SlideShare une entreprise Scribd logo

Fraud in Ecommerce

Martyn Sukys
Martyn Sukys

Today commerce face many challenges as they collect user data and their card details. Fraudsters are attacking bot big and small merchants anywhere in the world. The slides are about identifying fraud and fighting against it.

Technologie
1  sur  17
Télécharger pour lire hors ligne
Fraud Prevention in E-commerce Martyn Sukys, 2018 Barcelona
WHAT IS FRAUD IN ECOMMERCE?
E-commerce fraud types Payment fraud - chargeback and stolen card - Data tampering / hijacking when site is interacting with payment gateway Identity theft - stolen personal information enables to take over or open new accounts & do criminal things in your name. Phishing - fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication. Man-in-the-middle attacks - the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. Man in the browser - a proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application.
Backdoor Attacks -A backdoor is a malware type that negates normal authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware. Skimming -A form of white-collar crime, skimming is slang for taking cash "off the top" of the daily receipts of a business (or from any cash transaction involving a third interested party) and officially reporting a lower total Return to Origin/Cash on Delivery Fraud Return Fake item - label change clothing - return refurbished or replica For fun fake orders -Ordering value products at fake addresses Denial of Delivery - Refusal to acknowledge the delivery Promo code -using same code multiple times/accounts
Criminals Behave Differently than Customers Velocity | Page Sequence | Origin | Contextual information
The Ecosystem of Fraudsters Con artists - device ploys Create and deploy social engineering schemes which include: phishing and spam tacktics designed to harvest credentials Mule herders -Recruit and command money rules -Recruit and command item drop mules Data trafficking Buy, sell and trade in credentials, account information, card numbers, victim contact details, PII, credit reports Carding The fraudulent use of payment card is dubbed “carding” They usually avoid secure, large merchants Prey on smaller shops and tell their friends about them Usually card high-value electronics and popular goods Cashout services -Offer a variety of options to fraudsters looking for exchange possibilities and monetisation schemes Forgery service providers -Create fake documentation, from statements to id cards, driving licenses and passports -Provide cloned cards that are a replica of the real plastic cards Dark shoppers -Offer purchasing services -Instore pickup -E-commerce fraud tutorials
Beginning of web session Transaction and logout Login Vulnerabilityprobing Phishingattacks DDOSattacks Sitescraping Promotionabuse Newaccount registrationfraud Parameterinjection Passwordguessing Accessfromhighrisk country Maninthebrowser Unauthorisedaccountactivity Accounttakeover Highriskcheckout Fraudulentmoneymovement Fakeorders Fraud During the Session
TOP 5 FRAUD ISSUES 1. Fraudulent website 2. Used cards on-line 3. Counterfeit products 4. Aleged free trials 5. Sales of tickets on-line
TOP 5 FRAUD ISSUES 1. Card fraud (CNP & Chargebacks) 2. Identity fraud 3. Return fraud 4. Man-in-the-middle 5. Hacking & Malicious code
FRAUD STATISTICS
What’s What in UK in Ecommerce Fraud? 41% Identity Theft 28% fraud request for refund/return 23% Friendly fraud 11% lost or stolen merchandise
Where Fraud Happens on Payment Methods Credit Cards Debit Cards Other Payment Methods 61% 18% 21%
What merchants are under threat?
PREVENTION
Fighting Fraud ● Layered approach ● Protect the payment system ● Authorisation & authentication ● Account data encryption ● Events monitoring & management ● Cardholder empowerment
Fraud Prevention Enhancers Scoring systems Device trust scores Social account verification Identity Verification

Recommandé

E commerce fraud
E commerce fraudE commerce fraud
E commerce fraud
miteshppt
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
Quick Heal Technologies Ltd.
 
Bank frauds
Bank fraudsBank frauds
Bank frauds
Pooja Rani
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Payment fraud
Payment fraudPayment fraud
Payment fraud
Ramiro Cid
 
Online Financial Fraud
Online Financial FraudOnline Financial Fraud
Online Financial Fraud
Null Bhubaneswar
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentation
mbachnak
 

Recommandé

E commerce fraud
E commerce fraudE commerce fraud
E commerce fraud
miteshppt
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
Quick Heal Technologies Ltd.
 
Bank frauds
Bank fraudsBank frauds
Bank frauds
Pooja Rani
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
Payment fraud
Payment fraudPayment fraud
Payment fraud
Ramiro Cid
 
Online Financial Fraud
Online Financial FraudOnline Financial Fraud
Online Financial Fraud
Null Bhubaneswar
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentation
mbachnak
 
Payment Card System Overview
Payment Card System OverviewPayment Card System Overview
Payment Card System Overview
Narudom Roongsiriwong, CISSP
 
Credit Card Fraud
Credit Card Fraud Credit Card Fraud
Credit Card Fraud
Mikael Wagner
 
electronic payment system
electronic payment system electronic payment system
electronic payment system
RonakJain191
 
Digital payments
Digital payments Digital payments
Digital payments
Umashanker Sahu
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commerce
sadaf tst
 
