What Is Clean Fraud?
Clean fraud involves fraudulent transactions that don’t get easily detected because they appear extremely legitimate. These methods often use real data which has been stolen or otherwise acquired by a third party. However, clean fraud is an umbrella term and can take many forms.
For instance, a criminal steals someone’s credit card and personal details. Then, they use these to defraud online retailers out of cash or valuable goods.
For all intents and purposes, the cybercriminal looks like a legitimate customer, so the merchant is likely to believe the claim and demonstrate goodwill.
Since clean fraud uses unique data that appears genuine, it is much more difficult for both algorithms and humans to flag.
How Does Clean Fraud Work?
Clean fraud is almost always financial in nature and targets ecommerce and other merchants, together with the use of bank cards and/or online payment methods.
A simple clean fraud scenario is:
- A cybercriminal gains access to someone’s account on an eshop website.
- Pretending to be the known and trusted user, they claim an item ordered was never delivered, and they want a refund.
- The merchant looks into the claim and assesses it.
- Though the item was delivered to the legitimate customer, the merchant cannot know this in most cases – and believes the claim due to their prior relationship.
- The merchant refunds the criminal’s payment method or provides a gift card to be used fraudulently.
In such a scenario, the merchant has a pre-existing relationship with the cardholder and/or customer, which means they are likely to consider them trustworthy. This means the merchant is more likely to take their word for the claim of a missing or faulty item, or a non-processed refund.
Examples of Clean Fraud
There are several types of clean fraud, sometimes simple and others more sophisticated. In fact, ecommerce fraud and ecommerce-adjacent fraud is projected to cause losses of over USD 20bn in 2021, rising from USD 17.5bn in 2020, according to Juniper Research.
Here are just a few:
- Friendly fraud: Types of clean fraud committed by legitimate users/shoppers, these can often be opportunistic in nature. For instance:
- cancelled order fraud
- non-delivery fraud
- return fraud
- chargeback fraud
- First-party fraud: When the fraudster provides false personal information when applying for a product (often a payment card) but does not pretend to be someone else. For instance:
- check kiting
- mule activity
- abuse of current/checking account
- Fraud by false claim: Taking advantage of the chargeback process of bank and payment cards to defraud companies into paying money.
- Account takeover (ATO) fraud: Fraud committed by someone who gains access to an account and poses as a genuine customer to make unauthorized transactions.
The above is by no means an exhaustive list and, as it happens with all cybercrime, new methods continue to be invented – with fraud fighters frequently updating their solutions and strategies, too.
How to Avoid Clean Fraud
A wide range of cardholder identity verification tools are used to avoid clean fraud.
Merchants are advised to keep up to date with safeguards put in place by card issuers to bolster the likelihood that the card is being used legitimately by the rightful owner.
For example, requesting the CVV number next to the cardholder’s signature. Further, 2FA and MFA measures are increasingly requested both by merchants for access to eshop accounts, and by payment approvers when paying online.
A very small business owner who trades online might be able to pick up inconsistencies in shipping addresses or other information. However, this strategy does not scale up – and is unreliable to begin with.
Instead, complete fraud detection products make use of what we know already, identifying patterns in historical cases of clean fraud in the market at large, in the sector and on each individual eshop who adopts the technology. Even successful new incidents of clean fraud provide valuable information on the methods used, helping fine-tune and strengthen future defenses.
Based on configurable decision trees, fraud risk scores are calculated. Fraud analysts can then choose to contact any customer whose moves appear suspicious at the manual review stage, for confirmation of their identity and activity.
How to Detect Clean Fraud
Some ways in which to spot clean fraud include:
- Address Verification System (AVS)
- CVV/CVC/CID codes
- data enrichment
- email and phone number verification
- fraud detection platforms
- login monitoring
As you can see, clean fraud can come in several forms. In fact, it is difficult to detect by definition because it evades traditional anti-fraud tools, detection algorithms and methods.
However, clean fraud can come with inconsistencies and missing customer credentials. Sometimes, detection is down to requesting more personal data from one’s customers, including information that is not traditionally sold along with stolen card credentials. AVS and CVV requests, for instance.
Solutions such as data enrichment can help decide whether someone is who they claim to be, while more comprehensive monitoring of financial transactions can make use of machine learning and artificial intelligence to flag suspicious patterns of various types.
As always, the best clean fraud detection solution for each organization depends on their industry, size and other factors.
Juniper Research: Ecommerce losses to online payment fraud to exceed $20 billion annually in 2021
Contact Us for a Demo
Feel free to reach out to us for a demo!