Fraud - what is it? A new type of fraud in the field of information technology. Fraud - what is it? A good example of how not to cheat What is fraud

Why are payments being declined? How do online stores protect themselves from fraudsters? How to determine if you are paid with a real card or stolen? What provides e-commerce fraud protection? These questions are answered by the PayOnline electronic payment system.

What is fraud

The term “fraud” comes from the English word “fraud”, which is translated into Russian as “fraud”. In a broad sense, fraud is unauthorized actions and unauthorized use of IT resources. There are many types of fraud, and users, merchants and banks can all be deceived. In most cases, the data of payment instruments - bank cards, electronic wallets, mobile funds - becomes the object of fraud, although any leak of personal data leading to the enrichment of an attacker can be called a fraud.

According to the portal www.banki.ru, the most popular type of fraud involving bank cards- this is the so-called "friendly fraud" ("friendly fraud"). How does the "FF" mechanism work? The cardholder makes a purchase on the Internet, and then requires the bank to carry out a charge-back - a refund to the card due to the failure to provide the service. And, if the store cannot prove the unreasonableness of the payer's claims, the bank must reimburse the required amount to the cardholder. And the "cost" falls, of course, on the online store.

Online stores can suffer from hackers who illegally enter the site system, their own employees who unauthorizedly use the company's databases, unscrupulous customers who indicate incorrect payment information for the purpose of non-payment, or initiate a refund after the goods are shipped or the service is provided.

How a Payer Can Become a Victim of Fraud

Ordinary shoppers, on the other hand, face a multitude of threats that await them both online and offline. It is enough to lose vigilance a little, and this can play a cruel joke. The more storage tools Money and payment for purchases is invented, the more there are ways to steal them. If a couple of decades ago the most terrible loss was a wallet with cash, now the situation is complicated by the fact that almost each of us has several carriers of funds. And cybercriminals are ready to do anything to get their data.

For example, taking possession of mobile phone victims, the fraudster can gain access to the account of the mobile operator, banking application, from which it is convenient to transfer money online, card details, which can be stored in the form of a photo or sent in a message to a friend, electronic cards(NFC, or Near field communication tags turn the smartphone itself into a bank card).

By binding the SIM card to bank account the user, on the one hand, protects himself. Information on payments instantly comes in the form of SMS notifications, and to confirm the payment, you need to go through the 3DS procedure and enter the code received in the SMS (read more about 3DS). The smartphone becomes a kind of additional customer identification. But once you lose it, the picture changes.

There is no need to talk about stealing the card itself. Today, the card number and CVV / CVC code are enough to transfer money from card to card. Methods such as phishing and skimming are used to obtain card data. Skimming - installing a counterfeit reader and keyboard on ATMs, which allow you to receive data from the magnetic stripe and a PIN code, and then make a copy of the card and withdraw funds from it. Phishing is more diverse in its approaches. In fact, cybercriminals literally "fish out" the user's bank card details using fake websites, fake payment forms, calls from "supposedly" bank employees, SMS messages and hacked friends' accounts on social networks. There are a lot of methods, and the only and simplest protection against them is not to transfer the data of your payment instruments to anyone under any circumstances.

On the Internet, things are no better - for many Russians online shopping has become as commonplace as going to the store for bread. And we will tell you more about how modern scammers operate on the Runet and how to deal with it.

Card fraud on the network

The online store, the bank, and the cardholder himself can suffer from card fraud. In the event of a leak of card data, attackers try to remove maximum amount money and leave no trace, so that online stores deal with banks, who still has to reimburse the lost amount. It is impossible to keep track of the cardholders - the online store cannot know who is on the other side of the screen: an intruder or a respectable client. There is always risk, but to bring its value closer to zero, there are many tools for checking payments and verifying payers. About one of them, the system for monitoring fraudulent transactions, or the "anti-fraud system", there will be a speech Further.

What is antifraud and how does it work

The general scheme of operation of almost any fraud monitoring mechanism is as follows: at the time of making a payment using a bank card, several indicators are collected (each anti-fraud system is different) - starting from the IP address of the computer and ending with the statistics of payments on this card. The number of filters can exceed a hundred (for example, the PayOnline electronic payment system has more than 120 of them). The system has a set of rules, that is, the limits of security filters. Each of the filters checks the user - his personal and card data. The purpose of the system is to make sure that the user is the real owner of the card making a purchase on the site. In case of detecting suspicious activity, that is, exceeding any parameter value, the filter automatically blocks the possibility of making a payment with this card. Let's consider the process of the anti-fraud system step by step.

