Business is booming. In 2021, online spending has hit over $4.9 trillion. That’s a lot of zeroes.
This means that for every $5 spent globally in 2021, $1 is spent online.
Of course, where there is money, fraudsters are sure to follow. And this is one of the main reasons for the huge growth in digital fraud. With so many opportunities to siphon off relatively ‘easy’ money, digital fraud has grown rapidly in tandem with our dependence on the internet.
Whatever industry you’re trading in, you’ve probably had a conversation in recent years about internet fraud and digital fraud prevention.
Now, fraud is a broad term. But to understand why internet fraud has grown so big, and why fraud detection has become more important, we’ll look at the different types of internet based fraud that any business can fall victim to.
The different flavours of digital fraud
As a form of cyber crime, digital fraud incorporates any method whereby malicious actors attempt to steal money, data, inventory or other assets from a company or individual online.
With many different back doors, a savvy fraudster can find multiple ways to defraud businesses on the internet. This can include:
Any method where a fraudulent party tries to use falsified or stolen payment details can fall under the term payment fraud.
The most common method is credit card fraud, or card-not-present fraud. This is where the details of a stolen or copied card are presented for payment, without the owner’s permission.
Stolen card details are also used in carding attacks, which is where fraudsters will automate the processing of multiple stolen cards to work out which ones are usable.
Another method of payment fraud can also include gift cards or vouchers, which may have been purchased with stolen money, or simply stolen themselves. Payments with fraudulent gift cards can, just like with stolen bank cards, result in chargebacks, lost inventory and prosecutions.
Payment fraud is usually the type of fraud detection that is baked into most online payment platforms.
Shopify for example uses a number of methods to minimise payment fraud on businesses using its platform. However, payment fraud does still occur on Shopify sites, which is why many businesses use external fraud detection providers.
There are multiple ways to scam marketers out of their ad budgets. Affiliate marketing is a hugely popular method for bloggers and vloggers to monetise their platforms. However, it is wide open to abuse and fraud.
Affiliate fraud is where fraudulent influencers or publishers inflate the signups or engagement on their affiliate links. This can be done by using fake traffic such as bots or click farms.
There are also methods where affiliates use paid traffic (such as through Google Ads) to divert traffic from the brand they’re representing. This also includes misrepresenting the affiliate as the actual brand.
Affiliate fraud can also use cookie stuffing, or cookie dropping. This method installs additional cookies on a users browser and is designed to misattribute clicks and signups on to the affiliate. This can be done intentionally, with several sneaky tactics to load cookies on visitors sites.
However, there are a few plugins and add-ons which can also perform cookie stuffing without the knowledge of both the user and the affiliate.
Click fraud/ad fraud
Although the terms click fraud and ad fraud are often used interchangeably, they are closely related but different.
Click fraud refers to any form of non-genuine traffic, including malicious clicks from competitors and brand haters, and even accidental clicks from poorly placed ads. Although low volume, these clicks can add up to a sizeable percentage of ad traffic.
Ad fraud refers to the more organised process of intentionally driving traffic onto ads using automated systems such as bots or click farms. This is normally conducted by fraudulent gangs or developers and often on a much bigger scale.
Click fraud and ad fraud are both used to impact marketing budgets and divert money from targeting genuine customers.
The acquisition of fake users throughout the funnel impacts business spend on multiple levels. First of all, the fake users are targeted through advertising, either paid social or search, where you’re paying out for the click.
Fake users may then generate a shopping basket or lead form signup. You’re then contending with abandoned shopping carts or useless leads.
And, because these fake users haven’t yet converted to paying customers, you’ll then likely target them through re-targeting or remarketing campaigns.
By targeting fake users money is wasted on emails, sales calls or targeted ads. Not to mention the issue of heavily skewed analytics on the ad networks.
User acquisition fraud
This sneaky tactic is a form of ad fraud or affiliate fraud, where developers claim the credit for unearned user acquisitions.
If you have an app or browser extension infected with malware, the software can carry out a form of clickjacking or cookie stuffing. These cookies are then used to attribute conversions to a fraudulent developer or publisher, rather than the genuine referral source.
As well as hijacking genuine referrals, this form of user acquisition fraud can also claim the credit for organic app installs or account sign-ups.
Account takeover fraud
When people think of getting hacked, it’s usually the thought of account takeover fraud that springs to mind.
ATO, as it is referred to, is when a cybercriminal or hacker accesses a user’s profile. This allows them to perform a number of fraudulent activities, from transferring funds to placing orders.
For customers of course, the impact is worrying. Their data has been compromised and their money or details have been stolen or breached.
But for the business owner, the impact can be even more costly. Legal action, reputational damage, the loss of inventory and the loss of trust and income associated with a fraudulent breach are all major concerns.
Also known as executive fraud or whale fraud, CEO fraud is when a scammer impersonates a senior executive and manipulates employees into releasing money or other sensitive information.
Yes, CEO fraud really is a thing.
A type of ‘spear phishing’ attack, also referred to as Business Email Compromise (BEC), scammers use a number of methods over a period of time. This can include spoofing domains, so they can create genuine looking email addresses; monitoring social media accounts of employees for more accurate information; and using malware of other software to mine data that could make their scam more successful.
