New SE Asia Ecommerce Fraud Ring

Asia Pacific (APAC)
Malaysia
Vietnam
Indonesia
Fraud prevention innovation
Fraud
News
Merchant Risk Council
Feb 27, 2023
MRC News

Ecommerce sites in the US and Asia-Pacific lost an estimated $700 million in fraudulent sales to criminals in Southeast Asia during the fourth quarter of 2022. Operating mainly from Malaysia, Vietnam and Indonesia, the fraudsters targeted sellers of smartphones, computers and semiconductor chips. 

Illegally obtained goods were delivered to freight forwarding companies and other reshippers who unsuspectedly packaged the stolen merchandise in the same containers they use to transport legitimate goods. 

In the fight against ecommerce fraud, law enforcement agencies in many Asian jurisdictions are a decade or more behind their Western counterparts. The Southeast Asia-based criminals mentioned here were so unconcerned with prosecution that they typically used their real names, emails and IP addresses when making fraudulent transactions. It could be years before law enforcement drives these perpetrators out of business.

It is not known whether these fraud rings were working independently or were collaborating  as a syndicate. What they have in common is that they all used malicious software, code and playbooks purchased on the dark web. All started slowly, testing their targeted ecommerce sites in September 2022, and then quickly expanded their efforts during November 2022. Also noteworthy is the level of sophistication immediately available to newly organized criminal rings. They hit ecommerce sites simultaneously on multiple continents, an alarming threat.

It is known that, like other organized gangs committing card fraud, these criminals used message boards to share intelligence on topics including the best ways to avoid detection from fraud fighting systems.  

The Merchant Risk Council (MRC) is a forum that discusses ways to combat all kinds of ecommerce fraud, including the ongoing threats from organized crime rings in Eastern Europe, China, Nigeria and elsewhere. A year ago, the MRC opened a branch in Asia-Pacific to complement branches in the US and Europe. They will expand to Latin America in July of this year.

What remains badly needed is the means to obtain faster involvement from law enforcement in local jurisdictions when new, sophisticated threats arise. The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) plays a role for merchants, card issuers and consumers in the US victimized by the many forms of cybercrime. 

The IC3 provides a reporting mechanism for all segments of society to submit information to the FBI. That information is analyzed for investigative and intelligence purposes and can lead to alliances with law enforcement agencies outside the US.

INTERVIEWED FOR THIS ARTICLE

Julie Fergerson is Chief Executive Officer at the Merchant Risk Council in Seattle, Washington, julie@merchantriskcouncil.org, www.merchantriskcouncil.org.



© Copyright 2023 Nilson Report



Posted with permission of the Nilson Report, Issue 1235

Tagged:
Blue-tinted background of a man watching a webinar

Host a Webinar with the MRC

Help the MRC community stay current on relevant fraud, payments, and law enforcement topics.
Submit a Request

Publish Your Document with the MRC

Feature your case studies, surveys, and whitepapers in the MRC Resource Center.
Submit Your Document

Related Resources

May 10, 2023
Fraud vs. Friction: Preventing Both in Your Customers' Journey

Overview

The email address still reigns in our increasingly digital-first transactional society. From opening bank accounts and credit cards to establishing app and ecommerce profiles, the email address remains a central proxy for identity.

Since the pandemic, digital transactions have increased exponentially, along with malicious activity throughout the customer journey. Companies are challenged to identify and address potential fraud with each account origination, app download, transaction, or account change. With email intelligence data and the right workflows companies can combat these threats.

AtData, along with Spec, will show you how to easily and quickly use email data to seamlessly manage risk throughout the customer journey.

Learning Objectives

  • Making your first-party digital data work for you
  • Preventing fraud from initial engagement to loyal customer transactions
  • Improving speed to implementation of fraud prevention strategies
  • Best practices for a frictionless customer journey
Apr 19, 2023
How To Turn Fears of Fraud into Clears for Cash

Overview

As commerce and payments become increasingly more digital, unfortunately so does fraud. Most organizations feeling this pain are already taking precautions and many are rejecting way more legitimate buyers than they want, leaving a lot of money on the table.

