August 14, 2018
Protecting the Global Village Economy: Cross-Border Fraud
Posted August 8, 2016
Business without Borders: Q2 CyberCrime Report Highlights Cross-Border Transaction Trends
Every time I visit a destination abroad I get a fridge magnet as a memento- its a little ritual of mine. In just over a year in my current home, I have managed to amass an impressive collection covering the likes of France, Spain, California, Nevada, Louisiana, Netherlands, Czech Republic, Croatia and Albania.
Other than raising a slight concern about my personal carbon footprint, what my fridge door visualises is a point that came out strongly in the ThreatMetrix Q2 Cybercrime Report. The world has shrunk to a global village where people move often and connect seamlessly from across borders thanks to the power of digital. Whether travelling for work or play, my life on the go is business-as-usual as I move between my mobile, laptop and tablet to carry out daily activities for my business and personal life.
The world has changed for good. We move freely across borders, transacting with organisations all over the world in the blink of an eye. But where there’s money, there’s crime. And where there are opportunities, there’s fraud.
As the world gets smaller, but more complex, firms need intelligent fraud prevention that understands the context of each transaction, wherever their customers are.
A global problem
As the ThreatMetrix Cybercrime Report for Q2 2016 shows, fraud is global. Scams originating in the US – the number one attack source – were aimed not just at US firms but also those in the UK, Bulgaria, China and Canada. Attacks coming from the UK also reached far-and-wide, with top international targets being the USA, Ireland, Austria and China.
Just as fraud is global, so are consumers’ transactional habits. Whether they’re buying goods online, logging into social media accounts, gaming, or online banking, an increasing volume of this activity is international. In fact, 16% of transactions were cross-border on our Network in the second quarter. And that figure’s only going to grow as consumers increasingly travel abroad and look to access online services or content in their country of origin.
But here’s the problem. Fraudsters are increasingly looking to exploit these trends to impersonate cross-border users, using technology to hide their true location. In fact, location-spoofing attacks for cross-border transactions were 50% higher than those for domestic transactions in Q2.
There’s a tendency among firms to react by tightening their rules on cross-border transactions, especially from certain countries – resulting in a rejection rate typically 2.5x higher than normal. You can see the problem: not only are companies holding themselves back when targeting international markets and an expanded customer base, your local users risk getting locked out when on the go. That means immediate lost revenue for the company, and potentially even higher losses if legitimate customers decide to walk permanently. As your customers increasingly travel abroad for work and leisure, the last thing you want to do is start giving them reasons to leave for a competitor.
Cross-border and friction-free
One anonymous user that we monitored travelled between the US and Germany multiple times over a several month period. The user logged-in to accounts and made payments with multiple organisations internationally. ThreatMetrix was able to recognise this person with confidence as a trusted customer, despite them changing aspects of their online behaviour. How? By building up a digital identity of the user and then applying analytics on each transaction, making use of all the known info related to that person – device history, locations, behaviours and identity data.
It’s notable that the user was declined payment by a retailer in May, despite using the same trusted device. This is because that retailer based the decision on static legacy fraud rules that didn’t take into account the full digital identity of the user.
Context is King
Consumer digital personas multiply as they move between different devices, sites, platforms and locations. In this global village organisations need as much context as possible on how an individual transacts online to make the all-important decision on whether to trust a transaction or not.
The key is to build fraud prevention systems around digital identities stitched together from the online footprints each user makes as they cross the web – combining device, location, threat detection and identity-related data. Then you need to apply advanced behavioural analytics which can detect unusual or high-risk changes in user behaviour without adding extra friction to the online journey.
As digital personas get more complex and the fraudsters grow in confidence we have to leverage the latest technological innovations and advanced analytics to minimise fraud.