What Is Clean Fraud, and Why Is It So Difficult to Detect and Prevent?
“Clean fraud” is one of the most insidious challenges facing eCommerce merchants today. This fast-growing threat is typically the work of hardcore, professional fraudsters who know ways to circumvent the fraud-prevention tactics you put in place.
Because this criminal activity is difficult to detect and prevent—even with advanced technology—it can be devastating to your bottom line. So what is clean fraud, and what can you do to protect yourself?
What Is Clean Fraud?
- Clean Fraud
Clean fraud refers to any fraud attack in which a fraudster uses stolen credit card data to make a purchase, then manipulates the transaction so as to bypass fraud detection devices. The name refers to the fact that the transactions appear “clean,” and will not be picked up by fraud filters or blacklists.
[noun]/* kliːn ● frɔd/
While it sounds straightforward, this definition of clean fraud belies the experience and complex machinations required to perpetuate it. With that in mind, it could be helpful to start with a little background information.
When making purchases using illegitimate credit cards, fraudsters have two primary tactics they can use. One is synthetic identity theft, in which criminals combine stolen information with made-up data to invent fake cardholders. This has become harder to commit over the last few years, though, thanks to more algorithms and the use of artificial intelligence. These technologies allow for more accurate detection, exposing even small inconsistencies in the fake profiles.
Their second option is to make purchases by impersonating real cardholders, using extensive amounts of stolen personal data (similar to account takeover fraud). These transactions appear valid, making them less likely to be caught by fraud filters or blacklists. The actual cardholders typically won’t notice the discrepancy until they receive a monthly statement, by which time the fraudster is already long gone.
Clean Fraud Is Just the Tip of the Iceberg.
Fraud can come from a myriad of sources—even your own customers. Click to learn how to prevent it and protect your business.
How Does Clean Fraud Happen?
Successful clean fraud relies on one key component: legitimate cardholder data. And, the more data they can capture, the better.
Background knowledge of how fraud prevention practices work is highly useful for fraudsters. It’s also helpful to know the specific fraud detection methods that targeted merchants deploy. None of it works, however, without the cardholders’ personal information.
Unlike account takeover fraud, clean fraud doesn’t try to commandeer a victim’s existing account. Here, the goal is to have enough legitimate data to be able to impersonate the user and act as a new customer. In simple terms, this is how clean fraud works:
- First, the fraudster acquires both a payment card number and as much personal information about the cardholder as possible (more on that in a bit).
- The fraudster selects a target. The more they know about your fraud detection methods, the more tempting you become as a target.
- The transaction is completed using the stolen card number and matching personal information.
- The fraudster moves on, leaving you to deal with the chargeback later on.
This last step differs somewhat from typical fraud scams. Clean fraudsters are able to leverage a thorough understanding of standard fraud prevention technology to conduct transactions without immediately raising red flags. This means they may be able to reuse the same card/data combinations for a longer period of time before the customer notices.
Fool Me Once, Fool Me Again
Criminals engaged in synthetic fraud may have to try many combinations or make numerous attempts before being able to complete a transaction. At that point, they will usually go all-in, making as many purchases as possible before the fraud is discovered. They understand that once the bank or cardholder spots the scam, that data will be blacklisted, and therefore useless.
With clean fraud, however, this is not always the case. Because the fraudulent act is extensively disguised as a legitimate transaction, neither the cardholder, nor the bank, are likely to catch on immediately. This is especially true if it’s a merchant that the cardholder already visits frequently.
Sooner or later, of course, the fraud will be identified as such. Until that time, however, the data is a valuable commodity. To prolong the period before discovery, smart fraudsters won’t to anything to call attention to the card. They methodically make purchases from time to time, trying to avoid detection.
That doesn’t mean the cardholder is clear, however: criminals have options. They may sit on the card info for a couple of weeks, then make another attempt. They may try to use the profile with a different credit card, or they may sell the info on the dark web.
Where Do Clean Fraudsters Obtain Personal Data?
As stated earlier, none of this would be possible if fraudsters couldn’t get their hands on card numbers and personal data. Unfortunately, such things are not hard to come by, in a number of ways.
Phishing schemes, for example, work very well (which is why there are still so many of them). The fraudster, impersonating an authority figure like a store manager or government official, contacts a targeted cardholder. The fraudster then asks for information in a way that could sound legitimate to an unassuming target.
This information could include anything from name and address, to user name and password, to the actual card number and security code. Every little bit can be used later by the fraudster to help the fraud seem like the real deal.
Fraudsters can also purchase data off the dark web. Clean fraud typically surges after any major data breach, as dark web marketplaces get flooded with stolen identities available for purchase. In some cases, this may include payment card/personal data combinations, ready to be used. More often, fraudsters buy identities in bulk, testing and cross-referencing them against other stolen information, until they find a match.
Tips for Preventing Clean Fraud
Clean fraud is exceedingly difficult to detect. In fact, enhancing preventative measures to combat clean fraud may backfire, costing you more in lost sales than would have been lost to fraud. That said, there are steps you can take to reduce risk:
Analyze Customer Data
is placed. That means it’s legitimate, right? Well, as we’ve seen, that’s not necessarily the case. That’s why it makes sense to use data from multiple sources for analysis and reference.
If an order seems even slightly suspicious, check it against another source. Social media can be a great resource here; if the purchase doesn’t reflect the profile of the user, it may be fraudulent.
Deter Fraud While Enticing Loyal Customers
Tracking customer data can help reduce friction and false positives, while also deterring fraud. One thing merchants might try is streamlining the checkout process for customers who already have a positive history with the company.
You can try taking a dynamic approach to friction. Not only does this encourage return visitors, but the additional fraud detection technologies for new customers can help deter fraudsters from attempting an attack.
Adopt a Multilayer, Expert-Guided Approach
You have a finite pool of resources you can devote to in-house fraud detection, analysis, and prevention. You may also lack the expertise necessary to effectively diagnose and prevent fraud.
Only a multilayer fraud solution is capable of targeting the myriad different fraud threat sources. Multilayer fraud detection can include fraud filters, user authentication, and chargeback mitigation, just to name a few.
Because there is so much involved in fighting fraud effectively, merchants are likely to see greater long-term benefits and a much healthier ROI by turning their fraud prevention over to experts. To learn how this works, and see how much you could be saving, contact Chargebacks911® today.