How to Prevent Account Takeover for Buy Now Pay Later Companies

by Florian
In order to understand how to combat fraud, we sometimes have to think like fraudsters. To that end, we’ve previously purchased travel tickets on the dark web. Today, we’ll apply for a loan with stolen ID.
An important disclaimer: This article is not a guide, and we do not condone illegal activity. Our platform is designed to fight against fraud, which is why we sometimes have to step into fraudsters’ shoes to understand how they work.
Like with many other illegal online activities, it starts with the dark web. This is the collection websites on the internet that are encrypted, non-indexed by search engines, and require specific tools and software to access.
The darkweb’s main appeal is that it provides anonymity. Using the TOR browser, you can visit special .onion addresses that are only accessible via its hidden service protocol. Alternatively, fraudsters can use I2P, which makes use of a peer-to-peer-like routing structure.
It is where you will find most illegal marketplaces. However, it should be noted that some marketplaces regularly appear on the clear net, which means you can access them with a standard web browser (Chrome, Safari, Firefox, etc..)
We’ve already written a complete article on why fraudsters love payday and fastloan companies. But according to the description of a fraudster guide, this is how they see it in their own words:
“Payday and installment loan companies are generally low security as they charge such high interest rates and want to process as many loans as possible. Also due to their nature they are quick to pay out. This makes them ideal targets for loan fraud, and our guide will show you how to make EASY MONEY! Not just limited to payday loans, this guide also works EASY with other loan companies.”
While we didn’t actually go through the illegal process ourselves, we gathered enough evidence to prove that loan fraud is rampant. This is how easily we could find everything we needed:
After installing the Tor browser, we had no problem accessing a few known darknet marketplaces. Just browsing the products available revealed that beginner guides abound.
Fraudsters have coined the term fullz, referring to a full combo of personal ID details. They usually include a first name, last name, ID documents and optionally a credit card (CC) number.
Of course, loan companies try to protect themselves from scams by deploying credit scoring systems. Unfortunately, fraudsters have a way around it. They simply purchase background and credit information with pre-existing high credit scores for their applications, which they pay with a stolen credit card to avoid unnecessary expenses.
Another common way to flag fraudsters is to block suspicious IP addresses. Once again, this is easily fooled simply by purchasing a validated IP address, as shown here with this screenshot of Socks5. It allows anyone to buy from hundreds of UK-based residential IPs:
You can read more about IP lookup tools here.
Loan companies will pay directly into a bank account. Fraudsters can simply purchase one from an illegal marketplace. It will sometimes provide a credit or debit card along with the required IBAN number:
Most online companies will implement 2FA authentication these days, which requires a phone number. Fraudsters can easily download apps from the App or Play store to generate numbers on a “burner” phone – one that is designed not to leave a trace.
At this time, fraudsters have already found everything they need. But loan companies sometimes require extra document verification proof showing at least basic information. Since it’s unlikely fraudsters already have the exact paperwork they need, they can simply use an online service that photoshops the right paperwork for them.
Finally, fraudsters will need to wire the loan to the bank drop. Cashing the money out from the bank drop is really easily nowadays. This usually means sending it to a cryptocurrency exchange, where they can buy bitcoins or other currencies, which can be used to continue purchasing goods or more fraud tools.
At every step of our research, we were amazed at how easy it would be to defraud loaning companies. No wonder, it is one of the most targeted verticals by fraudsters.
But if you are in the industry, don’t despair. Using a combination of tools and processes, you should already have enough data points to create a much more precise of who your borrowers are:
Finally, at SEON, we are continuously striving to educate fraud managers and organization leaders on the best practices to combat fraud.
Click here
Join over 6000 companies in getting the latest fraud-fighting tips