To compete effectively, you need to explore how high decline rates compare with actual fraud rates and how they impact your digital goods and payments revenue and costs. If you see them taking percentage bites out of your customer acquisition rates, while adding exorbitant levels of chargeback expenses, then you need to fix that – quick.

Today, nSure.ai manages billions of transactions per year and, unlike any other provider, makes direct decisions on hundreds of millions of those specific high risk, high value transactions. In Q1 of 2022, we assessed that exact data which resulted in several key insights. Join us for this webinar where we’ll share the findings and conclusions from our sampling of more than 12 million digital goods and payments transactions.

Learning Objectives

  • What decline rates are vs what they should be -- and to what extent that adversely affects digital goods and payments merchants
  • How the true cost of fraud will rise in conjunction with the increase in digital goods transactions – and how you can prevent fraud from scaling
  • Why it’s critical to ensure you have the right levers working together to improve both your financial position and customer service levels
Apr 19, 2023
Pulling Back the Curtain: Understanding the Fraudsters’ Process

Overview

Fraud is a business, and a successful one at that. In fact, fraudsters regularly brag on forums about how their tactics can earn them $3000 or more a week. With that much cash on the line, it would be irresponsible to not stay on top of how fraudsters are talking, behaving, and at the end of the day, attacking. Although merchants leverage machine learning, the most sophisticated tool we have for assessing fraud and risk, fraudsters keep iterating until they find a pattern that gets through these systems. So what can merchants do about this “cat and mouse” game? In this presentation we’ll break down fraudster behavior one step at a time, so you can understand what’s really behind the fraud you see every day.

Learning Objectives

  • What kind of tools fraudsters are selling to make fraud easy and scalable
  • The misconception that there are certain kinds of orders or segments that are ‘low risk’
  • Best practices for how fraud teams can keep up with fraudsters’ evolving tools and methods
Aug 01, 2022
The True Cost of Fraud Managing Reputations A Catch 22

The true cost of fraud goes well beyond immediate lost revenue.

With interconnected customers and reviews to contend with, it’s vital that customers (and their details) are kept safe. But, at what cost? Sacrifice UX, and you’re looking at the same result.

This presentation examines different ways reputation is an intrinsic component of fraud prevention, and ways merchants can leverage reputation to bolster their fraud mitigation strategies.
Aug 01, 2022
Working Smarter Lessons from the Front Lines in the Fight Against Fraud Fraud prevention doesn’t always have to have a negative impact on revenue.


This MRC Virtual 2022 presentation sheds light on the different ways merchant implement fraud mitigation while limiting the impact on the customer experience using tools like thoughtful protection deployment, existing tools already present in a technology stack, and more effectively making the distinction between good customers and fraudsters.
Aug 01, 2022
Achieving Equilibrium – Risk and Customer Experience

Risk and customer experience are two sides of the same coin. As a merchant, zero risk and 100 percent frictionless customer experiences are ideal, but usually unachievable. So, how do we embrace the right balance?

This presentation covers:

  • How to reduce risk where it starts – at the top of the sales funnel
  • Use-case based strategy to strike balance between risk and response in the funnel
Aug 01, 2022
Advanced Tactics to Help You Keep Ahead of the Bad Guys

This presentation answers the question- what are the latest techniques you can apply to prevent fraud and ensure a frictionless journey for your customers?

Join Overstock as they demonstrate case examples of how monitoring consumer behavior in advance of the payment, capturing key data elements and leveraging ML models can detect bot attacks, account manipulation, and policy violations - enabling legitimate consumers to sail through the process and target proper risk controls to prevent and stop fraud.

