book

Practical Fraud Prevention

by Gilit Saporta, Shoshana Maraney

March 2022

Beginner

394 pages

12h 39m

English

O'Reilly Media, Inc.

Audiobook available

Read now

Unlock full access

Foreword
Preface
Introduction to Practical Fraud PreventionHow to Read This BookWho Should Read This Book?Conventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgments
I. Introduction to Fraud Analytics
1. Fraudster Traits
Impersonation TechniquesDeception TechniquesSocial EngineeringThe Dark WebFraud Rings/LinkingVolatilityCard and Account TestingAbuse Versus FraudMoney Laundering and Compliance ViolationsSummary
2. Fraudster Archetypes
Amateur FraudsterCookie-Cutter FraudsterGig Economy FraudsterPsychological FraudsterProduct-Savvy FraudsterTech-Savvy FraudsterBot GeneratorHackerOrganized Crime FraudsterDistinction Between Organized Crime and Cookie-Cutter FraudstersSmall But Organized CrimeFriendly FraudsterPop QuizSummary
3. Fraud Analysis Fundamentals
Thinking Like a FraudsterA Professional Approach to FraudTreat Categories with CautionAccount Versus TransactionThe Delicate Balance Between Blocking Fraud and Avoiding FrictionProfit MarginsMaintaining Dynamic TensionThe Psychological CostTiers of TrustAnomaly DetectionPractical Anomaly Detection: Density Case StudyCrises: Planning and ResponseEconomic Stress Affects Consumers’ Situations—and DecisionsPrepare for Shifts in User BehaviorsInterdepartmental Communication and CollaborationFriendly FraudSummary
4. Fraud Prevention Evaluation and Investment
Types of Fraud Prevention SolutionsRules EnginesMachine LearningHybrid SystemsData Enrichment ToolsConsortium ModelBuilding a Research Analytics TeamCollaborating with Customer SupportMeasuring Loss and ImpactJustifying the Cost of Fraud Prevention InvestmentInterdepartmental RelationsData Analysis StrategyFraud Tech StrategyData Privacy ConsiderationsIdentifying and Combating New Threats Without Undue FrictionKeeping Up with New Fraud-Fighting ToolsSummary
5. Machine Learning and Fraud Modeling
Advantages of Machine LearningThe Challenges of Machine Learning in Fraud PreventionRelative Paucity of DataDelayed Feedback and OverfittingThe Labeled Data DifficultyIntelligent AdversaryExplainability, Ethics, and BiasDynamic Policies and the Merits of Story-Based ModelsData Scientists and Domain Experts: Best Practices for a Fruitful CollaborationWorking Well TogetherPopular Machine Learning ApproachesAccuracy Versus Explainability and PredictabilityClassification Versus ClusteringSummary
II. Ecommerce Fraud Analytics
6. Stolen Credit Card Fraud
Defining Stolen Credit Card FraudModus OperandiIdentificationMismatched IPRepeat Offender IPNonunique IPsMasked IPWarning: The Reliability of IP Analysis May Vary Depending on LocaleMitigationExample 1: Using IP Geolocation to Identify Legitimate Hotel IPsExample 2: Using IP Traffic Trends to Identify Fake-Hotel IPsExample 3: Using Hierarchy in Variable DesignUsing Hierarchy in IP Typology Variable DesignSummary

