Online fraud prevention teams learn from the Tamiflu crisis
According to The New York Times the leading flu drug is now ineffective against 99% of infections. Last year resistance was found in only 11% of cases, with the dramatic change blamed on a spontaneous mutation of the virus and not just through overuse.
What does this have to do with online fraud detection?
Flu drugs like Tamiflu and Relenza are equivalent to first generation online fraud detection filters that rely on IP Intelligence, such as IP Velocity Checks and IP Geolocation. Based on our experience ThreatMetrix believes the effectiveness of these technologies are equivalent to Tramiflu circa 2008. They are still resistant to fraudulent attempts performed by opportunistic or unsophisticated fraudsters, but about to move through a phase of wide-spread obsolesence.
This spontaneous mutuation can be blamed on the nexus of three key factors:
- The first is the rapid transfer of knowledge from sophisticated and professional fraudsters to the unwashed underbelly of opportunistic fraudsters
- The second is the ready availability of stolen and compromised credit card accounts
- The third is the ready availability of botnets, infected PCs connected to always on broadband connections, which are used to spoof IP Addresses to bypass IP-based filters like IP Velocity checks and IP Geolocation checks.
So what are the implications?
The majority of fraud teams at leading ecommerce and online retail companies have been successful in keeping fraud costs to under 1% of total revenue by using a combination of manual review, identity verification and IP Intelligence.
ThreatMetrix has seen this new strain of botnet fraud cause a rapid spike in fraud rates from 2008 into 2009, causing many online businesses to not only loose significant amounts of money but also to fall afowl of credit card company chargeback thresholds and being turned off at the tap.
Last week I was discussing this very issue with a home entertainment electronics company that had lost access to the Discover Network due to a rapid spike in stolen credit card authorization attempts. Once fraudsters exploit a hole in your defenses they tend to be fast and effective in bleeding you dry.
This is a big concern that many fraud managers across online merchants of all sizes and across all industries secretly share – that even if they have a handle on fraud today, they feel that there is a real and present threat of being wiped out by the next big fraud outbreak.
