Businesses need to understand the economic incentives behind a fraudsters activity to best create an effective defense strategy. Fraudsters have an entire ecosystem that supports their ability to tap into low-cost resources and toolkits from across the globe. The fraud ecosystem consists of data brokers, human sweatshops, money mules, and arms dealers. This toolkit enables attacks to be carried out at scale and is far beyond the capacity of a single human.
Human-driven fraud cycle
With fraudsters being backed by sophisticated methodologies and resources, companies continue to face complex hybrid attacks that combine automated bots and a network of human sweatshop resources. Bots are designed to identify challenges that require human interaction. To mask their identity and true intent, the bots are programmed to recognize the high-profit areas and redirect these challenges to sweatshop networks to complete the authentication process. This continuum plays out in these steps:
- Primary fraudster - A lone fraudster plans an attack and coordinates the required resources to carry out a successful attack.
- Bot attack - The lone, primary fraudster deploys a large-scale attack using the bots, designed specifically for the attack.
- Bots escalate on challenges - When the automated attacks face resistance, a code is initiated to bring on the help of a human to solve the challenge.
- Distributed sweatshop workers - The bot connects to applications that connect the fraudsters and distributes sweatshop resources to execute as planned.
- Bypass authentication challenges - A sweatshop worker is assigned to that specific challenge to mask their true intentions.
The most targeted industries of fraud
The overall digital activity has increased, according to the Arkose Labs Q3 2020 Fraud Report, there have been 1.1 billion attacks detected and stopped in 1H 2020 alone. Volatile attack rates are expected to rise in the foreseeable future. Businesses need to implement more practical and advanced solutions to prevent them from being forced into reactive positions. Instead, they need to be at the forefront, ready for the attacks. According to patterns in attack rates by industry, here are three industries that are highly targeted by fraudsters:
- eCommerce: The eCommerce industry is seeing the largest jump in attack rates which is a result of increased online activity and inventory profitability from hoarding and scraping.
- Gaming: The typical spikes that used to happen on weekends and evenings are now occurring every day.
- Technology: Personal and professional communication and collaboration has migrated online. This increased traffic of new and returning users is opening doors for fraudsters to attack.
During the COVID-19 crisis, an increase in genuine customers has shown erratic online consumer behavior. It is now more difficult to identify between good and bad actors. The new normal needs to be studied to understand what transaction patterns are. The more advanced technology fraudsters are, the easier it is for them to mimic human behavior. A blurred line and a growing gray area between trusted and malicious traffic continue to grow.
Recommended Case Study: Microsoft Outlook.com Tackles Fraud and Abuse Globally Using Arkose Labs
Understanding the costs of fraud and ROI
Businesses facing challenges against the global cybercrime networks have already deployed solutions to protect and prevent fraudulent attacks. However, the cost of these tools that businesses use outweigh the revenue and are damaging overall ROI of fraud. On the other hand, fraudsters have their ecosystem of tools that enable them to tap into markets while maintaining low costs and overhead.
The biggest challenge that businesses face in this vicious cycle is that a certain level of fraud is inevitable. This comes as a cost of doing business. As attackers continue to be successful, they get more cunning and better at playing out more advanced methodological attacks.
Recommended eBook: Busting the ROI of Fintech Fraud
Solutions to hit fraudsters in their ROI of fraud
Businesses ultimately want to make attacks too costly for fraudsters to expense their time and resources. Strategies to disrupt the fraudsters’ tools such as real-time risk assessment and classifying traffic based on probable intent will give actionable insight to remediate the problem. Interactive challenges embedded in the marketplace registration, login and other key points will eliminate bot activity. This will sap the time of real humans and resources. Long term protection is needed to analyze and learn patterns used to predict future actions and allow different solutions to be working in silo.
With the Arkose Labs fraud prevention platform, profiling and intelligent step-up authentications work hand in hand to protect against emerging fraud tactics. The platform is designed to break down the business model of fraud by sapping attackers’ time and resources until attacks become financially non-viable. Achieving this in a way that does not negatively affect good customers requires an intelligent mix of real-time risk decisions with next-generation enforcement challenges.
To learn more about how you can hit fraudsters where it hurts the most, download the ebook by clicking the link below.