The last few years have seen a big jump in digital fraud since the COVID-19 pandemic’s outset in early 2020. Workers transitioned from office environment to working from home while students attended online classes. While studying and working from home was a necessity due to the pandemic, it has changed the global economy in unfathomable ways that people are more inclined to shop online. Larger groups of online shoppers meant that scammers have more targets for their frauds. Hence, the higher incidence of digital fraud. Organizations lose 5% of their revenue each year to fraud and it will likely continue to increase, according to a report from the Association of Certified Fraud Examiners (ACFE).
Types of digital fraud
- Phishing/Spoofing – Scammers attempt to steal sensitive information such as usernames, passwords and credit card info by using fake websites that resembles the real ones. Some cyber criminal organizations even provide Phishing as a Service (PaaS) where they perform the phishing tasks for others in return for a fee.
- Malware/Botnet – The malware steals the credentials while the botnet performs brute-force attacks to test the validity of the stolen info. Compromised accounts can then be sold or used in fraudulent activities.
- Fraudulent account takeover – As mentioned above, compromised accounts can be sold to other fraudsters. Then the fraudster uses the stolen login details to purchase from a legitimate user’s account.
- Website data breach – Hackers penetrate poorly secured websites or databases to harvest credit card credentials or login info. These ill-gotten data is then sold on the dark web to other nefarious parties.
- Online purchase with stolen cards – Scammers buy the stolen card info in bulk, often quite cheaply, then use this info to make large number of purchases online before they are blocked.
- Phoney online store – Such stores are used as fences for goods purchased with stolen cards. Fraudsters can resell the items they managed to buy with the cards in order to earn real cash. No one will question why branded items are sold cheaply online.
- Device spoofing – Fraudsters can mask their device identity to impersonate someone else when making purchases. This makes it easy to manipulate multiple accounts for fraud purposes.
Why is digital fraud so prevalent?
The most common reason is negligence on the part of the customers. Using the same password for multiple websites is the reason why data breaches keep happening. Hackers know that many people reuse their passwords on multiple websites including online stores.
Operators of websites handling online payments share some of the blame for the spread of digital fraud. Security of the website and the data contained within is sometimes an afterthought.
Yes, the website looks pretty and often the top management deems it more than enough to conduct their online business. It’s only after they’ve experienced a data breach that they start to think about data security.
With each data breach, there are potentially millions of credit card details being compromised. That’s why stolen credit card info is easily available on the dark web.
The use of proxy servers and other masking techniques make it next to impossible to find the culprit, thereby rending prosecution of the fraudster a rare event. The low success rate of finding the fraud perpetrator means that law enforcement agencies rarely prioritize online fraud cases.
Digital fraud mitigation techniques
For the operator of websites handling online payments, security concerns must always be on the forefront of any business decisions. Regular security audit should be conducted to screen for vulnerabilities in the website, database or the general IT infrastructure of the organization.
Employees need to be taught how to spot phishing attempts and avoid them. Password policies must be updated to be complex enough to resists even the most vigorous attacks by hackers. Data should always be accessible to only those who absolutely need it to perform their tasks.
External parties such as vendors and contractors can sometimes be the weak link security-wise. They need to be educated and held to the same standards as the staff when dealing with sensitive data.
For online stores, deploying a good fraud order screening solution is paramount. It prevents the store from being abused by fraudsters that can lead to a high number of chargebacks; a highly expensive outcome. FraudLabs Pro fraud prevention solution is one of the online tools to detect and avoid fraud. It’s absolutely free for 500 transactions screening and validation per month!
No organization is ever safe from digital fraud. However, a pro-active stance with regards to IT security can go a long way to mostly mitigate the risks. Past incidents can be used to teach and train the staff to prevent future incidences.