7. Address Manipulation and Mules
So Many Different Ways to StealPhysical Interception of Package: Porch PiracyPhysical Interception of Package: Convince the CourierSend Package to a Convenient Location: Open House for FraudSend Package to a Convenient Location: ReshippersRemote Interception of Package: Convince Customer SupportRemote Interception of Package: AVS ManipulationMule Interception of PackageMore Advanced: Adding an Address to the CardMore Advanced: Adding an Address to Data Enrichment ServicesMore Advanced: Dropshipping Direct/TriangulationIdentification and MitigationOpen HouseMulesReshippersSummary
8. BORIS and BOPIS Fraud
Identification and MitigationPickup and Return: Educating Employees Outside Your DepartmentPolicy Decisions: Part of Fraud PreventionOnline Identification and MitigationSummary
9. Digital Goods and Cryptocurrency Fraud
Definition and Fraudster MOTicketing FraudGift Card FraudSocial EngineeringIdentification and MitigationSummary
10. First-Party Fraud (aka Friendly Fraud) and Refund Fraud
Types of Friendly FraudGenuine MistakeFamily FraudBuyer’s Remorse, Customer Resentment, and Mens ReaFraud Versus AbuseThe Tendency to Tolerate AbuseReseller AbuseRefund FraudIdentification and MitigationIdentificationMitigationSummary
III. Consumer Banking Fraud Analytics
11. Banking Fraud Prevention: Wider Context
Differences Between Banking and EcommerceThe Context of CybercrimeSocial Engineering in BankingA Note on PerspectiveDeepfakes: A Word of WarningSummary
12. Online Account Opening Fraud
False Accounts: ContextIdentification and MitigationAsking Questions, Mapping the StoryDocument VerificationCustomer PersonasData RetentionSummary
13. Account Takeover
ATO: Fueled by Stolen DataThe Attack Stages of ATOThe Advantages of ATOOverlay AttacksIdentification and MitigationBiometricsMultifactor AuthenticationDevice FingerprintingNetwork ContextCustomer KnowledgeDynamic FrictionExample: Identifying a Trusted SessionSummary
14. Common Malware Attacks
Types of Malware AttacksAs Part of Phishing AttacksMalware with Social EngineeringIdentification and MitigationCollaboration Is KeyAnomaly DetectionSummary
15. Identity Theft and Synthetic Identities
How Identity Fraud WorksIdentification and MitigationLinkingCollaborationSummary
16. Credit and Lending Fraud
Nonprofessional Fraudsters Engaging in Credit and Lending FraudProfessional Fraudsters and Credit and Lending FraudBuy Now Pay Later FraudIdentification and MitigationSummary
IV. Marketplace Fraud
17. Marketplace Attacks: Collusion and Exit
Types of Collusion AttacksMoney LaunderingFeedback Padding and ScamsIncentives and Refund AbuseSelling Illegal GoodsThe Gig Economy of FraudIdentification and MitigationWhy Proximity Is Different in MarketplacesThinking Beyond Immediate Fraud PreventionSummary
18. Marketplace Attacks: Seller Fraud
Types of Seller FraudSeller Slipup Segues into FraudScamsDubious GoodsIdentification and MitigationSeller Slipup Segues into FraudScamsDubious GoodsSummary
V. AML and Compliance Analytics
19. Anti–Money Laundering and Compliance: Wider Context
AML Challenges and AdvantagesSummary
20. Shell Payments: Criminal and Terrorist Screening
How Shell Payments WorkIdentification and MitigationCriminal and Terrorist ScreeningSummary
21. Prohibited Items
Identification and MitigationSummary
22. Cryptocurrency Money Laundering
Cryptocurrency: More Regulated Than You Think, and Likely to Become More SoThe Challenge of Cryptocurrency Money LaunderingIdentification and MitigationKYC: Combating Money Laundering from the StartBeyond KYCSummary
23. Adtech Fraud
The Ultimate Money MakerBeyond Bot Detection: Looking into Invisible AdsBot Identification in Adtech and BeyondSummary
24. Fraud, Fraud Prevention, and the Future
Collaboration in the Era of “The New Normal”
Index
About the Authors

Content preview from Practical Fraud Prevention

Chapter 7. Address Manipulation and Mules

Here, there and everywhere…

The Beatles¹

If your job includes protecting a retailer that deals in tangible shipping items, this chapter is for you. If you work purely in digital goods or financial services, this chapter may be less relevant—however, fraud analysts in banking should take note that some of these tricks are used against your customers occasionally, targeting new credit or debit cards. Essentially, if there’s something physical being shipped, fraudsters are interested in targeting it.

So Many Different Ways to Steal

Even the most amateur fraudsters know that dealing with the shipping address is a fraud challenge. Unlike cookies, IP manipulation, device information, and other, more subtle signs of identity, physical address is a problem that stares the fraudster in the face when they try to place an order. They want to steal an object or objects. That means they need to get their hands on it. What are their options? They can send it directly to their own address, but that would be far too obvious a sign that the shipping and billing addresses have no connection and that fraud is in play, and would give their real address to people who might try to send law enforcement there. And besides, often the fraudster lives in a different country from the victim.

The problem boils down to this: the fraudster needs to look like the cardholder, or at least like someone the cardholder would plausibly be sending the item to (e.g., a relative). ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Defensive Security Handbook, 2nd Edition

Lee Brotherston, Amanda Berlin, William F. Reyor

Fraud Analytics Using Descriptive, Predictive, and Social Network Techniques: A Guide to Data Science for Fraud Detection

Bart Baesens, Veronique Van Vlasselaer, Wouter Verbeke

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition

Mike Chapple, James Michael Stewart, Darril Gibson

Learning Digital Identity

Phillip J. Windley

Publisher Resources

ISBN: 9781492093312Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Practical Fraud Prevention

by Gilit Saporta, Shoshana Maraney

Chapter 7. Address Manipulation and Mules

So Many Different Ways to Steal

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.