Bot attacks, false invoices, money laundering, phishing attempts — these are just a few of the ways a company can experience fraud. And thanks to the digital shift during the pandemic, online scams are only getting worse.
“Every second online merchant has become a victim of some kind of fraud,” says Aleksandr Khelemskiy, product owner of risk management platform Covery. “Many don’t even know it yet, as some schemes take months to be noticed.”
But don’t stress — we’ve gathered a list of best practices to level up your cybersecurity efforts, and keep your money out of fraudsters’ pockets.
1. Know your customer
Identity fraud — or where someone creates an identity to defraud a business — has been on the rise since the start of Covid-19.
A recent study found the cost of fraud soared to $56bn in 2020, with identity theft cases accounting for almost $43bn alone.
Liudmila Sakovich, one of Covery’s risk analysts, cites account takeovers (a form of identity theft used to gain access to a victim’s bank or other details) and synthetic identity theft (where a criminal combines real and fake information to create a new identity) as common examples.
But all is not lost. “There are several kinds of fraud that can break a startup, but businesses can significantly decrease fraud volumes in their online interactions with customers by integrating a risk management solution,” she says.
There are several kinds of fraud that can break a startup, but businesses can significantly decrease fraud volumes in their online interactions with customers by integrating a risk management solution
Risk management solutions depend on the business, but in general they’re needed when businesses go through the process of identifying and assessing threats to their capital and earnings. Sakovich says startups should verify customers’ identities through automatic checks, including background checks, by using a risk management platform.
2. Beware ‘friendly fraud’
Another type of fraud startups should be aware of is ‘friendly fraud’ — which isn’t as nice as it sounds. Friendly fraud is when a consumer makes a purchase online with their own card and then disputes the charge with the bank, requesting a chargeback, after receiving the goods or services.
Khelemskiy says companies in industries such as ecommerce, online dating and online gaming often struggle with chargebacks and the transaction fees that come with them when they onboard new customers. But identifying attack patterns can reduce these fees.
At least, this is how it went for a Covery customer, who suffered from a competitor’s fraudulent activity; Covery helped them detect and stop the scheme, Khelemskiy says, reducing their number of fraud cases by 80% and payment processing fees by 70%.
Khelemskiy adds when Covery investigated an alleged friendly fraud case for one of their customers, it uncovered past undetected schemes that amounted to $300k in losses. By that point the damage had already been done, but Covery helped implement real-time customer checks and device fingerprinting — where devices like computers and phones are identified by collecting information about their software and hardware — to prevent future fraudulent transactions.
3. Use multiple solutions
Because there are so many areas where a company can be vulnerable, it’s important to utilise a combination of defensive solutions, from digital verification to monitoring transactions in real time.
“The thing is, a simple identity document verification is no longer enough to detect and prevent new frauds,” says Luidas Kanapienis, cofounder and CEO of Ondato, one of Covery’s partners.
“With more businesses providing their services and goods online, fraudsters are moving into cyberspace too, inventing new sophisticated scam patterns that are increasingly hard to avert,” Kanapienis says. “For maximum protection, every company needs not just one solution but a complex set of features.”
For maximum protection, every company needs not just one solution but a complex set of features.
International payment processing platform Maxpay selected Covery to be its risk management platform, as anti-fraud tools often only manage specific issues. “The idea behind Covery is that it’s a multi-tasking tool able to perform all risk management and prevention actions necessary,” a Maxpay rep told Sifted.
4. Utilise machine learning
One solution every startup should be looking at is utilising AI and machine learning tools, says Khelemskiy. This is particularly useful for small teams.
“When you have an abundance of data, a single risk manager or business owner is not always able to determine all the correlations between certain data and fraudulent behavior of customers,” he says. “This is when AI lends a hand.”
Khelemskiy says technology can “analyse vast databases to discover normal payment patterns and flag suspicious transactions on the fly,” completing the work faster and more efficiently than a human could. A correctly trained algorithm can also identify fraudulent actions more precisely based on more than 50 parameters, he adds.
5. New products and services mean new vulnerabilities
Naturally when a company starts to scale and expand, new threats add to existing ones. One such threat is when a startup adds a new product, service or feature to their offerings, says Khelemskiy, which scammers keep a close eye on.
“Fraudsters always try to exploit anything your business provides to enable money laundering or getting the product/service for free,” he says.
In this case, the best fraud prevention is thinking about where your company could be vulnerable and planning accordingly.
“When planning new products/features, first and foremost think of the loopholes and vulnerabilities they’ll introduce,” says Khelemskiy. “You should test all the new functionality extensively before releasing it and monitor it closely afterwards to prevent significant losses.”
When planning new products/features, first and foremost think of the loopholes and vulnerabilities they’ll introduce
For more in-depth insights on the latest anti-fraud tech trends and innovations, join the Covery webinar on the 27th of May, where industry experts will discuss risk management and anti-fraud protection best practices in 2021.