The user will pay on the site. Payment information goes to the fraud monitoring system. At this moment, the anti-fraud has two information packages: information about this single payment and the profile of the average payer of this online store. The algorithms for the fraud monitoring system allow us to assess a number of factors, among which the main ones are:

• The country from which the payment is made.
• Country of the bank that issued the card.
• Payment amount.
• The number of payments from the card.
• Payment history of a bank card.
• The profile of the average store payer.

The transaction is initially analyzed based on these and other factors. Based on the analysis, it is assigned a "label" that characterizes the way the transaction is processed. There are three types of tags. Green indicates transactions with a low probability of a fraudulent transaction. Transactions that have a higher than average chance of a fraudulent transaction and require additional attention to complete the payment are highlighted in yellow. Transactions that are most likely to be fraudulent are marked "red" and will require documentary confirmation of the cardholder's authenticity.

The "fate" of each mark is individual. In a graphical form, we have presented the life cycle of all three types of transactions in Figure 1. Further on several simple examples we will consider typical transactions of all "colors" and tell you what checks the fraud monitoring system determines for transactions, depending on the level of risk of fraud.

Picture 1. " Life cycle»Transactions with different levels the risk of a fraudulent transaction

WITH Green transactions everything is as simple as possible: for example, the payer makes a payment from Russia, with a card issued Russian bank... The payment amount does not exceed the store's average check.

The monitoring system assigns a "green" label to the transaction. Next, the transaction is sent for authorization using 3-D Secure. And if the card is not subscribed to the one-time password service or the issuing bank does not yet support this service, a request to authorize this transaction will be sent to the processing center of the paying bank in the usual way - directly.

The average level of fraud risk determines a different way of checking the payment for legitimacy. Yellow label assigned to transactions with average and above average levels of risk of fraudulent transactions. For example, in a Russian online store, a purchase is paid for with a bank card issued in Russia, but the size of the average check is noticeably higher than the average for the hospital.

The system marks this transaction with a “yellow” mark, and additional actions of the payer may be required to authorize it. If the card is subscribed to 3-D Secure, then the transaction (as in the case of the “green” label) will be authorized using a one-time password. However, if the payer cannot use this payment authorization method, then his bank card will be automatically sent for online validation or manual verification.

"Red" label fraud monitoring system automatically assigns transactions with high level the risk of committing fraudulent transactions. For example, payment in a Russian online store is carried out with a card issued in the USA, and the payer is in Spain.

If payments with this bank card have not previously been made through PayOnline, the fraud monitoring system will mark the transaction with a “red mark” and switch it from automatic authorization mode to manual. Such a payment will be sent for manual moderation to the specialists of the Risk Department. To authenticate the owner of a bank card, documentary confirmation is required - a scanned image of a bank card and an identity document of the owner. After submitting the correct scans of documents, the operation is transferred from “red” to “green” and sent for authorization to the bank's processing center. Questionable transactions that have not been manually moderated will be rejected to avoid the risk of fraudulent transactions.

Thus, the analysis of transactions is automatically carried out by the fraud-monitoring system at once at three levels: a single bank card; e-commerce business profile; the overall flow of transactions processed by the IPSP. Together with constantly improving algorithms for automatic collection, processing and analysis of data on completed payments, multi-level transaction analysis allows the fraud monitoring system to change in a timely manner, increasing the level of security for making payments on customer sites and reducing the risks of all types of fraud inherent in online commerce.

Currently, the risk of fraudulent transactions made through PayOnline is only 0.02%.

What worries the fraud monitoring system?

What can make the antifraud system suspicious? Here are some parameters that are most likely to compel the system to monitor fraudulent transactions.

• Payment for one card is made from different devices identified by different IP addresses.
• The opposite situation - operations are performed from the same device (IP address) using a large number of cards.
• Several unsuccessful payment attempts are made with one card (probably, the user is not able to go through the confirmation procedure).
• One client signs up under several accounts using different email addresses and pays with one card
• Payer's name shown on payment form, differs from the name of the cardholder.
• Different countries registration of the online store, the card issuing bank and the buyer.

This list of "disputable situations" can give you a general idea of ​​the logic of the system. Risk specialists and business analysts are trying to take into account all the nuances, adding new filters to protect the business of Internet companies from intruders. It should be noted that the logic of the fraud monitoring system and its parameters change depending on the payment service provider.

Manual configuration: why and who needs it

Fraud monitoring system settings differ depending on the types of business. There is a whole list of parameters to consider:

• the average statistical profile of the payer,
• average check size,
• the level of risks in the segment,
• features of the goods and services sold (they are digital or physical).

