Natasha Vernier
Jun 18, 2021

Secret Crime Fighters, Episode 17

In today’s Not So Secret Crime Fighter we are partnering with Sift. We’ll be focussing on a range of typologies and helping you think through some controls that you might want to implement. Hopefully by the end you’ll have a thorough understanding of how you can expand the signals you use to confirm identities and detect suspicious activity without impacting your legitimate customers.

Retail Gift Card Fraud

To cybercriminals, gift cards are as good as cash due to their anonymity. So as online gift cards surged in popularity during the pandemic, fraudsters were ready to take advantage of the opportunity. In just the third quarter of 2020 alone, consumers lost nearly $80 million in gift card scams, according to the Federal Trade Commission.

While gift card fraud is certainly not new, there’s been an increase in the use of online gift cards to carry out classic scams.

One of the most classic scams is impersonation fraud, where a victim believes they are transferring funds to a trusted organisation or individual, often because they’ve been convinced they owe a debt. Historically this was most commonly via bank transfer, but there is a growing shift to the use of online gift cards instead. So, victims are being tricked into transferring their money to anonymous gift cards, which can be spent quickly by fraudsters.

On the surface there are clear controls here for banks to identify and stop this behaviour, such as transaction monitoring rules identifying accounts purchasing multiple gift cards, in round amounts often maximising the allowable gift card value. Are customers splitting purchases for the same store across multiple payments? Are they making rapid purchases across a range of businesses, without typical shopper behaviour? Are they making these purchases shortly after receiving an abnormal deposit?

For payment processors or gift card providers, simply blocking the purchase of multiple gift cards would ignore the legitimate shift in customer behaviour.  As a result, it’s important to take into account a wide range of factors when assessing these transactions. Are the same customers purchasing multiple cards for the same business, broken down into large, round amounts? You may also benefit from using a 3rd party vendor, such as Sift, who incorporate thousands of unique signals into the risk assessment for payments.

Selfie Manipulation

One of the best controls fintechs have against fraud is to require real-time photo verification (often via selfies).

Criminals targeting crypto exchanges were discovered getting past this step by pulling up 3D-rendered facial animations on their computers and then using their mobile devices to take a “selfie” or those renderings.

To combat this, financial institutions and crypto exchanges need to rely on more data points to confirm identities, such as physical address, IP address, device fingerprinting, behavioural data and data from 3rd-party service providers. Control providers such as Sift have off the shelf products incorporating several thousands of other signals to block fake or fraudulent accounts from being created.

Thanks for reading our latest Secret Crime Fighters newsletter. If you have an interesting typology that you’d like to share, we’d love to hear about it! Please email us at [email protected].

Recent Posts

In today’s Not So Secret Crime Fighter we are partnering with Sift. We’ll be focussing on a range of typologies and helping you think through some controls that you might want to implement. Hopefully by the end you’ll have a thorough understanding of how you can expand the signals you use to confirm identities and detect suspicious activity without impacting your legitimate customers.

Retail Gift Card Fraud

To cybercriminals, gift cards are as good as cash due to their anonymity. So as online gift cards surged in popularity during the pandemic, fraudsters were ready to take advantage of the opportunity. In just the third quarter of 2020 alone, consumers lost nearly $80 million in gift card scams, according to the Federal Trade Commission.

While gift card fraud is certainly not new, there’s been an increase in the use of online gift cards to carry out classic scams.

One of the most classic scams is impersonation fraud, where a victim believes they are transferring funds to a trusted organisation or individual, often because they’ve been convinced they owe a debt. Historically this was most commonly via bank transfer, but there is a growing shift to the use of online gift cards instead. So, victims are being tricked into transferring their money to anonymous gift cards, which can be spent quickly by fraudsters.

On the surface there are clear controls here for banks to identify and stop this behaviour, such as transaction monitoring rules identifying accounts purchasing multiple gift cards, in round amounts often maximising the allowable gift card value. Are customers splitting purchases for the same store across multiple payments? Are they making rapid purchases across a range of businesses, without typical shopper behaviour? Are they making these purchases shortly after receiving an abnormal deposit?

For payment processors or gift card providers, simply blocking the purchase of multiple gift cards would ignore the legitimate shift in customer behaviour.  As a result, it’s important to take into account a wide range of factors when assessing these transactions. Are the same customers purchasing multiple cards for the same business, broken down into large, round amounts? You may also benefit from using a 3rd party vendor, such as Sift, who incorporate thousands of unique signals into the risk assessment for payments.

Selfie Manipulation

One of the best controls fintechs have against fraud is to require real-time photo verification (often via selfies).

Criminals targeting crypto exchanges were discovered getting past this step by pulling up 3D-rendered facial animations on their computers and then using their mobile devices to take a “selfie” or those renderings.

To combat this, financial institutions and crypto exchanges need to rely on more data points to confirm identities, such as physical address, IP address, device fingerprinting, behavioural data and data from 3rd-party service providers. Control providers such as Sift have off the shelf products incorporating several thousands of other signals to block fake or fraudulent accounts from being created.

Thanks for reading our latest Secret Crime Fighters newsletter. If you have an interesting typology that you’d like to share, we’d love to hear about it! Please email us at [email protected].

There’s more to read!

Resources