Fraud-as-a-service: the latest lucrative business in cybercrime
You’re probably already used to hearing the term ransomware-as-a-service (RaaS). In recent years, elite cybercriminals have come together in groups as well-structured as conventional companies and have begun to “license” their malware among those looking to steal data.
In short, it’s really simple: someone with zero experience in ransomware can “lease” a ready-made kit, launch the attack on their preferred target and share the profits with the party that coded the malicious software. Ransomware-as-a-service groups are so systematized that many of them even have a type of HR department to assess new member applications, along with a team of developers engaged in guaranteeing the code will work in practically any scenario.
That’s right. The world of cybercrime keeps reinventing itself, and the latest trend is fraud-as-a-service (FaaS). Conceptually, it’s very similar to RaaS, though aimed at an array of fraud types. It is possible to make an improper purchase, steal credentials and so on by simply paying a fraction of the real value of the "transaction" to the cybercriminals.
Attention, online stores!
Despite FaaS being nothing new, it’s no surprise that it’s growing in popularity. Some of the leading victims of these types of fraud are e-commerce stores; after all, taking Brazil as an example, the Coronavirus pandemic saw the purchasing method grow 75% in a single year! Many people have lost their fear of online shopping, making these platforms the perfect target for those looking to steal personal and financial information.
There is an array of scams that can range from purchases on a stolen credit card to clients’ accounts being invaded, along with fraudulent reimbursement requests, among others. The rise in the number of frauds is a heavy burden on vendors, since a fraudulent transaction may end up costing up to three times the value of a sham purchase.
For example, when receiving the famed chargeback, the vendor loses the item, loses the payment, and still has to deal with taxes and operational fees to contest the purchase with banking institutions and/or credit card companies.
How to stay protected
Thankfully, the market is already reacting and the options for anti-fraud solutions continue to grow, too. It all depends on vendors implementing them and using them in the most appropriate manner possible. Among the crucial tips to reduce the number of frauds, some of note are:
-
Requesting consumers adopt stronger passwords that are much harder to crack.
-
Using automated anti-fraud tools that block suspicious transactions based on behavioral analysis.
-
Keeping your entire technology stack (site, plug-ins, payment gateway...) permanently updated.
-
Using dark web monitoring solutions to find data leaks and attacks planned and targeted on your store.
Users also obviously have to remain alert, maintain good habits in cybersecurity hygiene, only visit reliable online stores, and monitor any and all suspicious transactions in their bank accounts. After all, with attacks on online platforms, it’s not only vendors that lose out, customers are also at risk.
When it comes to fraud-as-a-service, it really is a two-way street in which both parties to the commercial relationship need to adopt care measures against imminent threats.