Digital Transactions Authoritative, insightful and timely information for payments professionals
As businesses grapple with today’s economic uncertainty, many are facing difficult budget and resource constraints. But as company leaders focus on the slowing economy, they must not forget about cybercriminals.
Placing fraud prevention on the backburner risks falling behind sophisticated fraudsters, who constantly take advantage of economic uncertainty, and refine and employ new fraud-as-a-service methods—the term used to describe criminals who use stolen accounts and payment data on the Deep and Dark Web to commit fraud on behalf of their paying customers.
As a fraud researcher, I spend a significant amount of time identifying the latest schemes appearing on the Deep and Dark Web. Over the past two years, scammers have more frequently turned to secure messaging apps, such as Telegram and WhatsApp, to commit illegal activity, leveraging an “as-a-service” approach.
With this method, scammers use stolen information to make purchases for other cyber criminals who may not necessarily share the same skillset. Fraudsters operate businesses where they deliver discounted goods and services by marketing their deals in the digital underground, using stolen accounts and personal information to illicitly purchase discounted goods or services. These include food deliveries, travel deals, and, more recently, buy now pay later (BNPL) transactions. BNPL orders saw a 69% jump in fraud attack rates this year, according to Sift.
There’s no shortage of stolen data for these fraudsters to leverage. Very recently, a new Dark Web Marketplace by the name of “BidenCash” freely handed out 1.2 million stolen credit cards as a promotional tactic.
As a global recession continues to loom and the cost of living rises, more consumers are using BNPL to purchase everyday essentials such as groceries. This rise of BNPL has caught the attention of cybercriminals. Earlier this year, I discovered scammers employing fraud-as-a-service schemes targeting this market specifically. Here’s how it works:
- In messaging-app forums, scammers advertise their access to different types of stolen information, such as user accounts or credit card credentials, for a fee that’s usually positioned as a deal.
- Other scammers within those forums contact a scammer with access to their preferred Web site and share what they would like to purchase, usually as a screenshot of their cart.
- The scammer then uses that information to make BNPL purchases, with no intention of ever paying for the transaction. This allows the scammer to leverage stolen BNPL accounts or to use credit cards with lower credit limits to buy more expensive items.
- This leaves either the real account owner or the BNPL provider to foot the bill while the scammer walks away with no consequences.
Based on my research, fraudsters’ next move will target businesses expected to grow as the economy shrinks: loan and credit providers, job-seeking platforms, and other platforms and technologies that provide relief for consumers.
During a time of market uncertainty, this process often becomes easier for fraudsters because businesses typically lower the priority for fraud-detection efforts to help conserve resources. A recent survey of fraud-prevention professionals found more than 25% are experiencing budget constraints related to the slumping economy. This is causing almost half (45%) of these experts to re-evaluate what their businesses need to effectively fight fraud in a changing economy.
If businesses allow themselves to fall behind, fraud teams won’t keep pace with cybercriminals once the economy rebounds.
So, why are we letting fraudsters outpace business innovation? Organizations have the technology needed to combat sophisticated attacks, but it’s up to them to take the necessary steps to protect their businesses and consumers.
Devoting the resources needed to develop fraud-fighting solutions that stay a step ahead of the cybercriminals is critical. Each business must develop a strategy that reduces manual efforts, automates processes, and places a high priority on efficiency with their current tools and investments.
By strategically streamlining fraud operations and emphasizing growth, business leaders can maximize their budgets and resources — not only fortifying themselves in an uncertain economy but protecting themselves from fraudsters and their sophisticated attacks.
—Brittany Allen is a trust and safety architect at Sift.