Usually, CEO fraud is performed via email. The scammer will convey a sense of urgency and will often time their fraud so that the executive is unavailable (for example on vacation).
In recent years, businesses have lost billions to CEO fraud. One company lost $40 billion in a recent BEC scam.
Worryingly, the trend for deepfakes has already been used for internet fraud. Once CEO fraud victim was scammed out of $243,000 through a sophisticated voice deepfake.
When your validation of popularity is in likes and follows, it’s actually very easy to fake your KPIs. And this is the basis of influencer fraud.
Unscrupulous influencers try to imitate the Kardashians by inflating their followers. This is easily done, simply by hiring click farms and bots to follow you and engage with your posts.
Marketers then spend thousands, or millions, promoting their products with influencers. Many of whom have large percentages of fake followers.
In fact, research by Cheq found that influencers regularly have 15% fake followers. There is also the issue of inactive followers or duplicate accounts.
Many influencers have no access to 90% of their audience simply because it no longer uses the social network where they were followed. This doesn’t stop them from touting millions of followers, who will, of course, never see your content.Brain Solis
The rise of digital fraud
Most of these forms of fraud have risen steadily in recent years. As an example, click fraud and ad fraud have gone from niche concerns, costing an estimated $500 million a year in 2005 (source), to a staggering $44 billion by 2022.
Click fraud and ad fraud have actually overtaken credit card fraud as the digital fraud with the biggest financial impact.
Talking of credit card fraud, Merchant Savvy found that the impact in 2020 was just over $32 billion.
With figures like these, you can see why fraud detection and prevention is more important than ever for businesses of all sizes.
Although bigger enterprises might be able to swallow losing thousands of dollars to fraud, for many it can be the difference between success and failure.
And of course there are the rising problems of other non-fraud related cybercrimes such as ransomware attacks, phishing and malware/viruses. These are also on the rise, and present a different type of threat that can lead to fraud.
So what is a growing business to do?
How does fraud prevention software work?
There are normally red flags that indicate patterns of suspicious activity or obvious fraud, such as:
- High bounce rates
- Abnormal clicking patterns
- High volumes of clicks or transactions
- Unusual browser activity (humans tend to use the well known browsers such a Chrome, Safari and Firefox)
- Unusual OS (again, humans tend to use iOS, Android or Windows)
- Multiple clicks from the same IP address
- Geo mismatches
Often a mixture of these is a giveaway that some kind of fraudulent traffic is visiting your site.
Detecting fraud traffic usually means a mixture of pre-programmed analysis and machine learning. Due to the fast evolving nature of most internet fraud practices, machine learning is an essential component.
Bots and malware have become smarter in recent years. And these days we even have cyborgs – bot accounts that can be managed by a human from time to time.
An example of cyborg accounts can be seen with credit card fraud or carding. A genuine human visitor will add items to a shopping basket on an ecommerce store. They will then use a bot to automate multiple card transactions to work out which cards are valid.
Differentiating between the human activity and the obvious bot activity of multiple credit card entries in a few minutes is something that fraud detection can help to spot. However, the processes often change as devs find new ways to bypass fraud detection.
And this is where machine learning is essential. As the changes happen across the internet, a fraud detection platform can leverage its experience on one site to block it from happening anywhere else.
Using fraud detection and prevention software means you can benefit from these developments without having to do any manual tweaking.
Fraud protection as a service
With so many forms of digital fraud, companies are more in need of fraud detection and prevention than ever before.
From click fraud prevention, to customer acquisition solutions, making sense of what a business needs to prevent fraud can be a headache. Very few businesses offer a catch-all fraud detection and protection service.
But why is this? Surely internet fraud uses many of the same methods?
Well, it’s true that bot traffic, malware and non-genuine traffic such as click farms are at the root of most internet fraud. However, quite a few of the techniques mentioned are very specialized and need a focused protection service.
For example, preventing card payment fraud and CEO fraud require entirely different approaches.
However there is some crossover. Click fraud prevention, payment fraud and fake users share some similarities.
Bots or fake accounts are usually targeted via ads, and once these bots enter your site they can perform other actions such as clicking on products. They can also end up being retargeted into your funnel, meaning you’re effectively paying twice (or more) to target bots and fake accounts.
Choosing the right fraud protection
At the moment there is no service that protects against the broad spectrum of internet fraud. It’s down to companies to choose the protection that best suits their needs.
So who needs fraud detection and prevention?
These days, anyone trading or advertising online needs to consider some form of internet fraud protection.
The potential risk of exposure to fraud can come from:
- Handling and storing other people’s data, especially payment details
- Companies with a high annual turnover
- Companies with large numbers of employees, meaning more potential for a ‘weak link’
- Any business paying for advertising or marketing online
- Businesses processing payments, especially high volumes of daily transactions
Put very simply, almost every online business needs to consider some form of fraud protection.
When it comes to click fraud and ad fraud, ClickCease is the industry leader. Covering pay per click protection on Google, Bing and Facebook Ads, ClickCease prevents bots and malicious clicks on your ads.
Of course there are other fraud prevention solutions that your business may need. But choosing these will depend on your industry, your budget and your potential exposure to fraud.