Monday , November 25, 2024

How ‘Fraud-as-a-Service’ Is Leading to the ‘Democratization’ of Online Crime

E-commerce wasn’t the only market that ballooned after the pandemic set in. Fraud took off, too, and attracted novice practitioners in the bargain. Of more than 1,000 consumers surveyed by Sift Science Inc. for a report it released Thursday, some 16% admitted they had committed payment fraud, or knew someone who had.

Worse, efforts by fraudsters to recruit more practitioners of this dark art are also advancing, as 17% of consumers said they had seen offers online to commit payment fraud. The development is “a symptom of fraud’s accessibility and democratization among everyday Internet users,” San Francisco-based Sift says in its release about its latest report, the Q1 2023 Digital Trust & Safety Index. Further, 16% of consumers surveyed said they had either committed payment fraud or knew someone who had.

Sift says the survey results show online companies can no longer figure that their fraud losses are the work only of a gang of hardcore criminals. Indeed, the report finds a rise in the availability of FaaS—Fraud as a Service—technology to everyday consumers, some of whom may stray into the so-called dark Web after responding to enticements they see on social-media sites. “Seasoned fraudsters sell on-demand services to other, sometimes first-time, culprits—a new wave of cybercriminals who have casually made it onto the deep and dark Web,” Sift says in its report.

 
This image from Sift outlines the basic steps of a criminal business model.
 

The report describes one example of such technology, a phishing kit offered online by a group of fraudsters calling themselves “EvilProxy.” Researchers found late last year that the kit enabled users to “harvest valid session cookies and bypass the need to authenticate with usernames, passwords, and/or [second-factor authentication] kits, wiping out the necessity for specific skills and lowering the barrier to entry for less sophisticated fraudsters,” the report says.

With such recruitment under way, the odds that online businesses will be stung by fraud increase dramatically, Sift warns. Indeed, the numbers are already rising fast. The company cites its own data indicating attacks on fintech firms rose 13% from 2021 to 2022. Inside that category, buy now, pay later firms sustained a 211% increase in attacks. The increase for cryptocurrency exchanges was 45%, while that for digital goods and services merchants was 27%. Absolute figures were not immediately available.

Experts warn fraud could now grow into an even larger threat to the survival of some businesses. “The rapid democratization of fraud presents even more opportunities for motivated criminals to expand their reach by productizing their offerings and selling their services to commit fraud against businesses,” said Jane Lee, Trust and Safety Architect at Sift, in a statement. “As online fraud continues seeping into everyday Internet culture, trust and safety operations have become the single point of failure or success for businesses.”

Check Also

Small Businesses Have Work to Do to Attract Shoppers, NMI Finds

While 78% of consumers say they are willing to pay more to shop at small …

Digital Transactions