Sometimes a business has a very narrow specifics, and without individual customization, some payments simply will not be able to pass the standard anti-fraud settings, although they will not be fraudulent.

For example, restrictions on the geography of payments are critical for online tourism: a client may need to purchase a plane ticket while on a business trip abroad, and the system will block such a payment, since it is not made from the country where the payer's card was issued.

In this case, fine-tuning of filters is applied: you can set the conditions according to which the payment will be passed, even if the condition of the payment geography is not met. Such changes are made to the system only after analyzing possible risks, under the supervision of specialists and after agreeing on the changes with a representative of the online store.

Personal intervention in the operation of the system can lead to large losses - if the fraudulent operations are approved, the online store will be obliged to return the money to the owner's card, even if the goods have already been shipped to the imaginary buyer. Moreover, the store may be fined depending on the amount of fraud, and if such situations recur, special sanctions from international payment systems (MPS) may be imposed.

Pros and cons of the anti-fraud system

The advantages of the system for monitoring fraudulent transactions are obvious - automatic rejection of dubious transactions, protection of the online store from subsequent proceedings with banks, payment systems and real cardholders. And, of course, minimizing reputation and financial risks... The store's reputation will not suffer, and users will trust such a resource, which means that their loyalty will grow.

But, like any service, the fraud monitoring system has its own "production costs". Rejection of payments can lead to loss of customers, and therefore, profit. Without proper configuration, filters may not pass transactions that are significant for the online store, which will definitely not be liked by customers.

When choosing a payment service provider, you should pay attention to the declared conversion into successful payments: services that guarantee “100% successful payments” are likely to either deliberately overestimate their functionality or expose customers to the risk of becoming a victim of cybercriminals. For example, the conversion rate into successful payments after “manual” setup (or for standard online stores with a standard customer audience) of the PayOnline electronic payment system varies within 93-96% - and this is a very good indicator for the market.

Another unpleasant one, but important point, which you will have to face when developing a fraud monitoring system on the side of an online store, will be the protection of user data, both personal and payment. You will need to be certified for compliance with the PCI DSS standard, as well as take into account the restrictions on data storage and processing, regulated by law... This applies rather to those who nevertheless undertake the development of an anti-fraud on their own, so we will not go into details in this article.

Who provides anti-fraud services and why only a few should invest in their own developments

Monitoring fraudulent transactions is a necessity in today's e-commerce realities. For a bank, the cost of maintaining and developing an anti-fraud system is more than an acceptable amount, which will be repaid many times over in the course of use.

For a payment service provider (such as PayOnline), fraud monitoring is one of the key services it provides to client companies.

For small and medium-sized businesses, the development of their own antifraud is an overwhelming and unrewarding project. The requirements for such mechanisms are growing every year, they are learning to process the information received more finely, taking into account statistics and behavioral factors. For the system to work efficiently and meet modern requirements, a staff of qualified specialists and significant technical capacities are required. In the vast majority of cases, e-commerce players cannot afford such fixed costs - and monitoring of fraudulent transactions is delegated to payment service providers that specialize in analyzing and processing payment transactions.

He talked about the types of mobile fraud and methods of combating them.

Everyone who works with in-app advertising is faced with the problem of fraud. If you think that you are not colliding, you are colliding, you simply do not know about it. The article will help you learn how to identify and distinguish 4 types of fraud that are currently relevant.

By 2020, $ 250 billion will be spent on advertising in mobile apps.

The volume of fraud is only growing and is already approaching the 16-17 billion dollars that advertisers lose every year. To understand how to avoid fraud with such a rapid growth, we will analyze the 4 most relevant types.

Installs Hijacking

At Installs Hijacking The malware that resides on the device of the user installing the application detects the download of the application and tries to intercept the installation, which rightfully belongs to another source. The way to combat this type of fraud is to track the distribution of time from click to install.

Presentation Combating mobile fraud - new approaches and metrics. Alexander Grach, AppsFlyer

At the beginning of the chart, extremes are observed, where a huge number of installations occur in a short period of time, which does not correspond to human behavior. With this tracking, we measure and filter this kind of behavior.

Click flood

Click Flood - malware "intercepts" organic installs by flooding the tracking system with a large number of clicks. Apps with good organic traffic are more prone to this type of scam.

To understand the method of dealing with Click Flood, let's pay attention to the following set of KPIs.

