Irene Brime
Head of B2B Communications
CashRun Pte Ltd
Hillel Krajzman
VP of Operations
Openbucks Corp.
Hard Limits
3
Amount Based Time Based
Merchant only allowscustomers to buy
3 times/week or no morethan $150/month
Merchants freezecustomers account for a
period of time
Easy for fraudsters to find out threshold &
exploit
Risk losing genuine customers,
Fraudsters can create multiple accounts
Same limits onall customers
Hard Limits
Prone to exploitation by fraudsters
Lose genuine customers
X
X
Dynamic Limits
Complex for fraudsters to exploit
Capitalise on high-spending customers
Tailored limits foreach & every customer
EyeballingLack of
Standardisation
Non-InstantUnacceptable
standards for Digital Products
Manual Verification
Frustrated CustomersTest customers’ patienceLose genuine customers
ScalabilityFraud teams requiremore time & resources$
BottleneckLarge volume to manually verifyFraud teams overwhelmed
Negative Impacts
Merchant A
Fully automated verification
Delivers instantly
No extra tests
Merchant B
Manual verification
Calls customers
Extra tests
Manual Verification
Harms conversion rates
X
Non ScalableX
100% Automation
Retain customers
Scalable
BackwardX Increasingly relevant
Summary
Modify fingerprintFraudsters
Bots &Softwares
Unsophisticated Fingerprint Detection
Module
Accepted
Deploy
Multilayered Fingerprintto detect these micro-changes
The trend is to move towards simplicity
Info from devices reduced
Plugins through NPAPI gone
Google removed NPAPI support from Chrome
Future of Device Fingerprint: Browsers
Future of Device Fingerprint: Mobile
Same screen size
Shared operating systems
Increasingly hard to return theplugins to the verification module
Systems tend to score negatively when acustomer has multiple information
Fail to recognise returning customers
3 examples
Same Customer, Multiple Email Addresses
Same Customer
Positive Risk Points
What should systems do instead?
Identify customers who use different information
Find out connections between customers
Avoid scoring negative points for such customers
Cyber Criminals
Fraud teamspanic
Blanket ban all orders from
specific IP address
Genuine customers
blocked
FRAUD!
When Fraud Happens…
Proxies
EvadeVerification
CorporateIP Disguise “Genuine Customer”
GenuineCustomers
MERCHANT
FraudsterGenuine
Customers
118.200.222.33127.570.232.11
FRAUD!
X
X
X X XMERCHANT
Examples
What’s the Solution?
Avoid Over Relianceon IP information:
Detrimental to Sales
IP Abnormalities are Common
IP Penetrating Technology to detect:
VMwares Fake Corporate IPs
Proxies Hosting IPs
IP Address
Blacklist
Whitelist
DeviceFingerprint
VelocityChecks
3DS
Etc.
Fraudsters Merchant
Wall of Protection Fraud Rate
MISCONCEPTION!
WE WANT YOUR FEEDBACK!
Please complete your session evaluation within the MRC mobile app or return a paper evaluation on your way out.
Prepaid & Digital Goods Fraud: Misuse of Fraud Prevention Tools
Speakers:Irene Brime, CashRun Pte LtdHillel Krajzman, Openbucks Corp.
Key Takeaways1) Takeaway 12) Takeaway 23) Takeaway 34) Takeaway 4
Top Related