 
Mar 28, 2023
2023 Outlook – Build Trust in a Highly Opportunistic Fraud Environment

Martin Sweeney, CEO of Ravelin and Jason Paguandas, GM Merchant Security and Fraud at Fiserv, representing over 30 years of collective experience in the fraud and risk mitigation space, will discuss the economic slowdown’s impact on customer behavior, and what it means for the fraud ecosystem. Our experts will share fraud mitigation best practices and explain how automation can help protect businesses against fraud, increase customer trust, maximize profitability, and help merchants come out stronger as a result.
Mar 14, 2023
How Southeast Asia Buys and Pays Impacts Your Business by 2C2P Digital payments continue to create tremendous growth opportunities in Southeast Asia’s rapidly expanding digital economy. Businesses need to stay nimble and flexible as the region reopens. As part of this new agile environment, merchants must know and understand how their target audience prefers to shop and pay, and how to navigate the challenges that come with this phenomenon.

In November 2022, the second How Southeast Asia Buys and Pays 2022 Report was published.
Aug 10, 2022
Why Retailers Need to Collaborate to Combat the Global Fraud Threat

In this compelling conversation, the MRC partners with NORA (National Online Retailers Association), Australia for a conversation comparing the 2022 Global Payments & Fraud Survey (developed by Cybersource, Verifi, and MRC) to the soon-to-be-released AusPayNet 2022 Fraud Report.

 

Join Susan Brown of the MRC, Toby Evans of AusPayNet, Rachel Hall of Ticketmaster, and Ryan Amatoury of Woolworths for a deep dive into the data in these reports and the fraud metrics these subject matter experts expect to see in the coming year.
Jul 27, 2022
How Bots are Stealing Your Customers, Your Inventory - and Your Reputation

Bots are one of the main weapons of choice of bad actors, particularly for malicious activities such as account takeover fraud (ATO) and identity theft. Versatile and adaptable, bots can stage a wide range of malicious activities, ranging from credential stuffing attacks using information exposed in data leaks to the creation of multiple online identities.

For businesses, the combination of bot threats can pose serious problems - especially when it comes to customer satisfaction and company reputation. 

This webinar will discuss how bots attack, the negative consequences they can have on an organization and how merchants can protect themselves.

Learning Objectives:

1. How bots attack (and types of bots)

2. The cost of bot fraud

3. Examples of ATO bot attacks

4. How businesses can fight back
May 04, 2022
Build or Buy? How to Fight eCommerce Fraud Effectively

Global losses from payment fraud are steadily increasing, year-over-year. So how can eCommerce businesses detect and prevent it effectively? Build an in-house solution or outsource it to a 3rd-party?

 
Apr 26, 2022
Two-Factor Authentication is Broken. Let's fix it.

Better fraud prevention, all around.

Many organizations rely on two-factor authentication (2FA) using one‑time passcodes (OTPs) sent by Short Message Service (SMS) to authenticate banking and ecommerce transactions. 2FA performed this way can be fast and easy, but SMS wasn’t designed to be a security tool.

Learn how your organization can leverage voice biometrics to protect customers and your brand by building the highest levels of protection, trust and loyalty.
Feb 23, 2022
KYC Checks vs Social Media Lookup for Automatic Identity Verification by SEON

KYC has its roots in the early 2000s in an effort to make it much more difficult for criminals to launder money through banks, insurers, and adjacent institutions, as well as to stop terrorism funding. However this approach has been made more and more difficult to help online businesses verify fraudsters.

Combined with social media lookup and strict KYC checks, we'll be looking at how we can implement better restrictions of fraudsters and help AML efforts.
Feb 23, 2022
How Scam Messages are Damaging Your Reputation by Callsign With phishing and SMS scams are on the rise it's a concern that 45% of consumers lose trust in an organization if it’s named in a scam message. This report looks at the reputational impact of scam messages and what you can do to prevent them.
View All Resources
X
Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.
Confirm