Article

10 Anti-Fraud Measures to Protect Your Business and Customers

In today’s digital landscape, no business is safe from fraud, really.

Cybercriminals will target everyone and everything, from giant global corporations to the smallest mom-and-pop shops.

Here’s how to fight back.

1. Keep on Top of the Latest Fraud Trends

Education is the best prevention. This is particularly true in the world of online fraud, where new attack techniques pop up on a regular basis.

For instance, do you know how criminals use triangulation fraud to target online stores, increasing merchants’ chargeback rates and eating into profits? Or how cookie stuffing could make a dent in your affiliate marketing profits?

Pro tip: Follow risk experts on social media, read industry websites like KrebsOnSecurity, and subscribe to the SEON newsletter (which you can do at the very bottom of this page).

2. Identify Your Fraud Risk

No two online businesses are the same, which means fraudsters could attack you in very different ways. For instance, BNPL fraud is nothing like iGaming fraud.

The key is to anticipate the kind of risk you may face, whether you’re established or launching a new business venture, and have proactive measures in place to catch outliers, too.

Pro tip: Run through all the steps in our risk assessment checklist to help you identify potential attacks on your company.

3. Deploy Fraud Prevention Software

So, you’ve gone this far down the list and asked yourself: But how do I do that?

The answer is fraud prevention software. Sure, you could manually perform all the verification steps mentioned above, but if you want to work at scale, it makes much more sense to automate.

Fraud detection software, however, comes in many shapes and sizes. Some specialize in compliance while others are tailored for chargeback disputes, and more. The key is to ensure you have the right tools at your disposal for your needs – and that they give you enough flexibility to evolve with your business as it grows.

Pro tip: Make sure you also read our fraud detection software comparison.

4. Invest in IT Security and Employee Training

Fraud and cybersecurity sometimes overlap when it comes to IT security. You want to protect your user accounts but also ensure that your internal data isn’t compromised.

This isn’t something a lot of business owners want to hear, but risk management shouldn’t be an afterthought. In fact, when done right, it can be a competitive advantage. You are essentially future-proofing your company from bad consequences such as:

revenue fluctuations
stalling of growth
loss of customer trust
bad business reputation
negative press and PR

It’s been shown that a single data leak, for instance, can cause stock prices to plummet by as much as 7.5%. This can be a result of an account takeover, or hacking, for example, but the results are equally detrimental.

Pro tip: Set a dedicated budget for risk management, fraud prevention, and IT security training as soon as possible. Jump to point 7 below to learn how fraud prevention software can save costs and effort.

5. Educate Users About the Value of Their Accounts

We briefly touched upon the problem of account takeover fraud above. In layman’s terms, you may hear the phrase “account hacking”, while some insiders use “ATO” for short. Regardless of what you call it, this tends to happen when users are careless about their login details.

While IT security can go a long way in patching flaws that could lead to ATOs, one of the best practices for prevention is to educate users about the value of their accounts.

examples of security messages steam + facebook

You should regularly ensure that they do not reuse passwords, don’t share login details with anyone, and double-check that the communications they receive from you are genuine to avoid phishing attempts.

Pro tip: You can use HaveIBeenPwned’s API to check if a password was compromised in a data breach.

6. Gather as Much Payment Data as Possible

Moving on to the problem of payments, you may already know how challenging it can be to win chargeback recovery.

It doesn’t have to be that way. If you manage to gather as much information as possible about your customers – even those without an account on your site, you are putting the odds in your favor. Here are examples of suspicious data you should be able to gather:

Use of VPNs
Brand new email addresses
IP addresses pointing to locations far from the shipping destination
etc.

The data is handy if you can look at it in real-time, but also if it’s logged in your system in case you need to dispute a chargeback request.

Pro tip: Read more about chargeback fraud in our guide, including five tips to reduce it today.

7. Verify Identities Without Adding Friction

Trusting people online is hard. This is true whether you’re dealing with customers, affiliates, or business partners.

The problem is that verifying IDs can add a tremendous of unwanted friction. Sure, you can deploy identity verification software to do it for you, but it still makes people pause to take a video selfie or find an ID document, which many consumers don’t appreciate.

