The Green Sheet Online Edition
April 13, 2015 • Issue 15:04:01
Countering affiliate, aggregation fraud
In the world of electronic payments, fraudsters constantly lurk on the fringes of every transaction. They work silently and diligently to obtain consumer card data and outsmart the transaction process in order to siphon millions of dollars every year from unsuspecting merchants and the payments industry.
Adoption of stronger security measures, such as Europay, MasterCard, Visa (EMV) chip cards, is helping the industry combat the rising incidences of fraud. However, numerous data security experts have observed that measures like EMV only divert perpetrators from one transaction sphere to other, more vulnerable arenas.
One such area where fraud continues to climb is e-commerce. Despite technologies like tokenization, which can make it virtually impossible to scrape card data from online transactions, other types of online fraud are gaining momentum. "Most criminals will take the path of least resistance," said Monica Eaton-Cardone, Chief Operating Officer and co-founder of Chargebacks911, "There is an argument to be made that criminal minds are forcing us to develop a tight infrastructure."
Rise in affiliate fraud
Eaton-Cardone said affiliate fraud is one of the fastest growing forms of online fraud today. And it can cost a merchant many thousands of dollars before it is detected. The process involves third-party partners, or affiliates, who agree to promote and resell merchandise on behalf of an e-commerce enterprise. Affiliate marketing has gained popularity over the past decade as online buying has increasingly become preferred among consumers. Affiliate relationships enable a single merchant to cast a wide net across the Internet to gain more customers.
Referencing one high-profile example of affiliate fraud, Eaton-Cardone recounted how crooks collected more than $1 million in commissions from fake orders through Nordstrom.com. The big retailer was also out $23 million in merchandise due to claims the orders were never received. The fraudsters were shut down, but Nordstrom sustained unrecoverable losses in merchandise, bogus commissions, shipping costs and chargeback fees.
"Everyone in the value chain is affected," Eaton-Cardone said. "The merchant, the processor, and even the consumer ends up with less quick checkout luxuries, more onerous terms and conditions, and higher prices."
Rise in aggregation fraud
Another online fraud culprit gaining steam is aggregation fraud, which is a form of fraud in which a legitimate merchant account is used as a front for an illegal operation. David Abouchar, Senior Director at ControlScan Inc., explained how aggregation fraud is governed. "When aggregation fraud is detected, the card brands will hold the acquirers and banks accountable," Abouchar said. "They will fine whoever is contractually downstream in the liability chain."
In both types of fraud, the true key to detection is monitoring transactions and chargeback activity. However, avoiding a potential threat is always the best action to take. Eaton-Cardone encourages e-commerce merchants who are considering affiliate marketing to do the homework to validate affiliate partners. She also urges merchants to, "establish acceptable standards for metrics such as chargeback rates, customer service inquiries, web traffic, conversions, etc." She believes this enables a merchant to see a red flag and address it early by digging a little deeper.
Being proactive against aggregation fraud isn't quite as straight forward. Abouchar says merchants will sometimes function as legitimate businesses for some time before they shift into using their approved merchant accounts to handle undisclosed illegal activities. Nor, is the tracking of these merchants as simple as looking up a company's website. Often an iFrame order form is covertly embedded into a site and takes buyers outside the original portal to order the illegal items; effectively leaving no trace of cyber linkage.
"Detection is about knowing a potential customer intimately and doing the initial due diligence," stated Abouchar, "When on boarding, the whole ecosystem of the merchant entity must be looked at, not just the obvious website."
Once a merchant contract is functional, Abouchar also urges ISOs to be vigilant in monitoring chargebacks and watching for indicators, as well as transaction activity looking for anomalies which would indicate the transaction data is inconsistent with the merchant.
"You can't apply just one technique, and unfortunately, there's no silver bullet when it comes to monitoring online fraud," Abouchar said.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.