book

Practical Fraud Prevention

by Gilit Saporta, Shoshana Maraney

March 2022

Beginner

394 pages

12h 39m

English

O'Reilly Media, Inc.

Audiobook available

Read now

Unlock full access

Foreword
Preface
Introduction to Practical Fraud PreventionHow to Read This BookWho Should Read This Book?Conventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgments
I. Introduction to Fraud Analytics
1. Fraudster Traits
Impersonation TechniquesDeception TechniquesSocial EngineeringThe Dark WebFraud Rings/LinkingVolatilityCard and Account TestingAbuse Versus FraudMoney Laundering and Compliance ViolationsSummary
2. Fraudster Archetypes
Amateur FraudsterCookie-Cutter FraudsterGig Economy FraudsterPsychological FraudsterProduct-Savvy FraudsterTech-Savvy FraudsterBot GeneratorHackerOrganized Crime FraudsterDistinction Between Organized Crime and Cookie-Cutter FraudstersSmall But Organized CrimeFriendly FraudsterPop QuizSummary
3. Fraud Analysis Fundamentals
Thinking Like a FraudsterA Professional Approach to FraudTreat Categories with CautionAccount Versus TransactionThe Delicate Balance Between Blocking Fraud and Avoiding FrictionProfit MarginsMaintaining Dynamic TensionThe Psychological CostTiers of TrustAnomaly DetectionPractical Anomaly Detection: Density Case StudyCrises: Planning and ResponseEconomic Stress Affects Consumers’ Situations—and DecisionsPrepare for Shifts in User BehaviorsInterdepartmental Communication and CollaborationFriendly FraudSummary
4. Fraud Prevention Evaluation and Investment
Types of Fraud Prevention SolutionsRules EnginesMachine LearningHybrid SystemsData Enrichment ToolsConsortium ModelBuilding a Research Analytics TeamCollaborating with Customer SupportMeasuring Loss and ImpactJustifying the Cost of Fraud Prevention InvestmentInterdepartmental RelationsData Analysis StrategyFraud Tech StrategyData Privacy ConsiderationsIdentifying and Combating New Threats Without Undue FrictionKeeping Up with New Fraud-Fighting ToolsSummary
5. Machine Learning and Fraud Modeling
Advantages of Machine LearningThe Challenges of Machine Learning in Fraud PreventionRelative Paucity of DataDelayed Feedback and OverfittingThe Labeled Data DifficultyIntelligent AdversaryExplainability, Ethics, and BiasDynamic Policies and the Merits of Story-Based ModelsData Scientists and Domain Experts: Best Practices for a Fruitful CollaborationWorking Well TogetherPopular Machine Learning ApproachesAccuracy Versus Explainability and PredictabilityClassification Versus ClusteringSummary
II. Ecommerce Fraud Analytics
6. Stolen Credit Card Fraud
Defining Stolen Credit Card FraudModus OperandiIdentificationMismatched IPRepeat Offender IPNonunique IPsMasked IPWarning: The Reliability of IP Analysis May Vary Depending on LocaleMitigationExample 1: Using IP Geolocation to Identify Legitimate Hotel IPsExample 2: Using IP Traffic Trends to Identify Fake-Hotel IPsExample 3: Using Hierarchy in Variable DesignUsing Hierarchy in IP Typology Variable DesignSummary

