One of the main headaches that all e-commerce platforms run into is fraud, specifically payment fraud. Through classic schemes such as CNP fraud, account takeover and registration fraud, e-commerce companies have always had their hands full. Now with a large portion of the world population under government mandated Covid-19 quarantine, online activity is through the roof. Never ones to miss a chance to exploit a crisis, the fraudsters have been busy.
This leaves e-commerce platforms in a precarious situation. Increased traffic means increased sales, and a positive trend for the bottom line. However, a sudden influx of traffic rife with fraud can actually do more harm than good for these online giants. Today we’ll look at three ways TeleSign protects online transactions for the largest web properties in the world, keeping both the platform and the users safe from fraud.
Digital Identity at Registration
There are a few trends that cyber security experts have identified in regards to e-commerce fraud. One is that often the fraudster is a first time shopper. The best way to stop online fraud, is to prevent the bad actor from ever entering your web eco-system; the Minority Report approach if you will. Your e-commerce platform is probably seeing record registration during coronavirus. These accounts however, if not verified could cause tremendous harm. TeleSign uses identity solutions including two-factor authentication and phone number data intelligence to build a risk profile of a user and help companies decide whether to allow entry.
We do this by looking at the metadata behind a phone number. What type of number is this? Where is it registered? What type of device is it associated with, or when was it last ported? Fraudsters are unlikely to have a clean cell phone history. They like to jump around a lot, use dodgy SIM cards, find free VOIP phone numbers on the internet. Some of these can be used to circumnavigate 2FA, but that’s why TeleSign’s wholistic mobile identity solution looks deeper and also uses data science on an ongoing basis to make our model stronger every day. Businesses can also leverage this same technology at the transaction level, requiring more levels of security when the transaction is over a certain dollar amount.
Fake Order and Delivery Fraud
While e-commerce traffic continues to trend toward record highs during Covid-19, the increased amount of transactions are putting major stress on the current security protocols of each online retailer. Moreover, many people are making more purchases online than ever before, taking the smart step of not exposing themselves to unnecessary risk at traditional markets. But just because they’re staying indoors doesn’t mean that they can let their security hygiene rest on its laurels.
A rather insidious type of fraud is the fake order and delivery fraud. In this case, a fraudster does a soft account takeover of a person that is making lots of online purchases. It is seen in increasing numbers during the holidays but also during any time when online shopping is higher than normal (such as a pandemic). What the fraudster will do is log on to a good user’s account and either make a purchase or find an existing order and route it to a new delivery address.
A good user spending thousands of dollars on dozens of orders might not notice the inconsistencies, that is until it is too late. TeleSign can once again protect against this fraud by using mobile identity. Not only can we prompt 2FA sequences at any log-on, we use our mobile identity solutions to match location data against an account. Leveraging TeleSign identity solutions, we can require additional security checks on a new address, or any address in a region that is a hot spot for fraud.
SIM Swap Fraud and Account Takeover
SIM Swap is a type of social engineering fraud that can be devastating if not caught right away. The way it works is a fraudster learns some real information about you and with that information tries to port your phone number over to a device that they control. The reason this attack can be so devastating is that once a fraudster controls your phone number, they can trigger account recovery sequences until they hold the credentials to all of your accounts. We will often see bank and crypto transfers but also high value e-commerce transactions. Fear not, because TeleSign can prevent this.
While we cannot stop your cell phone provider from giving away your account, we have built a failsafe with mobile identity. Each time a cell phone number is ported, there is a record of this. Due to the nature of how quick a SIM Swap attack needs to take place, the fraudster will typically try to do most of the damage in under 12 hours.
In fact, they try to complete the entire attack overnight while you are sleeping. If for example, a fraudster took over an account and immediately tried to buy a $10,000 television with overnight shipping, TeleSign could look at the phone number and see that it had recently been ported. This, along with the large dollar amount of the transaction would raise enough red flags that TeleSign would recommend to the platform to manually review the order. Quarantine is bad enough without buying a fraudster a new 4K TV.
Stay Vigilant during Covid-19
There are dozens of ways that TeleSign helps businesses verify transactions thousands of times each day, but it is important that consumers stay extra vigilant and not play in to a fraudster’s hands.
TeleSign has been connecting and protecting online experiences for over 15 years. We support 21 of the 25 largest web properties in the world and we’re prepared to help you. Contact TeleSign now and learn more about how we can protect online transactions, keeping platforms and users safe.