There’s no doubt that loyalty schemes are a winning way to keep your customers loyal and grateful for your service and products. However, have you ever wondered who’s being lured into these e-commerce sales tricks even more so than your devoted customers? We suggest it’s fraudsters, and according to our latest research the schemes they employ to complete fraud are at the very least impressive. So how does a fraudster get to take advantage of an e-commerce/retail vendor’s offerings?
One way cybercriminals exploit loyalty programs is by acquiring as many bonus points as they can by creating multiple fake accounts. They then offer the additional discounts online, granting the buyer some bonus points, but on the condition that they make the purchase themselves (with the buyer’s money) and receive the additional benefits that come with the purchase (e.g. gift scratch cards). This way the criminals can turn their accumulated points into cashback.
A fraudster can accumulate enough bonus points using this scheme to cover the full cost of a product. This allows the criminal to make a purchase, either for himself or to resell afterwards.
What do the numbers show?
The Kaspersky Fraud Prevention team recently discovered over 3,000 fake accounts in the loyalty program of just one major retailer. The accounts were used to acquire welcome bonuses for newly registered users, and were then sold on the dark web at a reduced fee.
Statistics show that a physical bank robbery may result in average gains of around $5,000-$7,000, while selling 100-150 gift cards at $50 each brings the same rewards but a much reduced risk of being caught.
In the past year, almost 7% of digital service users were subject to various kinds of identity fraud, while account takeover losses tripled and reached more than $5 billion globally.
Why is fighting fraud necessary?
At this point it is quite clear that monitoring user activity and detecting correlations between devices and customers is essential for preventing fraudulent activity and making sure bonus points and loyalty programs are safe. But just how important is it for fraud prevention to take action? Let’s analyze two examples:
In this instance the client is actually combating fraud, so the fraudsters delete all their cookies and use new devices for new sessions to ensure they are under the radar. View the illustration below to see what happens when they don’t remove cookies:
Now let’s look at how global reputation operates when it comes to detecting fraudsters’ circles on an example of a major e-commerce vendor:
The fraud network above was formed in 2018 and was subject to massive expansion that culminated in thousands of synthetic accounts:
Moving to the digital world means elevating cybersecurity for e-commerce and retail enterprises. It is essential to provide security for consumers during the entire session, including registration, login and transactions, but not just limited to this.
Creation of synthetic accounts to obtain promotional codes for a loyalty program
At the end of 2017, a group of almost 3,000 synthetic accounts was discovered among the accounts of a loyalty program. They were used to receive ‘welcome’ bonuses for registering new accounts, with a view to reselling them on related internet sites. A distinctive feature of this group was the use of a single email box to manage the entire group. This was made possible due to a feature of the Gmail service that does not take into account the dot symbol in an alias, allowing all accounts in the incident to become modified versions of the main primary address with the addition of a dot. After Kaspersky Fraud Prevention was connected to another major marketplace bonus program it was found that the same scammer had begun creating synthetic accounts to receive welcome bonuses for this service as well, using the same devices and the same trick with the email addresses on Gmail. The attacker managed to create a total of 542 synthetic accounts in the bonus program.
Below is an illustration of the compromised account links for two different loyalty programs via the fraudster’s devices:
Timing is a major factor for retailers when interacting with their customers via digital channels. It is no surprise that buyers expect the service to be instant: fast payment for a fast order that will be delivered fast. This leaves the merchant no room for error. Fraud rates are soaring and it is impossible for any fraud specialist to keep up with all the threats.
Criminals are exploiting these vulnerabilities: they are aware that no human analyst is capable of tracking ever emerging attacks at the pace required to keep customers satisfied and secure.
Making sure that an organization does not suffer financial and reputational consequences requires strong yet seamless authentication and analysis of both identities and session data. Striking a balance between protecting customers from new account fraud and account takeover and ensuring the user experience is seamless and smooth remains a difficult task.
Data gathered by Kaspersky Fraud Prevention presents the big picture when it comes to a correlation between suspicious user activity and actual fraud taking place within the network of a retail or e-commerce provider. Taking into account the possible negative outcomes and damage that they might bring, the decision to protect your business with the help of a proven cybersecurity provider should be seriously considered.