1. CTIT - distribution of time from click to installation.
2. Conversion rate.
3. Involvement.
4. Multichannel index.

Let's take a look at several traffic sources and how they behave based on the KPIs in the table below. There is a source "A" and a source "B". We evaluate them by the 4th KPI.

Presentation Combating mobile fraud - new approaches and metrics. Alexander Grach, AppsFlyer

CTIT... The normal distribution of a click to an installation takes about 40 seconds, about 70% of installations are made in the first hour and 95% in the first 24 hours. Accordingly, we are monitoring this indicator.

Conversion rate... Obviously, with a large number of clicks, the conversion is small. Abnormally low values ​​or those that are lower than expected, we check for fraud.

Involvement... When installed from an organic source, engagement remains at the organic level. This results in a user who behaves well and classically: pays, reaches certain levels, and so on. The level is determined individually: your own understanding of loyal users is adjusted.

Multichannel index- the ratio of the number of auxiliary clicks of the first source to the number of last clicks. Tracking platforms track last click attribution. This means that if the installation of the application had several clicks on the advertisement, then the last one is considered to convert - it is he who is assigned the installment credit. With a Click Flood, a fraudster sends out a huge number of clicks that clog the conversion funnel and sometimes end up in the latter, so keeping track of the multi-channel attribution funnel is extremely important.

Let's take a look at an example AppsFlyer's multichannel attribution report:

Presentation Combating mobile fraud - new approaches and metrics. Alexander Grach, AppsFlyer

To describe the technique, an event is taken - installation. We show the 3 previous clicks, and how they relate to each other. For each installation on this traffic source, the multi-channel attribution funnel is clogged by the same source or a specific publisher. This raises questions and prompts certain thoughts. In a normal situation, there will be no clear pattern for the distribution of auxiliary installations throughout the funnel. If there are suspicions about Click Flood, then the difference between these installations is either the same, or it is very close to the installation time - just a few seconds. Accordingly, it was a burst of clicks, some of which hit the target, while all are close to each other.

Click hijacking

Another type of fraud to combat which the multichannel index and multichannel attribution are used is Click Hijacking. The mechanics are similar to Install Hijacking, but here the malicious application detects a real click and sends a report about a fake click from a competing network, thus intercepting the click and the installation itself.

Presentation Combating mobile fraud - new approaches and metrics. Alexander Grach, AppsFlyer

In the graph above, you can see how the time is distributed from the penultimate to the last click. Appsflyer's model has the last click that converts and the first contributor is the previous click in the funnel. Accordingly, a pattern is visible in multichannel attribution: the penultimate click is unnaturally close to the last. You can immediately cut off such a jump and work with this data with suspicion of Click Hijacking.

Installs Fraud

The last type of fraud on the list is related to installations - Installs Fraud. Modeling all sorts of distributions is cool, but you always need to have multiple layers of protection. To test any hypotheses, you need to have information from different sources. AppsFlyer has decided to use its own data to combat this type of fraud.

The project lasted for about six months. All devices were taken from the database. At the moment, the Appsflyer database unites about 98% of all devices in circulation. The goal of the project was to understand what account each such ID has in the system, in terms of anti-fraud solutions. Scored based on 1.4 trillion mobile interactions

Using algorithms for processing big data, everyone mobile device a certain rating was assigned. The rating scale is similar to the rating valuable papers: rogue devices are rated "C", suspicious "B", real - "A", "AA" or "AAA", new - "N", LAT (Limit Ad Tracking) - "X".

After scoring, the question remained what to do with the new devices.

Presentation Combating mobile fraud - new approaches and metrics. Alexander Grach, AppsFlyer

With the help of the aggregated data, it became clear that some traffic sources receive an abnormally large number of new devices, which turned out to be not the latest Samsung or iPhone models, but old devices from 2012-2013 with outdated software versions. This indicates emulation of devices with the subsequent reset of the advertising ID. V in this case the fictitious device performs the necessary actions for the advertising offer, after which it resets the idfa / gaid and starts a new set of installations. Effective method catching emulated devices is to use large databases like AppsFlyer's. Analyzing 98% of devices in circulation, each new device is a kind of flag that makes you think that the grid cannot provide 100% of new users. There is a standard cycle of new devices in nature - about 5-10%, but absolutely definitely not 100% or even 50%.

If you filter by campaigns, you can see that some companies offer more new devices, while others offer less.

Presentation Combating mobile fraud - new approaches and metrics. Alexander Grach, AppsFlyer

Having put a breakdown by sub-publishers, you can see that they are the same. This means that there is one or more suspicious sub-publishers that mix fake traffic into different campaigns, into different traffic sources. Thus, by tracking the activity, you can catch the fraudster.

