• Easy to hijack: A stolen cookie can be enough to steal someone’s online identity.
• Rich in sensitive data: Usernames, sessions, preferences… all this information can be exploited for targeted attacks.
• Invisible to the user: Most internet users are unaware of the scope of the information stored, which facilitates fraud.

The impact on your brand

• Advertising fraud: Falsified cookies artificially inflate impressions and clicks, distorting your KPIs and increasing your costs.
• Session hijacking: Hackers can access customer accounts, generating fraudulent transactions.
• Reputational damage: A vulnerability exploited via cookies can damage your image and your GDPR compliance.

Examples of techniques used by fraudsters

• Session sniffing: Interception of cookies on unsecured websites.
• XSS injection: Malicious scripts to steal cookies.
• CSRF: Fraudulent actions performed without the user’s knowledge.
• Predictable credentials: Exploitation of weak algorithms to guess sessions.

How to protect your digital ecosystem?

• Proactive monitoring: Detecting anomalies in cookie-related behaviour.
• Advanced anti-fraud solutions: Identifying falsified or cloned cookies.
• Awareness and transparency: Informing your users and building trust.

Conclusion
Cookies are valuable tools for improving user experience and optimising marketing strategies. However, their exploitation by fraudsters poses a major risk: session theft, identity theft, advertising fraud, etc. These threats can impact customer confidence, distort your metrics and damage your image.

To remain competitive and protect your digital ecosystem, it is essential to take a proactive approach: secure your customer journeys, integrate anti-fraud solutions, and inform your users. Protecting cookies means protecting your business and your reputation.

Contact us to secure your customer journeys and build trust in your services.

The post Cookies: a marketing ally… but also a loophole for fraud appeared first on Oneytrust.

And what does the Oxford dictionary define as a process? A set of phenomena, conceived as active and organised over time”.
So let’s unpack this definition for a better understanding of the subject…

“Set of phenomena“
Admittedly, this is a very broad definition. Chronologically, the first phenomenon to be identified and observed is the fault that is exploited and the influence that can be exerted to mitigate it.

From the point of view of the person exploiting the flaw, the question that arises is what level of involvement they will have. This will determine whether he can be labelled a ‘fraudster’ or a ‘cheat’. Both commit fraud.

But the fraudster is a professional. He has worked on his subject and his organisation. They run a small, high-volume business. He will automate as much as possible (bots). They protect their identity. Identifying it and recovering it is a challenge.

The cheater, on the other hand, is more of an amateur. They are opportunists and count on a certain impunity. They don’t hide their identity, if at all. That’s a good thing for recovering it…

Over the years, there has been increasing overlap between fraudsters and cheats. First with the phenomenon of ‘mules’ (‘cheats’ duped and recruited by ‘fraudsters’ to redirect parcels), now with ‘fraud as a service’ (“cheats” contracting with ‘fraudsters’ to share the benefits of fraud, particularly in return fraud).

“Conceived as an active“

The degree of activity is decisive. It is what betrays the ‘set of phenomena’. Observation of velocity is fundamental to the fight against fraud.

To do this, you need to know how to make everything that can be observed quantifiable. Because fraud adapts. Today, it is no longer enough to observe the number of events attached to an e-mail address. We need to be able to dissect the structure of that e-mail address and see how representative it is of the whole. Is it within the statistical norm (e.g. an e-mail address with an atypical domain and a username made up of a large number of digits)? If not, is there an over-representation of e-mail addresses with the same characteristics over a relatively recent period?

And you need to be able to do this for each piece of data. For each, you need to be able to associate as much information as possible.

“Organised in time“
Time management. Strike ‘fast and hard’ or ‘stay under the radar’ to exploit the loophole for as long as possible. Fraudsters do both. Cheaters tend to do the latter.

