How to Prevent Cryptocurrency Account Takeover

by Jimmy Fong
Modern marketers love referrals and bonuses. Unfortunately, so do fraudsters.
Let’s see how referral fraud works and demonstrate how to prevent it today.
Referral fraud happens when fraudsters find dishonest strategies to exploit referral programs.
If you implement a referral marketing strategy to spread the word about products or services, you must ensure fraudsters don’t abuse your program.
Unfortunately, referral fraud is increasingly common. A Statista survey, for instance, finds that it was responsible for 21% of all fraud attacks on ecommerce sites in 2021.
Referral fraud takes two main forms:
The latter is comparable to bonus abuse and promo abuse, which are highly prevalent in the iGaming and neobank industries, among others.
Referral fraud means that a high percentage of your marketing campaigns are attracting bad users. Here are other consequences:
The last point is particularly worrying for fintech companies such as neobanks who rely on referrals to grow their userbase. If the volume of applications is too high to check whether IDs are legitimate or not, they may face heavy fines.
The global fantasy football company is one of the many who trust SEON to stop referral fraud
Learn whySince referral programs are unique to each business, fraudsters are able to come up with a variety of strategies to abuse them. Here are some key examples.
There are a variety of ways fraudsters can abuse referrals when you work with third-party companies to send traffic to your site.
In this scenario, you have created a referral program with affiliate codes. User X gives their code to user Y and when user Y signs up, both users receive a discount.
This is a strong incentive for users to perform multi-accounting fraud. Put simply, they will create several, if not hundreds of fake accounts in order to refer themselves.
The accounts are created using a combination of tech tools (to spoof their software and hardware configurations) and fake IDs. The new IDs are made up, stolen from legitimate users, or a combination of both called a synthetic identity.
A less sophisticated type of referral fraud happens when users simply reuse the same referral code multiple times.
However, this stems more from a failure of your referral program system rather than criminal behavior. Users who find this type of loophole will no doubt exploit it.
If you’ve closed the repeat redeeming loophole, be careful as some users may even go as far as creating accounts, deleting them, and repeating the procedure multiple times to benefit from sign-up bonuses.
If you’re a Shopify store offering discounts to new customers, account cycling is a type of fraud to watch out for. The key here, like with multi-accounting, is to establish connections between users by logging as much data as possible. You may also find that Shopify fraud prevention apps may help reduce this type of fraud.
If you’ve ever found yourself at a checkout page with the option to enter a coupon, you might have searched for one online.
What you’ll find is that there is a whole cottage industry of websites that specialize in sharing discounts, promo codes, and affiliate links with the general public.
While most would not consider the practice strictly fraudulent, it crosses into a grey area at best, and voids the terms and conditions of your promo at worst.
It is another way in which you may find suspiciously high volumes of discounted purchases without any increase in whatever you are trying to grow in the first place: loyal customers, social media fans, or valuable partners.
Preventing referral fraud requires forethought both at the strategy stage and on a technical level.
In today’s fast-paced world, new business partnerships are faster than ever to develop. It’s also easier than ever for fraudsters to pass themselves off as legitimate businesses.
This is where a bit of foresight can go a long way.
First, make sure that you run strict KYB (know your business) checks on any third-party affiliate. That may include a background check and other kinds of due diligence processes.
You might also want to pay close attention to the first user they bring in and how soon you start experiencing chargeback requests from their users.
After that, you can:
In the example above, which comes from the SEON dashboard, you can clearly see the number of good conversions each affiliate brought.
APPROVE shows when the transactions went through without a hitch. REVIEW shows when there was some concern they might be fraudulent. DECLINE shows conversions that were obviously bad.
Filtering the quality of the traffic in such a way helps you quickly see which affiliates performed the best during a set date range.
And last but not least, you should also consider what conversion ratio is too good to be true. A very high volume of good transactions may point to suspicious payments – and therefore potential fraud.
When it comes to referral fraud performed by users, your goal should be to quickly identify repeat offenders.
In the fraud prevention world, we call it multi-accounting, and it’s mitigated by gathering as much data as you can. You can then connect the dots.
First, you must gather as much information as possible about the new users on your site. Here is an example of the kind of data fields you should be able to fill:
Armed with this information, you can then start looking for connections. Some fraud prevention tools will give you neat visualization features, such as the one you can see in action here:
Are you dealing with multiple customers who log on using the same device? Or sharing an IP address? Referral fraudsters may be able to create identities out of thin air, but their device spoofing is more time-consuming, and therefore easier to catch.
The key is to understand which parameters point to a risk of referral fraud and to create a score that reflects such.
Looking at IP addresses, for instance, you could safely say that a customer using Tor to connect to your site is high risk. In the screenshot below, you can see how a rule catches that data and gives it a higher risk score (+95).
Velocity checks allow you to measure customer behavior by looking at actions during a set timeframe. This is crucial to identifying referral abusers who go through the same motions to trigger your bonus.
Here are two examples where the risk score should be higher:
Another check you can implement should look at whether the user triggering a referral reward is indeed a person.
Essentially, you are trying to identify bots. We have full posts on bot mitigation and the best bot detection software, but here are the basics:
Like in the previous tip, the key is to identify how these so-called users connect to your website. You may find that certain configurations are highly likely to be from fraudsters, such as:
Last but not least, you should also continuously ensure that your housekeeping is in order. Go over your referral program’s settings and terms and conditions. Check that:
You should also regularly review the terms and conditions to catch any loopholes your users or partners might have discovered.
You might also want to track each promo code to make sure it’s not being shared widely on a discount website, which could hurt your campaigns.
SEON is an all-in-one fraud prevention solution that can look at suspicious affiliates as well as suspicious users.
By gathering hundreds of data points and enriching them, including dozens that no other fraud prevention company looks at, we can help you get a 360° view of your business partners and customers.
Our experience with iGaming clients has allowed us to develop affiliate features, including functionality that tracks conversions, vets good partnerships, and gives you the tools you need to boost the success rate of your referral program.
Coming from a competitive sector with high referral activity, these features of the SEON platform are extremely helpful but importantly, they find applications across verticals and industries.
Partner with SEON to reduce fraud rates in your business with real time data enrichment and advanced APIs
Book a Demo
Sources
Forbes: Your CAPTCHA Could Be Hurting Your Sales
Showing all with `` tag
Click here
Jimmy Fong is the Chief Commercial Officer of SEON. His expertise in payments saw him supervise the acquisitions of companies by Ingenico, Visa and American Express. Jimmy’s enthusiasm for transparent sales and Product-Led-Growth companies drives SEON’s global expansion strategy, and he interviews both fraud managers and darknet fraudsters in our podcast to stay on top of the latest risk trends. Yes, it’s also him wearing the bear suit on our YouTube channel.
The top stories of the month delivered straight to your inbox