The answer could be sourcing alternative data for customer due diligence. Put simply, it’s all about looking at the right signals to ensure you’re dealing with the right person, without directly asking the customer. Instead, you are examining their hardware and software setup, their email address, their IP address, phone number, bank card… For instance:

A phone number pointing to a virtual SIM card could be bad news.
Has this email address been used to register for any social media or online accounts? If not, this is highly suspicious.
Card BINs from prepaid cards carry more risk. What type of card is being used?
Devices with emulators, VPNs, or Tor usage can also point to someone hiding their true identity.

Some of these signals show surprisingly accurate results when it comes to identifying good users versus fraudsters. Social media lookups, for instance, return fantastic real-time results that will flag email accounts hastily created for the purpose of defrauding your company.

Pro tip: Combine alternative data and risk rules to deploy dynamic friction before full identity verification. You can also get a taste of what a BIN (bank identification number) lookup can tell you by entering the first six digits of any card right here:

8. Look Out for New Compliance Requirements

Compliance and regulations are often seen as hoops companies have to jump through. But whenever authorities and regulators create these obstacles, you know that it’s because fraudsters and criminals aren’t far behind.

So how do you ensure you don’t face litigation, fines, and negative press due to compliance issues? You simply have to stay ahead of the curve by noticing regulatory changes in other verticals.

Neobanks, iGaming, and other high-risk industries, for instance, simply cannot afford to stay behind when it comes to understanding and meeting new regulations.

Pro tip: Get started with a primer on KYC and AML, make sure you understand your needs, and move on to more specific compliance features, such as transaction monitoring.

9. Use Dynamic Friction

Dynamic friction may sound complicated, but it couldn’t be simpler. It’s a process that allows you to ask extra security questions when and only when you’re dealing with users you are not certain about. Meanwhile, good users can perform their actions without extra verification, and high-risk users are immediately blocked.

The advantage of this strategy is that you don’t slow things down for the vast majority of legitimate customers. It’s only if you have reasonable doubt that you will ask for an extra piece of ID, OTP verification or a CAPTCHA, for instance.

So, how do you calculate risk in order to implement this traffic-lights system? With risk scores. Put simply, it’s about feeding data through software that lets you decide if something is risky or not.

Pro tip: Read about the basics of fraud risk scoring to make the most of a dynamic friction system.

10. Leverage Machine Learning

Last but not least, it’s time to bring out the big guns: artificial intelligence. Specifically, you want a machine learning system that is able to:

sift through huge amounts of business data
label good vs bad user actions
output suggestions to establish patterns
allow you to understand its decisions

Here’s an example from an online store selling footwear. The company fed its fraudulent transaction data to the algorithm, and received back an interesting finding: Purchases of size eight shoes tended to have a higher likelihood of resulting in chargebacks. The reason turned out to be that it’s one of the easiest shoe sizes to resell – which makes it attractive to fraudsters. But what this allows you to do is set up this shoe size for a little more scrutiny, if you prefer.

Perhaps an eagle-eyed fraud analyst would have spotted the pattern, but what’s interesting is that an AI system was able to identify and draw your attention to this pattern: size eight shoe purchases = elevated risk.

You could leverage the same power to draw connections and identify underlying patterns in your own online business.

Pro tip: Consider the differences between blackbox machine learning and whitebox machine learning to find a system that meets your needs. SEON features both whitebox machine learning to recommend new scoring rules and an additional blackbox ML scoring module that can provide additional confidence and catch new, suspicious trends.

How SEON Does Anti-Fraud Measures

As a full end-to-end fraud detection platform, SEON lets you gather user data, enrich it, score user actions, and leverage machine learning to deploy custom risk rules.

It’s designed by fraud managers for fraud managers, giving you complete control over scoring, data enrichment, and even which machine-learning model to use, and when.

However, SEON is also available as a series of modular APIs to be integrated as and where you see fit, providing the same powerful way to look into your customers – as well as a Shopify extension or Chrome extension.

Ready to learn more? Get in touch below.

Sources