7. Address Manipulation and Mules
So Many Different Ways to StealPhysical Interception of Package: Porch PiracyPhysical Interception of Package: Convince the CourierSend Package to a Convenient Location: Open House for FraudSend Package to a Convenient Location: ReshippersRemote Interception of Package: Convince Customer SupportRemote Interception of Package: AVS ManipulationMule Interception of PackageMore Advanced: Adding an Address to the CardMore Advanced: Adding an Address to Data Enrichment ServicesMore Advanced: Dropshipping Direct/TriangulationIdentification and MitigationOpen HouseMulesReshippersSummary
8. BORIS and BOPIS Fraud
Identification and MitigationPickup and Return: Educating Employees Outside Your DepartmentPolicy Decisions: Part of Fraud PreventionOnline Identification and MitigationSummary
9. Digital Goods and Cryptocurrency Fraud
Definition and Fraudster MOTicketing FraudGift Card FraudSocial EngineeringIdentification and MitigationSummary
10. First-Party Fraud (aka Friendly Fraud) and Refund Fraud
Types of Friendly FraudGenuine MistakeFamily FraudBuyer’s Remorse, Customer Resentment, and Mens ReaFraud Versus AbuseThe Tendency to Tolerate AbuseReseller AbuseRefund FraudIdentification and MitigationIdentificationMitigationSummary
III. Consumer Banking Fraud Analytics
11. Banking Fraud Prevention: Wider Context
Differences Between Banking and EcommerceThe Context of CybercrimeSocial Engineering in BankingA Note on PerspectiveDeepfakes: A Word of WarningSummary
12. Online Account Opening Fraud
False Accounts: ContextIdentification and MitigationAsking Questions, Mapping the StoryDocument VerificationCustomer PersonasData RetentionSummary
13. Account Takeover
ATO: Fueled by Stolen DataThe Attack Stages of ATOThe Advantages of ATOOverlay AttacksIdentification and MitigationBiometricsMultifactor AuthenticationDevice FingerprintingNetwork ContextCustomer KnowledgeDynamic FrictionExample: Identifying a Trusted SessionSummary
14. Common Malware Attacks
Types of Malware AttacksAs Part of Phishing AttacksMalware with Social EngineeringIdentification and MitigationCollaboration Is KeyAnomaly DetectionSummary
15. Identity Theft and Synthetic Identities
How Identity Fraud WorksIdentification and MitigationLinkingCollaborationSummary
16. Credit and Lending Fraud
Nonprofessional Fraudsters Engaging in Credit and Lending FraudProfessional Fraudsters and Credit and Lending FraudBuy Now Pay Later FraudIdentification and MitigationSummary
IV. Marketplace Fraud
17. Marketplace Attacks: Collusion and Exit
Types of Collusion AttacksMoney LaunderingFeedback Padding and ScamsIncentives and Refund AbuseSelling Illegal GoodsThe Gig Economy of FraudIdentification and MitigationWhy Proximity Is Different in MarketplacesThinking Beyond Immediate Fraud PreventionSummary
18. Marketplace Attacks: Seller Fraud
Types of Seller FraudSeller Slipup Segues into FraudScamsDubious GoodsIdentification and MitigationSeller Slipup Segues into FraudScamsDubious GoodsSummary
V. AML and Compliance Analytics
19. Anti–Money Laundering and Compliance: Wider Context
AML Challenges and AdvantagesSummary
20. Shell Payments: Criminal and Terrorist Screening
How Shell Payments WorkIdentification and MitigationCriminal and Terrorist ScreeningSummary
21. Prohibited Items
Identification and MitigationSummary
22. Cryptocurrency Money Laundering
Cryptocurrency: More Regulated Than You Think, and Likely to Become More SoThe Challenge of Cryptocurrency Money LaunderingIdentification and MitigationKYC: Combating Money Laundering from the StartBeyond KYCSummary
23. Adtech Fraud
The Ultimate Money MakerBeyond Bot Detection: Looking into Invisible AdsBot Identification in Adtech and BeyondSummary
24. Fraud, Fraud Prevention, and the Future
Collaboration in the Era of “The New Normal”
Index
About the Authors

Content preview from Practical Fraud Prevention

Chapter 11. Banking Fraud Prevention: Wider Context

You know I work all day to get you money to buy you things…

The Beatles¹

This chapter sets the scene for a focus on banking, laying the foundation for the chapters ahead and highlighting some features, such as social engineering and deepfakes, which are relevant contexts for all the banking chapters rather than being especially relevant to any particular chapter.

Differences Between Banking and Ecommerce

There are two main differences between the experience of fraud prevention at a bank or other financial institution and the experience of fraud prevention at an ecommerce company or online marketplace. We want to highlight these distinctions here as important context for the remainder of the book.

The first difference is that, compared to ecommerce businesses, banks are relatively data poor when it comes to individual transactions or in-session data. An ecommerce fraud team, analyzing a transaction to decide whether to approve or decline it, can look at the details of the product being purchased, the journey the customer took on the website, the journeys other customers took on previous visits to the site, and a wealth of metadata relating to the device, IP, and so on. Banks have none of that. They have, more or less, the information the customer enters at checkout, together with what they see when the customer is in session at their bank. It’s not nothing, but it’s thin indeed compared to what ecommerce fraud fighters see. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Defensive Security Handbook, 2nd Edition

Lee Brotherston, Amanda Berlin, William F. Reyor

Fraud Analytics Using Descriptive, Predictive, and Social Network Techniques: A Guide to Data Science for Fraud Detection

Bart Baesens, Veronique Van Vlasselaer, Wouter Verbeke

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide, 10th Edition

Mike Chapple, James Michael Stewart, Darril Gibson

Learning Digital Identity

Phillip J. Windley

Publisher Resources

ISBN: 9781492093312Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Practical Fraud Prevention

by Gilit Saporta, Shoshana Maraney

Chapter 11. Banking Fraud Prevention: Wider Context

Differences Between Banking and Ecommerce

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.