Frode is a disease, but there is a cure for it

Fraud is a disease of mobile app advertising, but many vaccines have already been derived from it. Using the solutions described in the article, you will be able to detect the 4 most popular types of mobile fraud. Don't skimp on combating fraud, learn to see it. Always look for solutions and contact qualified companies that will help you with this.

If you find a typo, select it and press Ctrl + Enter! To contact us, you can use.

Dmitry Kostrov
Information Security Directorate of MTS OJSC

Defining fraud

There are many definitions of fraud in the literature.

Fraud can be called deliberate actions or omissions of individuals and / or legal entities in order to obtain benefits at the expense of the company and / or cause material and / or non-material damage to it.

Any organization can be a victim of a scam. Lack of control over the level of fraud can lead a company to a standstill.

In this article, we will focus on the principles and approaches of organizing protection against fraud.

Defense building principles

There are five basic principles for building an effective anti-fraud system:

Fraud in a communication network is a type of fraud associated with the intentional activity of persons in communication networks (including fraudulent activity), the illegal receipt of services and the use of the communication operator's resources without proper payment, as well as illegal access to any confidential information of the operator (including including for the purpose of generating income), as well as other actions aimed at causing losses and other harm to the operator.

Principle 1. A fraud management program should be developed in the organization's management system, including a special policy (document) that reflects the requirements of the board of directors and senior top managers in terms of reducing the level of fraud.

Principle 2. In each company, the risk of fraud should be periodically checked (assessed) to identify special potential patterns and events in order to reduce it to an acceptable level.

Principle 3. Techniques to prevent (reduce) the risk of fraud should be implemented where possible.

Principle 4: Fraud risk detection techniques should be implemented to find new fraudulent schemes (techniques) when preventive measures do not pay off or when a fraud risk is identified that cannot be mitigated.

Principle 5: The process for preparing periodic reports should be included in the organization's business process map to assess the level of existing fraud. Reporting helps coordinate investigation methods and corrective actions to mitigate fraud risk appropriately at the right time.

Risk mitigation policy

Most companies have anti-fraud policies and / or procedures in place. However, not everyone has concise and concise guides that can actually help mitigate the risk of fraud. Of course, these documents may not be similar to each other - it all depends on the risk analysis carried out, on the risk appetite confirmed at the highest level.

The fraud risk mitigation policy should include the following elements:

• roles and responsibilities;
• obligations;
• awareness of the risk of fraud;
• a described process for approving procedures;
• fraud detection conflict;
• periodic analysis of fraud risk;
• reporting procedures and witness protection;
• investigation process;
• corrective actions;
• quality assurance;
• continuous monitoring.

In short, fraud can be defined as any deliberate action carried out with the aim of deceiving (deceiving), as a result of which the victim loses something and / or the attacker gains (Managing the Business Risk of Fraud: A Practical Guide). Violations of the requirements of anti-corruption laws, including the FCPA, can also be called fraud.

To protect itself and to protect its shareholders from the risk of fraud, company management must clearly understand the risk of fraud and other specific risks that directly or indirectly affect the organization. A well-structured risk analysis, specifically tailored to the size of the organization, the industry and the strategic goals of the company, should be reviewed at a specific frequency agreed with senior management. Fraud risk analysis can be carried out both within the framework of a general risk analysis of the entire company, or separately, but at the same time it must necessarily include: risk identification, risk probability, risk assessment (qualitative or quantitative) and risk response. The risk identification process can also include collecting information from external sources:

• special guides: Cadbury, King Report7 and The Committee of Sponsoring Organizations of the Treadway Commission (COSO);
• professional organizations: The Institute of Internal Auditors (IIA), the American Institute of Certified Public Accountants (AICPA), the Association of Certified Fraud Examiners (ACFE), the Canadian Institute of Chartered Accountants (CICA), The CICA Alliance for Excellence in Investigative and Forensic Accounting, The Association of Certified Chartered Accountants (ACCA), The International Federation of Accountants (IFAC).

Internal sources for risk identification should include reviews of identified fraud cases, eyewitness accounts and analytical calculations.

Fraud detection and prevention

The processes for detecting and preventing fraud are related, but have significant differences. Prevention is associated with policies, procedures and other work to prevent fraud, but in the case of detection, the focus shifts towards works and technologies that detect fraudulent actions in time, while fraud has already occurred or is taking place. It should be noted that while fraud prevention technologies cannot provide 100% security, they are the first line of defense against fraud. The combination of preventive and detective control, enhanced by an effective anti-fraud program, is now the main anti-fraud method.

