Frustrating Fraudsters the SEON way
We’ve prepared a breakdown of some of SEON’s most telling insights into the world of online fraud in 2022 sourced from our recent fraud prevention data.
But first, a quick look at one of the most important strategies we use to fight fraud, which directly affects our findings.
What Is a Digital Footprint?
The term “digital footprint” refers to data about us that is available on the internet.
This ranges from registered accounts on various websites and services to our social media accounts and public posts – as well as content on all sorts of digital platforms, from ads to forum comments.
These traces we leave online amass over time as we use the web, throughout our lives. And, with 4.55 billion social media users today (58.8% of the global population), there is a lot of such information out there.
A digital footprint is a valuable source of information for background checks, as it can tell us a lot about a person without having to speak to them, giving us an idea of who they are and whether they are trustworthy.
Fraud detection and prevention is an industry as old as ecommerce itself, going as far back as 1984 – the dawn of online commerce. The battle between cybercriminals and fraud prevention is an ever-evolving landscape, with innovation on one side driving the other.
In the past decade, cybercrime has exploded with the help of darknet markets, cryptocurrencies and specialist groups offering everything needed to commit fraud to would-be criminals.
Estimates put global losses to fraud at $5.38 trillion a year today.
Who Uses Digital Footprint Analysis?
Almost everyone has a digital footprint.
Since this data is freely available, it can provide insights into who we are and what we like – as well as help risk and fraud prevention professionals, HR and law enforcement as part of screening or investigation processes.
Combined with in-house data, it can give companies a fuller picture of the individual we’re looking at, providing incredibly useful real-world context.
Fighting Fraud with Digital Footprint Technology
SEON’s innovation lies in finding the weak spot in how fraudsters operate. We know it’s trivially easy for them to acquire the personal information and credit card details of any victim, and they are relentless in scaling their attacks with whatever information they have at hand.
What is much more difficult and time-consuming for a fraudster is replicating the organic digital footprint that every legitimate consumer leaves behind.
When you or I make a purchase online, we do so with honest, good intent, providing our email as registration information – a sign of trust towards the business. When a fraudster attempts the same, provided they don’t have access to our email, they register a convincing throwaway account.
In fact, we’ve calculated that 98% of fraudsters will create a new free email account to match the stolen card details they are attempting to use.
The difference between the two is obvious: My email address is associated with dozens of social media accounts, while a throwaway isn’t registered or active anywhere. For SEON, that’s a massive red flag.
What Does Fraudsters’ Digital Footprint Look Like in 2022?
Applying this strategy as a core part of our fraud detection and prevention solutions, we have loads of data that can help us discern what fraudsters are doing to try to trick organizations in 2022.
We have looked at our internal transactional data in three different sectors – ecommerce, online lending and iGaming – representing SEON’s defense systems in live environments.
What we found is telling…
IP Addresses Are Linked to the Most Triggered Rules
Across different sectors, the majority of rule triggers (associated with higher risk scores) are related to IP addresses. Why? Fraudsters use proxies and VPNs for two purposes:
- Operational security: They don’t want to get traced and caught.
- To mimic their victims: To match the online presence of their victims, who are often in other, sometimes richer, countries.
Accordingly, our statistics show that 52% of rule triggers in iGaming and 65% in ecommerce were related to IP addresses. This means that transactions and user actions were flagged because the IP they were using was considered high risk – showing the popularity of VPNs and proxies among cybercriminals as their weapon of choice.
This is why it’s key to have good device fingerprinting and proxy detection in place. It acts as your first line of defense against fraud.
More Accounts = Safer to Approve
Next, we looked at transactions that were approved, declined or flagged for manual review.
How many profiles can we find for each email address, and how many data breaches was that address involved in?
For example, in ecommerce, approvals are certainly linked to a wider presence online. These legitimate users have 5.68 social media/online platform accounts on average.
On the contrary, declined transactions only had 2.89 of these accounts on average. As for those sent for manual review, they are in between these, at 3.37 social accounts.
The iGaming industry and online lending sector demonstrate a similar trend, with 4.34 vs 1.26 average profiles for the former and 5.45 vs 1.02 for the latter.
In simple terms, this means that in online lending, the average applicant who gets approved has an online presence that spans between 5 and 6 online profiles (social media, review websites, crowdsourcing platforms, messaging apps, etc.).
On the other hand, the people who were rejected only had 1 or 2 digital profiles on average. Considering how some free email providers auto-populate certain social profiles with your address as soon as you sign up, this number is very small – and suspicious.
More Data Breaches = Safer to Approve
The digital footprinting picture is similar when we look at the number of data breaches in which the email address was involved.
This is done through the lookup module, which will search known lists of leaked emails, using the haveibeenpwned data breach API. We also take into account when the breach is from, because this is evidence the email account existed at the time.
The results once again show how potent digital footprinting is in assessing user intent.
In ecommerce, “good” users who were approved automatically had been involved in 2.44 data breaches on average. Fraudster addresses were only at 0.68 on average.
In iGaming, the average legitimate account had been involved in 1.26 data breaches in the past. Suspicious accounts were similar to ecommerce, at 0.65.
As for loan applications, the difference is also impressive: 1.02 vs 0.15 breaches.
Considering how the biggest data breaches in history were massive, it goes without saying that most people’s email addresses will have appeared in some. For the record, Yahoo’s in 2014 exposed 3 billion accounts, and the 2020 incident at Marriott leaked the data of 505 million guests.
Key Findings on Digital Footprinting for Fraud
Tellingly, across industries the pattern holds true: Approved transactions have in general triple the number of digital profiles associated with them than blocked ones.
This is also true for the number of hits in data breaches.
This means that our bet was right: Fraudsters are relatively lazy and will settle for throwaway addresses with virtually no online presence. As such, social KYC checks act as a strong second line of defense, thwarting the efforts of fraudsters.
We were also curious about how this pattern evolves over time. What we found is not necessarily indicative of fraudster behavior, but rather how our clients learn to trust our system and adjust their risk thresholds.
Over time they learn to trust the digital footprint signals more and more, accepting more transactions that they would initially consider risky – and thus gaining more revenue without increasing the risk of chargebacks or other losses.
Sign up to download
In order to download this PDF, please sign up to our newsletter.
Thanks for submitting the form, click the button below to download our guide.
Click the button below to download our guide.