eCommerce Fraud: How Fraudsters Use the Dark Web To ‘Warm Up the Shop’ and Fool Rules-Based Anti-Fraud Systems

Attack Types
Dark Web
Mateusz Chrobok -- Nethone
Jun 22, 2022

With e-Commerce booming, merchants are increasingly turning to fraud intelligence companies to prevent fraudsters impacting their growth. While it’s true anti-fraud systems are becoming more sophisticated at detecting fraudsters - rules-based systems can be fooled. With all the tools and knowledge available on the dark web, even mid-level fraudsters can bypass security measures. All they need to do is mimic original account holders of stolen accounts and credit card details in a process called ‘warming up the shop’.
It all sounds too easy. And it can be. With stolen credit card details, e-Commerce accounts and the tools needed to attempt account takeovers (malware etc.) readily available for purchase on dark web marketplaces, half the work of the fraudster is already accomplished. Aside from patience, some additional tools to spoof digital fingerprints (unique identifiers of a user’s device setup, IP address, geo location etc.) and even legitimate browser cookie sessions are all available to buy online. One of the main tools used are anti-detect browsers, a fraudster tool resembling a regular internet browser, but packed with features to mask a user’s true identity and location, mimicking a regular user’s browsing session.
We aim to present to you how the process of ‘warming up the shop’ looks from start to finish, showing you some of the fraud tools available on the dark web to aid fraud attempts - you’ll be surprised how sleek and professional they appear, even giving legitimate companies' marketing campaigns a run for their money!
Imitation is never perfect. The perfect solution to prevent a successful ‘warm up’ attempt comes in the form of truly knowing your users (KYU) and understanding their interactions and behaviors. Advanced fraud solutions powered by machine learning models can effectively weed out fraudsters before they’ve had a chance to warm up. Join us to discover how.

Learning Objectives:

  1. To understand the long process of fraudsters ‘warming up the shop’ to bypass rules-based anti-fraud systems by acting as naturally as a regular customer as possible.
  2. Be aware of the tools and knowledge available on the dark web that allow fraudsters to fool rule-based fraud systems.
  3. How KYU Advanced fraud solutions powered by machine learning (ML) models can help you understand every user behavior and interaction - and prevent fraud from happening.

Some content is hidden, to be able to see it login here Login

Blue-tinted background of a man watching a webinar

Host a Webinar with the MRC

Help the MRC community stay current on relevant fraud, payments, and law enforcement topics.
Submit a Request

Publish Your Document with the MRC

Feature your case studies, surveys, and whitepapers in the MRC Resource Center.
Submit Your Document

Related Resources

Mar 08, 2023
First-Party Fraud: What It Is, and What It Isn’t

The fraud prevention industry is peppered with hundreds of vendors who mainly solve for third-party identity theft fraud. Some vendors branch out into synthetic fraud, including manipulated or fabricated identities, yet very few vendors tackle first-party fraud. First-party fraud is defined as the use of one’s own identity to open an account and use it to commit a dishonest act for personal or financial gain. It remains an elusive problem because there are no consumer victims in chargebacks, disputes, or overdraft fraud. Moreover, when it comes to the granular semantics of first-party fraud, different opinions start to clout the agreed-upon definition, making it difficult to classify, pinpoint, and ultimately combat these dishonest acts. 

Join this session to hear from industry experts about: Where do manipulated identity or rewards gaming abuse fall on the spectrum between first-party and synthetic fraud?  How do these categorizations differ by industry? In what ways do our assumptions around these semantics turn into ineffective proxies for first-party fraud?  How can we differentiate between a consumer’s intent to commit a dishonest act, versus a consumer who was manipulated into a dishonest act, versus a consumer making an honest mistake? 

The key is context. We need to understand a consumer’s act in context of other financial decisions they’ve made across various life stages, across different financial institutions, and across various economic environments. Behavioral anomalies across time and space will serve as better proxies in determining whether a consumer is a true first-party fraudster or whether new socio-economic conditions or happenstance interactions with malicious actors have resulted in a first-party-like occurrence. 

In order to achieve this level of context, a multi-industry data consortium is required. Consumer transactional behavior can then be analyzed across the financial ecosystem, over time, to correlate actions with true first-party fraud and to promote an ecosystem of trust.

Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.