Defining and understanding the fraud types you’re most likely to encounter online.
Looking at future fraud trends, it is likely more and more businesses will need to be prepared against threats, attacks, and criminals online.
So whether you are new to fraud prevention or a seasoned expert, we thought it would help to gather all the definitions of terms you might come across in this fight.
Arbitrage (Gambling Fraud)
The fraudulent practice of creating and maintaining multiple accounts with a platform in order to resell them later. Very popular with social media sites.
A form of identity fraud where fraudsters gain access to a victim’s account. This can be for an online store account, bank account, or even app login. The goal is usually to extract monetary funds, but account takeovers (ATOs) are increasingly used for other means, such as abusing promotions and coupons, extracting more user information, or cheating on gambling sites.
An example about the anatomy of an ATO from our ebook:
Affiliate marketing is a model where marketers are rewarded for directing visitors towards a specific business. The company tracks conversions through referral links, and pays out money to the best marketers.
Fraudsters try to earn these commissions by: spamming the referral links; using software to imitate human behavior and generate fake clicks and transactions; and maliciously diverting traffic from other sites.
In some cases they will clone the vendor’s website, and host it on a domain name that looks similar. More advanced techniques include malicious browser extensions that swap legitimate affiliate URLs for their own, and even inject ads with referral links into ad-free web pages.
Arbitrage (Gambling Fraud)
In the world of online betting and gambling, arbitrage is a technique which sees fraudsters create multiple accounts to increase their winning odds. It is sometimes referred to as an “arb” performed by “arbers”.
A type of e-commerce fraud type specific to auction sites. It involves non-delivery of products, where fraudsters create fake listings for items that are never sent. They can also purchase items with stolen card details and ship them, thus making a profit on something they didn’t pay for.
Credit cards come with various ranges in BIN (Bank Identification Numbers). If these numbers aren’t properly randomized, it is possible for an attacker to generate valid card numbers based on a real one. However, the CVV and validity / expiry dates make this process very unlikely to succeed.
Also known as promo or coupon abuse. This type of fraud sees fraudsters create multiple accounts to cash out promotional offers. It can be used for signup bonuses, and is particularly prevalent in the gambling industry.
In the context of fraud prevention, bots are used to automate and repeat the same attack with different data until it works. Bots can be used to attempt ATOs, create multiple accounts (account farming), or process numerous stolen credit card numbers at checkout.
General fraudster term for using stolen credit card data. This is whether it’s used for direct purchases, or charging prepaid or gift store cards, which are then resold.
Card Cloning / Skimming
A two step process for creating physical credit cards with stolen data. The skimming part is either done manually by malicious people (waiters, shopkeepers…) or machines at unattended places such as ATMs or gas stations. The goal is to gather all the data from a real card.
Fraudsters can then create a new physical card, effectively cloning the original. The data is written on the counterfeit card ‘s magnetic strip via specific devices.
Sophisticated fraudsters also go as far as creating fake online stores specifically designed to acquire card data for stealing funds or reselling it.
Fraudsters who acquire a credit or debit card number use this method to verify it works. It is done by making a very small purchase that won’t be detected. If the purchase goes through, the fraudsters proceed to making larger purchases, usually with a different merchant.
Chargebacks are a protection for buyers who want to dispute online purchases. They can claim a chargeback to defend themselves against fraud or purchases made without their knowledge or permission.
The credit card company involved with the transaction will review the chargeback claim and review evidence for or against it. If it is approved, the buyer is refunded, and the merchant has to pay a chargeback fee to cover the administrative costs.
Here is the anatomy of a chargeback:
Also known as Friendly Fraud, First-Party Fraud or Fraud by False Claim. It’s fraudulent transactions that don’t get detected as they appear legitimate. Harder to flag because it only involves real data, so no fake identities or user accounts.
Using deception for personal gain. While online fraud is considered a cybercrime, not all cybercrime has to do with online fraud in nature. Protecting businesses against it is the job of fraud analysts. They can use a fraud prevention tool, or fraud filter to automate the process.
When customers claim a chargeback for being the victims of fraud. It’s also known as lie fraud and is the fastest growing reason for chargebacks. Friendly fraud happens when buyers experience remorse, they refuse to pay for a family member’s purchase, or simply want to exploit the system to gain a product or service without paying for it.
See also: clean fraud
The practice of fraudulently selling inexistant insurance policies. Many victims do not realise their insurance isn’t valid until it’s too late, for instance in the case of a car accident.
The activity that uses someone’s personal information without authorization, and for personal gain. It all falls under the general online fraud umbrella, but focuses on data such as personal identification elements: date of birth, first and last name, social security number, card number or even personal photos.
Acquiring someone’s personal data such as credit card numbers, phone number, or other data points in order to impersonate for a number of actions: opening new accounts, applying for loans, purchasing goods, or posting fake ads and reviews.
Using multiple accounts on gambling sites to improve betting odds and make money from free offers. A person will place a Back bet (backing a certain outcome). They will then create another account to place a Lay bet (backing the opposite outcome). This cancels out the losses, but allows them to profit from the free bet offer. Note that matched betting is legal in some regions, such as the UK.
When one person creates multiple accounts with the same platform. It can be innocent (lost login details) or for fraudulent purposes, such as matched betting, bonus abuse, or creating fake reviews.
See also: Bonus abuse
Also known as Delivery Address Fraud and Fake Address Fraud. A process where criminals fool people into sending goods or cashier cheques purchased with stolen credit cards, usually to an address not linked to their name. It helps muddy the trail between fraudulent purchases and delivery addresses.
A.ka. SIM splitting or SIM jacking. Takes advantage of 2FA via SMS. Sees fraudsters acquire a phone number through hacks, phishing or sheer luck. They then call the mobile phone’s provider, and claim to want to change their number to a new one. The new number, which is in the fraudster’s possession, will then receive all the SMS used for mobile verification, which allows them to access other accounts such as email, social media, or even mobile banking.
Falsifying data such as an IP address, email address or caller ID. For instance, spammers will spoof a sender email address to mislead the recipient or gain their trust for phishing.
Unlike common identity fraud, Synthetic ID fraud combines pieces of real personal data with fake data to create a new, untraceable identity. An example is the rise in synthetic IDs that use children’s personal info in order to have a clean credit score for loaning fraud.
Transaction fraud, or payment fraud and credit card fraud, is a broad term that covers any fraud type committed when purchasing a service or item. It is the direct result of card theft, account takeover, or card cloning.
Common Fraud Types: The Bottom Line
Online fraud evolves at an alarming pace, so no dictionary on the topic will ever be complete. We will try our best to keep this one updated for our whole ongoing series. You can find links to the following parts here:
- Part 2: Focuses on cybercrime as a whole and fraudster terminology
- Part 3: Looks at fraud prevention terms and techniques
Hopefully, it will give you all the knowledge and insights needed to understand fraud, and prepare yourself against it in the future.