For the latter, there is often nothing like the watch list. We may not have believed in Father Christmas for a long time, but it’s clear that having a ‘naughty list’ is essential. Because cheats are often ‘small-time fraudsters’, they practice ‘stop and go’. So they can stop for a while and then come back again. Of course, everyone can benefit from the ‘right to forget’. That’s why the best practice is to create a multi-factor reputation score.

“What now?“
By understanding the motivation of the ‘opposing camp’, analysing their practices and identifying their tools, we can build a response that is appropriate and sustainable.

For example, in an online environment. For fallible events, what is the number one fraud risk indicator if I am offering services or to humans? Well, the indication that I’m dealing with a ‘non-human’. So, very early on in the process, I set up a bot identification tool. Once it’s been addressed, what do I want to determine? Do I “know” the individual associated with the event I’m analysing? If so, am I in a position to have evidence that it is indeed him (risk of usurpation / account takeover)? If not, do I still have the elements to confirm that it is a reliable identity (digital identity with standard attributes)?

It is this set of questions that enables you to build a decision tree. Here’s an example : Decision Tree.

So, do you have a green thumb?

The post What color is your fraud ? appeared first on Oneytrust.

E-commerce has grown by leaps and bounds since the early 2000s, and with it, fraud has continued to evolve. According to the FEVAD figures communicated at this Round Table, 72% of e-retailers are profitable or break-even, which clearly shows that e-commerce is a profitable business. And e-commerce is also a job creator, with 41% of e-retailers having created jobs by 2024.

2000-2005: the beginnings of e-commerce

The arrival of the Internet in homes marked the start of a new consumer channel. The first e-commerce sites appeared, often with little security. Fraudulent behaviour remained small-scale, but was already a cause for concern.

2005-2010: the boom in e-commerce… and fraud

E-commerce becomes more democratic with the rise of marketplaces and the first major peaks in online consumption. At the same time, fraud is becoming more structured, targeting payments and technical flaws.

2010-2015: the social networking effect and the expansion of fraud profiles

Facebook, Instagram and other platforms are giving rise to new uses… but also new vectors for fraud. Content linked to fraudulent methods is becoming accessible to everyone. The profile of fraudsters is changing, from organised networks to everyday opportunists.

2015-2020: regulation, PSD2 and increasingly complex payment transactions

The entry into force of PSD2 in Europe (Payment Services Directive) requires strong authentication. The aim is to make payments more secure. As a result, fraudsters are moving to other areas (PayPal disputes, neo-banks, refunds, etc.). Human error is becoming a major target.

2020-2025: industrialisation, cybercrime and AI

The boundaries between fraud and cybercrime are becoming blurred. Attacks are becoming more professional, and fraudsters’ tools are becoming ultra-technical, sometimes doped with AI.

At the same time, merchants are having to cope with tighter regulation (BNPL, consumer credit framework), ever more demanding customer journeys, and increasing pressure on security… without compromising the user experience.

The next 25 years: human intelligence at the heart of the battle

The next few years promise to be just as decisive. Deepfake, synthetic identities, behavioural fraud and offensive AI are shaking things up.

But one thing remains certain: it is human intelligence that will make the difference. Where automated models can be fooled by a synthetic identity, the human expertise built into our approach can detect anomalies.

Why merchants need to (re)think their anti-fraud strategy

With fraudsters becoming ever more equipped, merchants’ anti-fraud strategy can no longer rely solely on technology or compliance.

The keys to effective fraud prevention today :

• Combine technical and behavioural approaches
• Work with partners who are familiar with emerging patterns
• Anticipating regulatory changes (DSP3, IA Act, consumer credit, etc.)
• Combining business performance and security

It is with this in mind that Oneytrust has been working with the biggest e-commerce players for 25 years.

Our mission: to create trust, without friction.

Would you like to find out more about our anti-fraud solutions?

Please contact us.

Meet our fraud experts and find out how Oneytrust can turn your security into a competitive advantage.

The future of e-commerce is being built today. Together, let’s build it on trust.

The post 25 years of fighting fraud: retrospective, changes and the future of e-commerce appeared first on Oneytrust.