a “digitised customer journey” along which are instances where fraudsters may attack. Defences can then be put at each of these points – for example, where payments are accepted or where an account is created.
“You look at each of those areas,” says Stuppy, “and you put appropriate defences on each of those touch points. The best practice would be to start at the highest value place – for example, if you accept payments, protect that first. After that, you need to protect the account creation process and the process where someone can get in to take over an identity.
“If you are really protected, that gives you a tremendous competitive advantage in going after business that others are afraid to.”
This advice is particularly important when it comes to retailers with mobile presence. Five years ago, mobile transactions formed a small fraction of those protected by Kount. Now almost all of the merchants Kount work with have mobile stores, and these account for 40% of the traffic.
“The thing that attracted us to Braintree many years ago was that they’re very innovative, very mobile-centric and really had a deep concern for having their customers be successful,” says Stuppy. “We integrated Kount into the core processing platform of Braintree and together we’ve been able to help hundreds, upon hundreds, upon hundreds of merchants and businesses protect themselves.”
The increasing sophistication of fraud tools is met with more advanced ways of tackling the problem. Developments in artificial intelligence will improve defences in the future. But for now, Stuppy calls for all of those involved in the fight against fraud to work together against a common enemy: “If we work together we can help turn the tables. It is not necessarily an easy story – but I think it is a story we can win.”
