Today commerce face many challenges as they collect user data and their card details. Fraudsters are attacking bot big and small merchants anywhere in the world. The slides are about identifying fraud and fighting against it.
3. E-commerce fraud types
Payment fraud
- chargeback and stolen card
- Data tampering / hijacking when site is interacting with payment
gateway
Identity theft
- stolen personal information enables to take over or open new
accounts & do criminal things in your name.
Phishing
- fraudulent attempt to obtain sensitive information such as
usernames, passwords and credit card details by disguising as a
trustworthy entity in an electronic communication.
Man-in-the-middle attacks
- the attacker secretly relays and possibly alters the
communication between two parties who believe they are directly
communicating with each other.
Man in the browser
- a proxy Trojan horse that infects a web browser by taking
advantage of vulnerabilities in browser security to modify web
pages, modify transaction content or insert additional transactions,
all in a completely covert fashion invisible to both the user and
host web application.
4. Backdoor Attacks
-A backdoor is a malware type that negates normal
authentication procedures to access a system. As a result,
remote access is granted to resources within an
application, such as databases and file servers, giving
perpetrators the ability to remotely issue system
commands and update malware.
Skimming
-A form of white-collar crime, skimming is slang for taking
cash "off the top" of the daily receipts of a business (or
from any cash transaction involving a third interested party)
and officially reporting a lower total
Return to Origin/Cash on Delivery Fraud
Return Fake item
- label change clothing
- return refurbished or replica
For fun fake orders
-Ordering value products at fake addresses
Denial of Delivery
- Refusal to acknowledge the delivery
Promo code
-using same code multiple times/accounts
6. The Ecosystem of Fraudsters
Con artists - device ploys
Create and deploy social engineering
schemes which include: phishing and spam
tacktics designed to harvest credentials
Mule herders
-Recruit and command money rules
-Recruit and command item drop mules
Data trafficking
Buy, sell and trade in credentials, account
information, card numbers, victim contact
details, PII, credit reports
Carding
The fraudulent use of payment card is dubbed “carding”
They usually avoid secure, large merchants
Prey on smaller shops and tell their friends about them
Usually card high-value electronics and popular goods
Cashout services
-Offer a variety of options to
fraudsters looking for
exchange possibilities and
monetisation schemes
Forgery service providers
-Create fake documentation, from statements
to id cards, driving licenses and passports
-Provide cloned cards that are a replica of the
real plastic cards
Dark shoppers
-Offer purchasing services
-Instore pickup
-E-commerce fraud tutorials
7. Beginning of
web session
Transaction and
logout
Login
Vulnerabilityprobing
Phishingattacks
DDOSattacks
Sitescraping
Promotionabuse
Newaccount
registrationfraud
Parameterinjection
Passwordguessing
Accessfromhighrisk
country
Maninthebrowser
Unauthorisedaccountactivity
Accounttakeover
Highriskcheckout
Fraudulentmoneymovement
Fakeorders
Fraud During the Session
8. TOP 5 FRAUD ISSUES
1. Fraudulent
website
2. Used cards
on-line
3. Counterfeit
products
4. Aleged free trials
5. Sales of tickets
on-line