What color is your fraud ?

And what does the Oxford dictionary define as a process? A set of phenomena, conceived as active and organised over time”.
So let’s unpack this definition for a better understanding of the subject…

“Set of phenomena“
Admittedly, this is a very broad definition. Chronologically, the first phenomenon to be identified and observed is the fault that is exploited and the influence that can be exerted to mitigate it.

From the point of view of the person exploiting the flaw, the question that arises is what level of involvement they will have. This will determine whether he can be labelled a ‘fraudster’ or a ‘cheat’. Both commit fraud.

But the fraudster is a professional. He has worked on his subject and his organisation. They run a small, high-volume business. He will automate as much as possible (bots). They protect their identity. Identifying it and recovering it is a challenge.

The cheater, on the other hand, is more of an amateur. They are opportunists and count on a certain impunity. They don’t hide their identity, if at all. That’s a good thing for recovering it…

Over the years, there has been increasing overlap between fraudsters and cheats. First with the phenomenon of ‘mules’ (‘cheats’ duped and recruited by ‘fraudsters’ to redirect parcels), now with ‘fraud as a service’ (“cheats” contracting with ‘fraudsters’ to share the benefits of fraud, particularly in return fraud).

“Conceived as an active“

The degree of activity is decisive. It is what betrays the ‘set of phenomena’. Observation of velocity is fundamental to the fight against fraud.

To do this, you need to know how to make everything that can be observed quantifiable. Because fraud adapts. Today, it is no longer enough to observe the number of events attached to an e-mail address. We need to be able to dissect the structure of that e-mail address and see how representative it is of the whole. Is it within the statistical norm (e.g. an e-mail address with an atypical domain and a username made up of a large number of digits)? If not, is there an over-representation of e-mail addresses with the same characteristics over a relatively recent period?

And you need to be able to do this for each piece of data. For each, you need to be able to associate as much information as possible.

“Organised in time“
Time management. Strike ‘fast and hard’ or ‘stay under the radar’ to exploit the loophole for as long as possible. Fraudsters do both. Cheaters tend to do the latter.

For the latter, there is often nothing like the watch list. We may not have believed in Father Christmas for a long time, but it’s clear that having a ‘naughty list’ is essential. Because cheats are often ‘small-time fraudsters’, they practice ‘stop and go’. So they can stop for a while and then come back again. Of course, everyone can benefit from the ‘right to forget’. That’s why the best practice is to create a multi-factor reputation score.

“What now?“
By understanding the motivation of the ‘opposing camp’, analysing their practices and identifying their tools, we can build a response that is appropriate and sustainable.

For example, in an online environment. For fallible events, what is the number one fraud risk indicator if I am offering services or to humans? Well, the indication that I’m dealing with a ‘non-human’. So, very early on in the process, I set up a bot identification tool. Once it’s been addressed, what do I want to determine? Do I “know” the individual associated with the event I’m analysing? If so, am I in a position to have evidence that it is indeed him (risk of usurpation / account takeover)? If not, do I still have the elements to confirm that it is a reliable identity (digital identity with standard attributes)?

It is this set of questions that enables you to build a decision tree. Here’s an example : Decision Tree.

So, do you have a green thumb?