Investigation and corrective action

Anti-fraud laws are being developed all over the world, just remember: the policy regarding the Foreign Corrupt Practices Act of 1977 (FCPA), (1997), the OECD Convention on the fight against bribery (Organization for Economic Co-operation and Development Anti-Bribery Convention, Sarbanes-Oxley (SOX) Act 2002, the US Federal Sentencing Guidelines 2005.

Currently, there are no anti-fraud systems that can protect an organization with 100% certainty. In this case, the organization's management must initiate the creation of a system for combating fraud, defining its own role in the process of protecting against fraud.

The anti-fraud process, as part of the entire enterprise management process, should begin with the development of an anti-fraud policy (as a document) that clearly defines the role of management.

Companies often divide all types of fraud into four main groups:

• distortion financial statements;
• misuse / appropriation of company property;
• abuse of office;
• fraud in communication networks.

When analyzing the best practices (best practice), the following fraud management methods can be distinguished:

1. monitoring the level of fraud;
2. prevention, detection and prevention of fraud;
3. investigation of cases of fraud;
4. elimination of the shortcomings that led to the occurrence of fraud.

In order to prevent and detect fraud cases (within the limits stipulated by law), the organization can carry out the following activities, but not be limited to them:

• preventive measures to prevent fraud;
• employee training (anti-fraud awareness program);
• measures for checking contractors and candidates before hiring;
• physical and logical access control;
• identification and control over conflicts of interest;
• procedures for approval and authorization of actions;
• receiving anonymous messages about fraud and suspicions of fraud;
• internal audit;
• registration of detected cases of fraud.

It should be especially noted that all identified cases of fraud should be investigated, and the results of investigations should be documented and contain a list of security measures that were bypassed by the fraudster, as well as the shortcomings of technological and business processes.

Fradster is a natural or legal person who has committed fraud. Combating fraud - a set of measures to prevent, identify, assess, investigate and minimize the consequences of fraud cases.

Fradster is a natural or legal person who has committed fraud. Combating fraud - a set of measures to prevent, identify, assess, investigate and minimize the consequences of fraud cases.

After identifying a case of fraud, it is necessary to determine a list of measures to eliminate the shortcomings that led to the occurrence of fraud, the contractor and the deadline. To develop measures to counter fraud of a new type, a special group should be formed with the involvement of the necessary specialists from other departments of the company.

Note that one of the mandatory measures to counter fraud is its ranking. The purpose of ranking fraud cases is to prioritize types of fraud in order to develop adequate anti-fraud measures.

Internal fraud- Fraud committed by employees due to their position and access to telecommunications equipment. The victims of such a fraud can be both the company itself, which employs unscrupulous employees, and customers.

In English-speaking countries, the word "fraud" means any kind of fraud, in Russia the term fraud refers to a narrower category of crimes - fraud in the field of information technology. Hundreds and thousands of rivers of money flow in this area - payment for negotiations, Internet traffic, online purchases and orders, mobile banking. And many have a desire to send a small trickle into their personal pockets through fraud.

In general, IT fraud can be divided into four broad categories:

• Custom, also called subscriber fraud. It includes fraud on the part of users - illegal connection and non-payment for services of telecom operators, calls for someone else's account, counterfeiting of bank cards and operations without the presence of a card.
• Operator fraud - all sorts of dubious actions already campaigns in relation to customers. These include the automatic connection of paid services, the expensive cost of unsubscribing from them, cards with the ability to reduce the balance to a minus, etc.
• Inter-operator fraud - attempts by operators to deceive each other. Its varieties include all kinds of traffic redirections, presentation of expensive types of communication as cheap, etc.

Internal fraud classification and methods

In turn, internal fraud can be divided into two broad categories - theft and abuse. In the first case, there is a direct theft of money or other material values, in the second, the extraction of material or intangible benefits is not associated with direct theft.

As already mentioned, a lot of money is constantly moving in the IT sphere - from a client to a bank or an operator, between clients, between firms. And some employees find an opportunity to profit from the employer or clients.

For example, there may be cases of fictitious services, overpriced services, or contracts with affiliated contractors. Fraudulent activities are also possible with the company's clients. Especially it concerns mobile operators where certain amounts are debited regularly, often several times a day, and if the employee adds a small payment to his own account, the client is unlikely to notice. And since there are tens and hundreds of thousands of such customers, the amount in the end is impressive.

