By the time you encounter a fraudster, they’ve already gone through a full range of steps that might be invisible to you as a fraud prevention expert. All you see is the end result: a policy violation that needs to be addressed. But how do fraudsters get started? How do they gain access to your platform? How do you ensure that the fraudster you’ve just banned doesn’t come back again?
In this post, we’ll be diving into the playbook fraudsters use to infiltrate and exploit a platform for their own gain. Understanding how fraudsters move throughout their entire journey can give you the insights you need to block fraud out closer to the source—before it has a more significant impact on your app.
Bad actors do what they do for a reason. If we can understand their reasoning, we can gain unique insights into how fraudsters operate, why, and how we can use their motivations against them.
With this in mind, there are a few safe assumptions we can make about the practices of “career fraudsters” (people who defraud platforms systematically).
Personal gain—usually personal financial gain—is the “why” behind every dedicated fraudster.
Fraudsters are constantly calculating their ROI and looking for ways to optimize it. That might mean investing in automation tools, subscribing to Fraud-as-a-Service products built by other fraudsters, or scaling up their operations.
The most important thing to realize about fraudster ROI is this: Fraudsters’ concern over ROI can be used to drive them away from your platform.
If defrauding your platform is doable, but costs the fraudster too much money, time, or work, they’re much more likely to take their game elsewhere.
That means that one of our goals as fraud fighters is to make fraud as expensive as possible for fraudsters.
In the same way that we’re always gathering intelligence about the latest FaaS tools and fraudster tactics, so too are fraudsters paying attention to what we’re doing on the anti-fraud side.
Many fraudsters have advanced knowledge of which tools and signals anti-fraud software uses to identify them, and they change their tactics accordingly. This is why constant solutions testing and evaluation is so critical to staying a step ahead of the opposition—along with continuous innovation.
It may come as a surprise, but the fraudster side is actually more collaborative than the anti-fraud side. Fraudsters share tools, methods, workflows, tips, and other valuable resources in Telegram channels, on hacker forums, on the darknet, and elsewhere.
This means that a small exploit doesn’t usually stay small for long—it’s only a matter of time before the information spreads, and losses can accelerate exponentially.
With the above assumptions in mind, we can look at an example path a fraudster might take to start defrauding a platform, whether that be marketplace, gig economy, or another type.
Multi-accounting is the gas that drives the mobile fraud engine. Without having multiple accounts, fraudsters can’t evade bans, and they can’t scale up their operation to a profitable level. Many platforms have some form of device ID in place to try and prevent ban evasion or other types of account creation fraud.
Unfortunately, legacy device ID solutions haven’t been a challenge for fraudsters in years.
Nowadays fraudsters know that it’s usually possible to evade a device ID with something as simple as reinstalling the app or factory resetting the device.
While this method of getting around device ID is easy and possible, it’s also time-consuming. Career fraudsters often use a combination of app cloners and emulators to help them grow and manage their bank of fake accounts as quickly as possible.
In the clip below, Incognia’s Global Head of Industry for Ride-Hailing and Food Delivery, Eduardo Pires, explains how using these tools in combination can be a massive productivity booster for fraudsters:
With a healthy bank of fake accounts to choose from, the fraudster’s next step is to start using those accounts to commit the fraud and policy abuses that actually make them money.
Promo abuse, refund abuse, and collusion are some of the policy violations we see most commonly, but they’re far from the only ones.
Here’s a brief review of how each type of abuse might monetize:
These are far from the only ways that fraudsters make money defrauding a platform, but these examples hopefully give you an idea of how fraudsters might create a money-making scheme at your platform’s expense.
Sometimes, fraudsters get caught. If you catch someone breaking your platform’s policies and causing losses, your next step might be to ban that user to protect the integrity of your platform.
That’s a good step, but it only works if the ban actually sticks.
If your red-handed fraudster has a bank of backup accounts waiting for them, your single account ban is only a speeding ticket. They can log in on a different account and get right back to defrauding you, wasting your fraud team’s time and money.
The account creation to fraud to ban evasion cycle will last indefinitely unless you find a way to detect and block repeat fraudsters persistently.
The most powerful tool someone who commits mobile fraud has is their ability to hide their identity. If a platform can’t tell that Fraudster A is actually the same person as User B, that fraudster can keep their schemes going indefinitely.
Fraudsters are also constantly innovating new ways to get around fraud detection systems—as we mentioned above, they keep up-to-date with tools fraud fighters are using.
One of the best ways to future-proof your fraud strategy right now is to rely on a multi-layered solution.
If one signal is vulnerable, the other signals in the stack can fill in those gaps and still persistently stop the fraud attempt.
In Incognia’s case, we use a combination of device intelligence, tamper detection, and precise location to help us create a risk assessment for onboardings and logins. Each signal plays a role in interrupting a part of the fraudster playbook.
For example:
There’s no such thing as a set-it-and-forget-it solution in fraud prevention. The unofficial fourth phase of the fraudster’s playbook is innovating, evolving, and adapting.
That’s why, as fraud fighters, it’s crucial for us to stay on the cutting edge. We aren’t just solving for today’s fraud problems—we’re solving for tomorrow’s, too.