Types of Fraud.pptx
Types of Fraud.pptxTypes of Fraud.pptx
Types of Fraud.pptx
Suchita Rawat
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
overview of electronic payment system
overview of electronic payment system overview of electronic payment system
overview of electronic payment system
Kavitha Ravi
 
Online security and payment system
Online security and payment systemOnline security and payment system
Online security and payment system
Gc university faisalabad
 
Electronic fund transfer system
Electronic fund transfer systemElectronic fund transfer system
Electronic fund transfer system
ramandeepjrf
 
Scams and-fraud-presentation
Scams and-fraud-presentationScams and-fraud-presentation
Scams and-fraud-presentation
Roel Palmaers
 
Identity theft
Identity theftIdentity theft
Identity theft
Eqhball Ghazizadeh
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
Vasundhara Singh Gautam
 
Banking Frauds - An analysis of Banking Frauds, causes and possible preventiv...
Banking Frauds - An analysis of Banking Frauds, causes and possible preventiv...Banking Frauds - An analysis of Banking Frauds, causes and possible preventiv...
Banking Frauds - An analysis of Banking Frauds, causes and possible preventiv...
Dinidu Weeraratne
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
Network Intelligence India
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
Nyros Technologies
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Komal003
 
Electronic Payment System (EPS) Presentation
Electronic Payment System (EPS) PresentationElectronic Payment System (EPS) Presentation
Electronic Payment System (EPS) Presentation
Devansh Aggarwal
 
Red Flags of Money Laundering
Red Flags of Money LaunderingRed Flags of Money Laundering
Red Flags of Money Laundering
complianceonline123
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
Diane M. Metcalf
 
Internet related frauds
Internet related fraudsInternet related frauds
Internet related frauds
TejalAdani
 

Contenu connexe

Tendances

Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Komal003
 
Red Flags of Money Laundering
Red Flags of Money LaunderingRed Flags of Money Laundering
Red Flags of Money Laundering
complianceonline123
 

Tendances (20)

Payment Card System Overview
Payment Card System OverviewPayment Card System Overview
Payment Card System Overview
 
Credit Card Fraud
Credit Card Fraud Credit Card Fraud
Credit Card Fraud
 
electronic payment system
electronic payment system electronic payment system
electronic payment system
 
Digital payments
Digital payments Digital payments
Digital payments
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commerce
 
Types of Fraud.pptx
Types of Fraud.pptxTypes of Fraud.pptx
Types of Fraud.pptx
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
overview of electronic payment system
overview of electronic payment system overview of electronic payment system
overview of electronic payment system
 
Online security and payment system
Online security and payment systemOnline security and payment system
Online security and payment system
 
Electronic fund transfer system
Electronic fund transfer systemElectronic fund transfer system
Electronic fund transfer system
 
Scams and-fraud-presentation
Scams and-fraud-presentationScams and-fraud-presentation
Scams and-fraud-presentation
 
Identity theft
Identity theftIdentity theft
Identity theft
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
 
Banking Frauds - An analysis of Banking Frauds, causes and possible preventiv...
Banking Frauds - An analysis of Banking Frauds, causes and possible preventiv...Banking Frauds - An analysis of Banking Frauds, causes and possible preventiv...
Banking Frauds - An analysis of Banking Frauds, causes and possible preventiv...
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Electronic Payment System (EPS) Presentation
Electronic Payment System (EPS) PresentationElectronic Payment System (EPS) Presentation
Electronic Payment System (EPS) Presentation
 
Red Flags of Money Laundering
Red Flags of Money LaunderingRed Flags of Money Laundering
Red Flags of Money Laundering
 

Similaire à Fraud in Ecommerce

Naccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity TheftNaccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity Theft
mherr_riskconsult
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
jainutkarsh078
 
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docxRunning head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
wlynn1
 

Similaire à Fraud in Ecommerce (20)

Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
 
Internet related frauds
Internet related fraudsInternet related frauds
Internet related frauds
 
Naccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity TheftNaccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity Theft
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pdf
 
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...
3 Ways Fraudsters Compromise AP Security and Controls and How You Can Mitigat...
 
Internet scams
Internet scamsInternet scams
Internet scams
 
Safety from Spyware
Safety from SpywareSafety from Spyware
Safety from Spyware
 
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
10 Essential Strategies to Safeguard Your Business from Credit Card Fraud 1.pptx
 
Cyber Laws.ppt
Cyber Laws.pptCyber Laws.ppt
Cyber Laws.ppt
 
Protection on cyber fraud
Protection on cyber fraudProtection on cyber fraud
Protection on cyber fraud
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
 
Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking Ssp fraud risk vulnerablity in ebanking
Ssp fraud risk vulnerablity in ebanking
 
THE CYBER WORLD.pptx
THE CYBER WORLD.pptxTHE CYBER WORLD.pptx
THE CYBER WORLD.pptx
 
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docxRunning head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
cyber_crim.pptx
cyber_crim.pptxcyber_crim.pptx
cyber_crim.pptx
 