In terms of abuse, information technology also presents a wide field of action. The scale here is the widest, from connecting friends to profitable intracorporate tariffs and up to the registration of millions of bills for fictitious, most often informational, i.e. intangible services.

Types of economic crime: main areas of risk, what to look for

Overestimation of results is also a big problem. A lot of fictitious customers can bring an employee or department impressive real bonuses.

Abuse of hardware access is also worth noting. Unlike the traditional industry, where financial scams are the domain of management and accounting, in the information industry, technicians are also capable of organizing various fraudulent schemes by properly configuring servers and other equipment. For example, exclude certain types of traffic from accounting, register expensive calls as cheap, and then connect individual numbers to them. It is very difficult to identify such crimes, it is even more difficult to prove, because the wrong setting can always be explained by an error.

Finally, IT companies are susceptible to all those abuses that existed long before the heyday of the information era - hiring fictitious employees (usually friends and relatives of the bosses), issuing inflated premiums, writing off still working equipment for the purpose of further sale, using official vehicles and other property. for private purposes.

Who suffers from internal fraud

Equipment and software companies, paper and electronic financial documents, higher- and lower-level employees.

Servers, routers and other equipment are very vulnerable due to the dependence of their work on the multitude of settings performed by a narrow circle of specialists, in which everyone else, as a rule, does not understand at all. This gives engineers and programmers ample opportunities to redirect traffic, distort reports about it, and infect malware.

Persons with access to financial programs, can both directly steal small, and therefore inconspicuous amounts from the accounts of many clients, and issue fake invoices, payments, inquiries for the return of allegedly mistakenly transferred funds, etc.

Options for deceiving employees can be overestimation of indicators to obtain high bonuses, fake requests for money transfer, blocking and unblocking accounts, extracting higher-level usernames and passwords from colleagues.

Source of threat

In accordance with the objects of influence, there are three main sources of internal fraud in the IT sphere.

People with a criminal record are easier to commit fraudulent activities. Therefore, any company should check a candidate before hiring, monitor his activities in the process of work, maintain a high corporate culture and implement efficient schemes motivation, because decent and stable official earnings are more attractive than temporary, moreover, fraudulent schemes that threaten criminal prosecution.

It must be emphasized that Special attention should be given to working with people. Special risk categories include people with a criminal record, system administrators and other employees with a high level of access, persons carrying out funds transfers. A separate category is made up of quitting employees, especially in the case of forced layoffs or layoffs for disruptions in work. Driven by resentment or as compensation, they can try to steal databases, make incorrect settings in the operation of equipment, and infect computers with malware.

Internal Fraud Risk Analysis

All companies are vulnerable to internal fraud in which you can profit at least something, these are banks, government bodies, Russian Railways, oil and gas industry and others. Another problem is the complexity of the industry. Employees, especially newbies, often take a long time to master. complex programs and operations are performed in violation of strict regulations. Any violation is a fraud loophole.

A clear, transparent structure with good internal controls leaves very few opportunities for scammers to scam.

In addition to the internal, regular external audit is also required, both of technology and of financial transactions, to reveal incorrect configuration of servers and computers, dubious money transfers. The very possibility of disclosing fraudulent schemes will force many to abandon their plans.

It is necessary to analyze the performance indicators of both an individual employee and entire departments. Sometimes their sharp increase is not a consequence of improved performance, but fraudulent overestimation in order to receive large bonuses.

Finally, the overall corporate culture is of paramount importance. In its absence, low labor discipline, everything often begins with small abuses, to which they turn a blind eye. Impunity pushes a person to seek (and find) larger schemes, in which the company and customers are already losing millions.

At the same time, a clear, transparent system, strict control, including an external independent audit, awareness of the inevitability of punishment will make the majority forget about fraudulent schemes in favor of honest earnings. To counteract internal fraud, DLP systems, employee profiling systems, and UEBA behavioral analysis are used.

Anti-fraud systems in domestic companies over the past few years are gaining more and more popularity. In the light

Anti-fraud systems in Online Banking services

To ensure the safety of financial transactions for individuals in RBS services, in particular in the "online bank", restrictions or limits are used on transactions, the second line of defense included in the complex of fraud monitoring solutions:

• limiting the number of purchases by one bank card or by one user for a certain period of time;
• limitation on the maximum amount of a one-time purchase by one card or by one user in a certain period of time;
• limitation on the number of bank cards used by one user in a certain period of time;
• limitation on the number of users using one card;
• accounting of the history of purchases by bank cards and users (the so-called "black" or "white" lists)

A mandatory requirement for the implementation of such rules is user recognition by various parameters and algorithms. Accordingly, the advantage of the anti-fraud service is determined by its ability to quickly and with the maximum degree of probability to recognize a fraudster. Another function of fraud monitoring is the ability to assess customer behavior in the process of making an electronic payment, for example, in an online store. How truthful information a person indicates about himself and how much the set of user parameters corresponds to the standard patterns of behavior of respectable buyers are all factors that fraud monitoring services try to take into account when assessing the likelihood of fraud.

