Actual trends in Fraud Prevention 2021

History of Fraud Detection

Antifraud systems were evolving insensibly all over the world: detected incidents drove the process.

Initially the funds had been stolen from individuals’ bank accounts. But then in the period of years 2008-2010 huge number of thefts came to legal entities. The fraudsters copied the files containing electronic digital signature.

In 2014-2015 the banks were attacked by serious trojan «Lurk».

The need for antifraud system was transferred from ”no loss in bank” to ”on-line cross-channel solution”.

Social Engineering

Social Engineering or «attack per a human» is a combination of psychological and sociological methods and techniques for steeling personal data.

Social Engineering is № 1 in COVID-19 pandemic period:

  • More effectual phone calls

  • Waspish manner of talk

  • More psychological pressure

  • More sophisticated instruments of phishing

Social engineering: General Scheme

“Pretexting” is the fraudster’s attack in which the intruder introduces himself like fake person and finds out the confidential info by prepared scenario.

Fraudsters’ instruments:

  • Fake personality is created

  • Known data is used from public resources

  • Requests become more persistent

Detection and Fraud Prevention

Detection and Prevention of the most complex Fraud without impacting customer experience by analyzing device, behavioral, and transaction data in real-time.

Session and transaction monitoring

  • Data on client and device

  • Data on transactions’ activity

  • Details on devices: model, type, identification, language, IMSI, IMEI…

  • Remote control (TeamViewer …), presence of the active call…

  • Clients’ data screening ("Know Your Customer” concept)

Combination of‘model-based’ and ‘rule-based’ concepts

  • «rule-based»: risk assessment based on the known attack schemes

  • «model-based»: risk assessment with applying self-learning systems, automatically adopted to the new attacks

Social Engineering: Phishing

Phishing like “fishing” - is such kind of Internet Fraud when intruder tries to get personal data of the customer.

Fraudster is using“carelessness” of the customer

Fraudsters use holiday sales period to register hundreds of fake domain of popular brand shops.

By using these clone-sites, the fraudsters can get access to the bank credentials of the customer, empty his bank accounts or get money for the fake goods.

Internal Fraud: Employee Control
  • Employee authentication

  • Third party presence

  • Detection of the ”closed” cam

  • Detection of screen photography

  • Enforcement by third parties

  • Absence of employee on video

As a result of control and authentication:

  • Behavior profiling and detection of anomalies

  • Detection of anomalies during finance operations

Fraudsters attack bonus and loyalty systems

Some techniques that Fraudsters use:

  • Vulnerabilities in information systems

  • ”Phishing” as a method to get users’ credentials

Internal Fraud with bonus systems & loyalty cards

  • Bonus transfer to the friends

  • Applying clients bonuses for paying other people's purchases

  • Bonus assessment to fake customers

  • Incorrect or illegal bonus transfer to other accounts

  • Bonus cashing out by employees

Clients’ Fraud with bonus systems & loyalty cards

  • Buying the goods with bonus assessment and return with bonuses spent

  • Write-offs of the same bonuses from different distant channels at the same time

  • Attempts to get bonuses for activity in charts and social media

Loyalty program Fraud, General Method of Detection

In case of fraud prevention, promptly receive information about о customer/operator’s actions in distant channels including:

  • Assessments, buying, returns/cancellations of transactions, shares

  • Details on device and geo location of operation

  • Data on client, operator, trade office or partner

In case of abnormal actions of Operator/Customer, issue notifications and create incident response. For example:

  • Abnormal manipulations with bonuses by operators, customers, partners

  • Unauthorized bonus withdrawal

  • Theft of Identity for bonus applying

  • Return of the goods with bonuses (previously placed or used)


Task №1:

Reducing losses associated with fraudulent activities on behalf of Clients names;

Result: Reduced losses

Task №2:

Maintaining reputation and reducing image risks, increasing trust for using different service channels;

Result: Increasing number of clients and volume of operations

Task №3:

Reducing the cost of preventing and investigating fraudulent activities through effective detection of fraudulent payments

Result: Reduced losses

Copyrights for this article belong to our vendor Fuzzy Logic Labs

42 views0 comments

Recent Posts

See All

DevOps requires a delivery cycle that comprises planning, development, testing, deployment, release, and monitoring with active cooperation