New SE Asia Ecommerce Fraud Ring
Ecommerce sites in the US and Asia-Pacific lost an estimated $700 million in fraudulent sales to criminals in Southeast Asia during the fourth quarter of 2022. Operating mainly from Malaysia, Vietnam and Indonesia, the fraudsters targeted sellers of smartphones, computers and semiconductor chips.
Illegally obtained goods were delivered to freight forwarding companies and other reshippers who unsuspectedly packaged the stolen merchandise in the same containers they use to transport legitimate goods.
In the fight against ecommerce fraud, law enforcement agencies in many Asian jurisdictions are a decade or more behind their Western counterparts. The Southeast Asia-based criminals mentioned here were so unconcerned with prosecution that they typically used their real names, emails and IP addresses when making fraudulent transactions. It could be years before law enforcement drives these perpetrators out of business.
It is not known whether these fraud rings were working independently or were collaborating as a syndicate. What they have in common is that they all used malicious software, code and playbooks purchased on the dark web. All started slowly, testing their targeted ecommerce sites in September 2022, and then quickly expanded their efforts during November 2022. Also noteworthy is the level of sophistication immediately available to newly organized criminal rings. They hit ecommerce sites simultaneously on multiple continents, an alarming threat.
It is known that, like other organized gangs committing card fraud, these criminals used message boards to share intelligence on topics including the best ways to avoid detection from fraud fighting systems.
The Merchant Risk Council (MRC) is a forum that discusses ways to combat all kinds of ecommerce fraud, including the ongoing threats from organized crime rings in Eastern Europe, China, Nigeria and elsewhere. A year ago, the MRC opened a branch in Asia-Pacific to complement branches in the US and Europe. They will expand to Latin America in July of this year.
What remains badly needed is the means to obtain faster involvement from law enforcement in local jurisdictions when new, sophisticated threats arise. The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) plays a role for merchants, card issuers and consumers in the US victimized by the many forms of cybercrime.
The IC3 provides a reporting mechanism for all segments of society to submit information to the FBI. That information is analyzed for investigative and intelligence purposes and can lead to alliances with law enforcement agencies outside the US.
INTERVIEWED FOR THIS ARTICLE
Julie Fergerson is Chief Executive Officer at the Merchant Risk Council in Seattle, Washington, firstname.lastname@example.org, www.merchantriskcouncil.org.
© Copyright 2023 Nilson Report
Posted with permission of the Nilson Report, Issue 1235
Host a Webinar with the MRC
Publish Your Document with the MRC
The email address still reigns in our increasingly digital-first transactional society. From opening bank accounts and credit cards to establishing app and ecommerce profiles, the email address remains a central proxy for identity.
Since the pandemic, digital transactions have increased exponentially, along with malicious activity throughout the customer journey. Companies are challenged to identify and address potential fraud with each account origination, app download, transaction, or account change. With email intelligence data and the right workflows companies can combat these threats.
AtData, along with Spec, will show you how to easily and quickly use email data to seamlessly manage risk throughout the customer journey.
- Making your first-party digital data work for you
- Preventing fraud from initial engagement to loyal customer transactions
- Improving speed to implementation of fraud prevention strategies
- Best practices for a frictionless customer journey
As commerce and payments become increasingly more digital, unfortunately so does fraud. Most organizations feeling this pain are already taking precautions and many are rejecting way more legitimate buyers than they want, leaving a lot of money on the table.
To compete effectively, you need to explore how high decline rates compare with actual fraud rates and how they impact your digital goods and payments revenue and costs. If you see them taking percentage bites out of your customer acquisition rates, while adding exorbitant levels of chargeback expenses, then you need to fix that – quick.
Today, nSure.ai manages billions of transactions per year and, unlike any other provider, makes direct decisions on hundreds of millions of those specific high risk, high value transactions. In Q1 of 2022, we assessed that exact data which resulted in several key insights. Join us for this webinar where we’ll share the findings and conclusions from our sampling of more than 12 million digital goods and payments transactions.
- What decline rates are vs what they should be -- and to what extent that adversely affects digital goods and payments merchants
- How the true cost of fraud will rise in conjunction with the increase in digital goods transactions – and how you can prevent fraud from scaling
- Why it’s critical to ensure you have the right levers working together to improve both your financial position and customer service levels
Fraud is a business, and a successful one at that. In fact, fraudsters regularly brag on forums about how their tactics can earn them $3000 or more a week. With that much cash on the line, it would be irresponsible to not stay on top of how fraudsters are talking, behaving, and at the end of the day, attacking. Although merchants leverage machine learning, the most sophisticated tool we have for assessing fraud and risk, fraudsters keep iterating until they find a pattern that gets through these systems. So what can merchants do about this “cat and mouse” game? In this presentation we’ll break down fraudster behavior one step at a time, so you can understand what’s really behind the fraud you see every day.