DRAFT 2 RP.docx
DRAFT 2 RP.docxDRAFT 2 RP.docx
DRAFT 2 RP.docx
 
Ultimate Guide on Card Not Present (CNP) Fraud.pptx
Ultimate Guide on Card Not Present (CNP) Fraud.pptxUltimate Guide on Card Not Present (CNP) Fraud.pptx
Ultimate Guide on Card Not Present (CNP) Fraud.pptx
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internet
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
 

Plus de Martyn Sukys

Kas bendro tarp agile ir inovaciju
Kas bendro tarp agile ir inovacijuKas bendro tarp agile ir inovaciju
Kas bendro tarp agile ir inovaciju
Martyn Sukys
 

Plus de Martyn Sukys (8)

Fraud in igaming 101
Fraud in igaming 101Fraud in igaming 101
Fraud in igaming 101
 
Fighting telecom fraud. Explaining SMS SS7 fraud
Fighting telecom fraud. Explaining SMS SS7 fraudFighting telecom fraud. Explaining SMS SS7 fraud
Fighting telecom fraud. Explaining SMS SS7 fraud
 
Machine learning outsource or not outsource
Machine learning outsource or not outsourceMachine learning outsource or not outsource
Machine learning outsource or not outsource
 
What is Machine Learning
What is Machine LearningWhat is Machine Learning
What is Machine Learning
 
Design thinking presentation & personal branding
Design thinking presentation & personal brandingDesign thinking presentation & personal branding
Design thinking presentation & personal branding
 
Kas bendro tarp agile ir inovaciju
Kas bendro tarp agile ir inovacijuKas bendro tarp agile ir inovaciju
Kas bendro tarp agile ir inovaciju
 
Inovuok arba mirk
Inovuok arba mirkInovuok arba mirk
Inovuok arba mirk
 
10 inovacijos mitu
10 inovacijos mitu10 inovacijos mitu
10 inovacijos mitu
 

Dernier

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Dernier (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 

Fraud in Ecommerce

  • 1. Fraud Prevention in E-commerce Martyn Sukys, 2018 Barcelona
  • 2. WHAT IS FRAUD IN ECOMMERCE?
  • 3. E-commerce fraud types Payment fraud - chargeback and stolen card - Data tampering / hijacking when site is interacting with payment gateway Identity theft - stolen personal information enables to take over or open new accounts & do criminal things in your name. Phishing - fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication. Man-in-the-middle attacks - the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. Man in the browser - a proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application.
  • 4. Backdoor Attacks -A backdoor is a malware type that negates normal authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware. Skimming -A form of white-collar crime, skimming is slang for taking cash "off the top" of the daily receipts of a business (or from any cash transaction involving a third interested party) and officially reporting a lower total Return to Origin/Cash on Delivery Fraud Return Fake item - label change clothing - return refurbished or replica For fun fake orders -Ordering value products at fake addresses Denial of Delivery - Refusal to acknowledge the delivery Promo code -using same code multiple times/accounts
  • 5. Criminals Behave Differently than Customers Velocity | Page Sequence | Origin | Contextual information
  • 6. The Ecosystem of Fraudsters Con artists - device ploys Create and deploy social engineering schemes which include: phishing and spam tacktics designed to harvest credentials Mule herders -Recruit and command money rules -Recruit and command item drop mules Data trafficking Buy, sell and trade in credentials, account information, card numbers, victim contact details, PII, credit reports Carding The fraudulent use of payment card is dubbed “carding” They usually avoid secure, large merchants Prey on smaller shops and tell their friends about them Usually card high-value electronics and popular goods Cashout services -Offer a variety of options to fraudsters looking for exchange possibilities and monetisation schemes Forgery service providers -Create fake documentation, from statements to id cards, driving licenses and passports -Provide cloned cards that are a replica of the real plastic cards Dark shoppers -Offer purchasing services -Instore pickup -E-commerce fraud tutorials
  • 7. Beginning of web session Transaction and logout Login Vulnerabilityprobing Phishingattacks DDOSattacks Sitescraping Promotionabuse Newaccount registrationfraud Parameterinjection Passwordguessing Accessfromhighrisk country Maninthebrowser Unauthorisedaccountactivity Accounttakeover Highriskcheckout Fraudulentmoneymovement Fakeorders Fraud During the Session
  • 8. TOP 5 FRAUD ISSUES 1. Fraudulent website 2. Used cards on-line 3. Counterfeit products 4. Aleged free trials 5. Sales of tickets on-line
  • 9. TOP 5 FRAUD ISSUES 1. Card fraud (CNP & Chargebacks) 2. Identity fraud 3. Return fraud 4. Man-in-the-middle 5. Hacking & Malicious code
  • 11. What’s What in UK in Ecommerce Fraud? 41% Identity Theft 28% fraud request for refund/return 23% Friendly fraud 11% lost or stolen merchandise
  • 12. Where Fraud Happens on Payment Methods Credit Cards Debit Cards Other Payment Methods 61% 18% 21%
  • 13. What merchants are under threat?
  • 14.
  • 16. Fighting Fraud ● Layered approach ● Protect the payment system ● Authorisation & authentication ● Account data encryption ● Events monitoring & management ● Cardholder empowerment
  • 17. Fraud Prevention Enhancers Scoring systems Device trust scores Social account verification Identity Verification