October 12, 2017
By Rob Friedman, Executive Vice President and Co-Founder, Digital Element
Combating account takeover (ATO) fraud was at the forefront of many merchants’ minds during the 2017 CNP Expo (watch a rebroadcast of a CNP Webinar detailing the main takeaways from the annual event). Fraudsters continue to use increasingly more intelligent techniques and complex methods in order to gain access to online shoppers’ credentials. One of the most effective methods of safeguarding shoppers is to use a combination of solutions that address fraud at every customer touch point. Having IP Intelligence in place as a front-line fraud-prevention tool helps stop fraud in its tracks, preventing any subsequent identity theft and the associated monetary losses.
The Rising Tide of Account Takeovers
With ATO, cybercriminals use stolen personal information―usernames, passwords, emails, physical addresses, phone numbers and more―to gain access to a victim’s accounts (e.g., credit cards, bank accounts, rewards programs, online payment services, etc.). Unlike the theft of credit card information, which only goes so far once the consumer recognizes the fraud and cancels the card, account takeovers give fraudsters the gift of time and can be used for a variety of nefarious activities including unauthorized withdrawals from bank accounts, fraudulent e-commerce transactions, spam, phishing attacks, and virtual currency fraud (i.e., theft of reward or promotional points).
With reports showing that account takeovers accounted for more than $2.3 billion in losses last year―a 61-percent increase compared to 2015―merchants’ concerns are more than legitimate. Recognizing the sophistication and far-reaching impacts associated with ATO, it’s easy to understand why account takeover continues to be one of the most challenging consumer fraud types. Victims paid an average of $263 in out-of-pocket costs and spent a total of 20.7 million hours to resolve it in 2016—6 million more than in 2015.
Multiple Technology Solutions Working in Tandem
The first quarter 2017 recorded another high level of attacks on e-commerce sites (7.3 percent) with more than 80 million rejected transactions, representing a 45-percent increase over the previous year. Much of this increase can be attributed to the billions of stolen credentials available on the dark web, a black market of thousands of secret websites.
Not only does the actual fraud hurt, but making inadvertently wrong decisions to avoid fraud costs also impacts merchants. Up to 25 percent of declined sales transactions for e-commerce merchants were actually legitimate. Fraud tests are known to have huge rates of false positives. Online retailers are definitely paying a price in turning away more legitimate customers and manually reviewing more orders, according to reports. Forty-six percent of retailers said the cost of personnel who conduct manual reviews represented the largest share of their fraud-prevention budgets.
These are substantial numbers, yet careful management of the authentication process and deployment of the right tools can yield significant results in terms of online fraud reduction.
The most effective fraud prevention involves multiple technology solutions working in tandem to identify who real customers are and how they perform activities and transactions online. Accurately recognizing a user’s digital identity can be based on a variety of data parameters (location, device type, etc.) and combined with behavioral analytics to help merchants more successfully distinguish between legitimate consumers and potential fraudsters, enabling them to block high-risk activities in real time.
IP geolocation information ranks in the top five of all tools deployed by merchants using automated screening systems―along with company-specific fraud-scoring models, paid-for public records searches, in-house negative lists, and contacting customers to verify orders. The repercussions from account takeovers can be circumvented by running all incoming IP addresses against IP geolocation databases. Merchants can look for inconsistencies in account access patterns, transaction history and other factors that serve as real-time indicators of ATO.
Putting IP Geolocation Information to Work
Specific examples of how IP geolocation data can be used in ATO applications:
- IP geolocation checks identify the location of online users and can be beneficial in recognizing logins from high-risk countries
- IP velocity checks scan for repeated transaction attempts from the same computer in a short period of time, filtering for physical location “impossibilities” (e.g., an attempt at 3 p.m. in Atlanta, then again at 3:15 p.m. from Los Angeles)
- Proxy piercing identifies suspicious access from hosting sites, anonymous proxies, Tor nodes, private VPN providers, etc.
Building smarter rules around fraud detection and automating the process is proven to increase detection rates, reduce false positives and improve the shopping experience. IP geolocation technology can be used to automatically block suspect traffic, request verification (via email or SMS), or flag suspect activity for further internal review.
However, not all IP solutions are created equal. There is a vast chasm between those solution providers that simply repackage publicly available data and the premium providers that deploy multiple methodologies to analyze IP routing infrastructure.
There are several suppliers and systems available that can determine where an IP is and, for a small investment, can provide that location―but is it the right one? Determining the correct location of an IP address and discovering other critical fraud-prevention data, such as proxies, requires advanced infrastructure analysis, as opposed to simply “scraping” internet registries or repackaging publicly available free data.
Premium IP data, at its most granular level, can accurately locate internet users down to the ZIP+4 level without invading their privacy. But, geography is only part of the fraud-detection landscape. Smart merchants take IP geolocation further than just location by using advanced intelligence parameters to identify proxies, VPNs, anonymizers, tors, mobile devices, ISPs, domains and hosting centers. By incorporating more than just geography data, retailers can identify greater numbers of suspicious online connections.
Understanding where and how visitors connect to a retail site can result in more accepted orders, less false positives and reduced fraud. Based on analysis of results extracted from Digital Element’s customer base alone, IP geolocation technology has been proven to reduce fraudulent activity by as much as 90 percent. In fact, 51 percent of merchants are currently using IP geolocation information as one layer of fraud prevention, with another 13 percent planning to add it.
Mobile Transactions Still Create an IP Connection
Data also reveals rising fraud in the mobile channel: Approximately 60 percent of fraudulent transactions originate from a mobile device.
Using a mobile device for ecommerce and completing the purchase still creates an IP connection. More than 80 percent of mobile users are connecting via fixed Wi-Fi connections due to speed, convenience or cost―with less than 20 percent connected via 3G, 4G or LTE. A Wi-Fi connection is just the same as a desktop setup in that IP Intelligence can accurately determine the Wi-Fi location and the type of proxy being used so the same rules apply. If the connection is via 3G, 4G or LTE, then network characteristics identifying the service provider and its connection hub are seen.
There needs to be more awareness and understanding about the value of investing in a multi-layered approach for fraud mitigation. Findings show that the right multi-layered approach can justify upfront costs of the solution investment as greater accuracy yields more positive results on the bottom line.
The ability to assign definable attributes to otherwise anonymous internet customers―and to use that information for real-time online identity verification―is proving to be an excellent first line of defense in the fight against would-be online criminals who believe the internet provides a safe haven for cybercrime.
Rob Friedman is co-founder and executive vice president at Digital Element, a provider of IP intelligence and geolocation solutions. Since 1999, Rob has been at the forefront of the IP intelligence movement in the digital space. He has worked closely with retailers and other businesses across the spectrum to ensure that they are getting the most out of their online fraud detection and prevention solutions.