Who’s using stolen payment cards?

Hint:  They’re flexible.

Part 1 | Part 2

Fraud is inherent to doing business online, and organizations that conduct eCommerce live this reality on a daily basis. 

Countering the schemes of payment criminals can be far more effective if you know your enemy. In this final installment of our series, we’ll looks at the tendency of fraudsters to engineer their way around the tripwires that we set for them.  We’ll look at what this means for merchants.  

In past years, merchants have tried to use their knowledge of drop-ship points to ferret out fraudsters that attempt to move their products out of the country all at once. Not surprisingly, fraudsters are quite flexible. 

This past holiday shopping season, for example, we saw them take advantage of new in-store pickup options to carry out their attacks instead. The bad guys set up their schemes by soliciting the help of fellow criminals who are compensated to pick up goods already paid for through online orders (using stolen payment cards, of course). They saw a threat in well-executed merchant scrutiny around billing and shipping address verification. When merchants closed that metaphorical door, however, they inadvertently opened a window – and the fraudsters just crawled back in.  

Another way criminals have adapted is by turning to the same types of technological tools that merchants and issuers have had for years. Take, for example, the tool Anti-Detect, which helps fraudsters evade browser fingerprinting efforts. Fraudsters have realized that these types of detection methods were eating into their business and decided to make money in a different way by selling these types of tools to other fraudsters.  

Those examples should underscore a much larger point; namely, a set-it-and-forget-it approach to fraud prevention isn't nearly enough. Anyone engaged in online payments and eCommerce needs a fraud strategy at least as flexible and adaptable as the criminals they intend to block. 

As we’ve seen, payment criminals are very disciplined, deliberate, and flexible. Thwarting their attacks takes a strategic plan built for the long haul.  

Neeraj Gupta, Product Manager, Vantiv eCommerce