- What kind of tools fraudsters are selling to make fraud easy and scalable
- The misconception that there are certain kinds of orders or segments that are ‘low risk’
- Best practices for how fraud teams can keep up with fraudsters’ evolving tools and methods
The true cost of fraud goes well beyond immediate lost revenue.
With interconnected customers and reviews to contend with, it’s vital that customers (and their details) are kept safe. But, at what cost? Sacrifice UX, and you’re looking at the same result.
This presentation examines different ways reputation is an intrinsic component of fraud prevention, and ways merchants can leverage reputation to bolster their fraud mitigation strategies.
This MRC Virtual 2022 presentation sheds light on the different ways merchant implement fraud mitigation while limiting the impact on the customer experience using tools like thoughtful protection deployment, existing tools already present in a technology stack, and more effectively making the distinction between good customers and fraudsters.
Risk and customer experience are two sides of the same coin. As a merchant, zero risk and 100 percent frictionless customer experiences are ideal, but usually unachievable. So, how do we embrace the right balance?
This presentation covers:
- How to reduce risk where it starts – at the top of the sales funnel
- Use-case based strategy to strike balance between risk and response in the funnel
This presentation answers the question- what are the latest techniques you can apply to prevent fraud and ensure a frictionless journey for your customers?
Join Overstock as they demonstrate case examples of how monitoring consumer behavior in advance of the payment, capturing key data elements and leveraging ML models can detect bot attacks, account manipulation, and policy violations - enabling legitimate consumers to sail through the process and target proper risk controls to prevent and stop fraud.
The Merchant Risk Council (MRC), Cybersource, and Verifi present the results of the 2022 Global Fraud and Payments Survey in an educational report that conveys transparent and unbiased research. This report is based on a survey of MRC and non-MRC merchants from around the globe, who were asked about their eCommerce fraud and payments practices. The survey sample included a diverse mix of small businesses (SMBs), mid-market, and enterprise merchants, representing organizations based throughout the North American, European, Asia-Pacific (APAC), and Latin American (LATAM) regions. The research was conducted in November and December of 2021.
The survey results provide the MRC merchant community with the latest industry fraud data and fraud management methods used by their peers, along with a robust set of performance benchmarks that members can use to help optimize their fraud management and prevention practices. In addition, the survey delves into today’s rapidly changing payments landscape to examine the range of different payment acceptance, management, and partnership practices merchants are deploying, globally and across key subsegments, as well as the reasons why they are adopting these payment strategies and tactics in the current commercial environment.
Martin Sweeney, CEO of Ravelin and Jason Paguandas, GM Merchant Security and Fraud at Fiserv, representing over 30 years of collective experience in the fraud and risk mitigation space, will discuss the economic slowdown’s impact on customer behavior, and what it means for the fraud ecosystem. Our experts will share fraud mitigation best practices and explain how automation can help protect businesses against fraud, increase customer trust, maximize profitability, and help merchants come out stronger as a result.
In November 2022, the second How Southeast Asia Buys and Pays 2022 Report was published.
In this compelling conversation, the MRC partners with NORA (National Online Retailers Association), Australia for a conversation comparing the 2022 Global Payments & Fraud Survey (developed by Cybersource, Verifi, and MRC) to the soon-to-be-released AusPayNet 2022 Fraud Report.
Join Susan Brown of the MRC, Toby Evans of AusPayNet, Rachel Hall of Ticketmaster, and Ryan Amatoury of Woolworths for a deep dive into the data in these reports and the fraud metrics these subject matter experts expect to see in the coming year.
Bots are one of the main weapons of choice of bad actors, particularly for malicious activities such as account takeover fraud (ATO) and identity theft. Versatile and adaptable, bots can stage a wide range of malicious activities, ranging from credential stuffing attacks using information exposed in data leaks to the creation of multiple online identities.
For businesses, the combination of bot threats can pose serious problems - especially when it comes to customer satisfaction and company reputation.
This webinar will discuss how bots attack, the negative consequences they can have on an organization and how merchants can protect themselves.
1. How bots attack (and types of bots)
2. The cost of bot fraud
3. Examples of ATO bot attacks
4. How businesses can fight back
Better fraud prevention, all around.
Many organizations rely on two-factor authentication (2FA) using one‑time passcodes (OTPs) sent by Short Message Service (SMS) to authenticate banking and ecommerce transactions. 2FA performed this way can be fast and easy, but SMS wasn’t designed to be a security tool.
Learn how your organization can leverage voice biometrics to protect customers and your brand by building the highest levels of protection, trust and loyalty.
KYC has its roots in the early 2000s in an effort to make it much more difficult for criminals to launder money through banks, insurers, and adjacent institutions, as well as to stop terrorism funding. However this approach has been made more and more difficult to help online businesses verify fraudsters.
Combined with social media lookup and strict KYC checks, we'll be looking at how we can implement better restrictions of fraudsters and help AML efforts.