What is Multi-Account Fraud? Simply put, Multi-account fraud is the method employed by fraudsters that leverages a number of accounts. For linear methods, this might entail experimentation/troubleshooting with the intention of identifying vulnerabilities.
For multi-system exploits, this would include identifying which aggregated data lakes are used during the determination process of a target platform. In this article, I will share with you a number of iterations for multi-account fraud, the execution involved, and strategy items to consider for each.
First, let’s cover a few examples of linear fraud methods. Linear fraud methods are simple, straightforward and fit the following model: Fraudster A uses compromised information B at a single touchpoint within the platform’s customer experience journey.
These methods serve as fundamental tactics akin to building blocks in the operation of a fraudster.
I will cover 3 and here and you will read how these methods can be combined further down the article.
1. Transaction Fraud (Carding)
Seated solely at the checkout form, this method uses compromised payment details to put through transactions. For the most basic forms, the fraudster will acquire payment details, navigate a website to the checkout form, input the details and submit. Fairly straightforward. Being the most basic form of fraud, fraudsters rely heavily on volume to monetize their efforts. This method applies to retail, marketplaces, digital deliverables, etc. The goal is to receive the product or service.
2. Account Takeovers
Seated solely at the login form, a successful account takeover results in the fraudster gaining access to an established account. The most common example of an ATO occurs when a fraudster obtains compromised username/password combinations and logs into a target account.
3. Social Engineering
Social engineering requires the exploitation of another person. For this reason, platforms are vulnerable through…
This is only a snippet of a eCommerce Article, please visit the Authors Website and Read the Full Article