Let's take a look at an illustrative case to understand how the anti-fraud system works.

First of all, a transaction (financial transaction) undergoes an initial analysis based on factors, for example, those described above. Further, based on the analysis, it is assigned “ label " , which characterizes the way the transaction is processed. There are three types of tags:

• "Green" marks transactions with a low likelihood of a fraudulent transaction.

• "Yellow" the tag marks transactions in which the chance of a fraudulent transaction is higher than average, and additional attention will be required to complete the payment.

• "Red" transactions that are most likely to be fraudulent are noted, and when they are carried out, documentary confirmation of the authenticity of the cardholder will be required.

The simplest protection settings are used, which can be set by any merchant, such as pick-up protection CVV and card numbers; parameter analysis cards by bank, owner, product type, country of issue and geography of use; buyer's identification by purchase history; retrospective analysis shopping; detection of suspicious transactions by the prints of the equipment used; domain and IP address check etc.

WITH Green transactions everything is as simple as possible: for example, the payer pays from Russia with a card issued by a Russian bank. The payment amount does not exceed the store's average check. Monitoring system assigns transactions "Green" label. Next, the transaction is sent for authorization using 3-D Secure ... And if the card is not subscribed to the one-time password service or the issuing bank does not yet support this service, a request to authorize this transaction will be sent to the processing center of the paying bank in the usual way - directly.

The average level of fraud risk determines a different way of checking the payment for legitimacy. Yellow label assigned to transactions with average and above average levels of risk of fraudulent transactions. For example, in a Russian online store, a purchase is paid for with a bank card issued in Russia, but the size of the average check is noticeably higher than the average for the hospital. So if the payer cannot use this payment authorization method, then his bank card will be automatically sent for online validation or manual verification.

"Red" label the fraud monitoring system automatically assigns transactions with a high level of risk of committing fraudulent transactions. For example, payment in a Russian online store is carried out with a card issued in the USA, and the payer is in Spain.
Problems of using anti-fraud systems

According to the portal www.banki.ru , the most popular type of bank card fraud is the so-called Friendly fraud ... How does the "FF" mechanism work? The cardholder makes a purchase on the Internet, and then requires the bank to conduct charge-back - refund of funds to the card due to failure to provide the service. And, if the store cannot prove the unreasonableness of the payer's claims, the bank must reimburse the required amount to the cardholder. And the "cost" falls, of course, on the online store. So online stores can suffer from hackers who illegally penetrate the site system, their own employees who unauthorizedly use the company's databases, unscrupulous customers who indicate incorrect payment information for the purpose of non-payment, or initiate a refund after the goods are shipped or the service is provided.

Therefore, it becomes very important to collect the evidence base and technical details to prove the fact. fraud ... Accordingly, if there was a preliminary agreement between the employees of the online store and the bank, then most likely any investigation attempts will not be successful. Confront human factors anti-fraud systems have not yet been learned.

Just like any other service, the system fraud monitoring have their own "Production costs"... So the rejection of payments can lead to the loss of customers, and therefore, profit. Without proper configuration, filters may not allow transactions that are significant for an online store, which will certainly not be pleasant to customers. Therefore, when choosing a payment service provider, you should pay attention to the declared conversion into successful payments. For example, the conversion rate into successful payments after "Manual" settings electronic payment systems PayOnline varies within 93-96% - and this is a very good indicator for the market. Lack of solutions Verified by Visa and MasterCard SecureCode lies in the fact that as of the current moment in time, not all banks are able to correctly and conveniently process incoming requests for the cardholder, which can lead to the impossibility of confirming the intention to perform the operation, i.e. in other words, it lowers conversion.

Another unpleasant, but important point that you will have to face when implementing the system fraud monitoring on the side of the online store, will become user data protection , both personal and payment. It will be necessary to pass certification of compliance with the requirement of the standard PCI DSS , as well as take into account the restrictions on the storage and processing of data regulated by federal law.

And some infographics on the topic of fraud in Russia

Facebook

Twitter

In contact with

classmates

Google+