On the heels of our previous post about increased shipping fraud during the holidays, eWeek has just reported that click fraud is also anticipated to increase dramatically in the coming months:

“As we head into Q4 and the busiest season for online shopping and Internet use by those considered inexperienced users, click fraud will likely run rampant as scammers seek to tap into the increased attention, experts warned.”

Click fraud (which is when affiliate sites dishonestly increase online ad traffic in order to gain unearned revenue) is one of many types of fraud becoming more common with the use of botnets. In addition to click fraud, many other types of fraud—including spam, phishing attacks, and identity theft—are gaining in prevalence with the use of botnets. The result is that consumer PCs are under siege and individuals and businesses alike bear the cost.

“The significant rise in botnet-generated click fraud lines up with recent findings of several well-known malware and online fraud tracking experts,” said Paul Pellman, CEO of Click Forensics. “Botnets perpetrating click fraud and other online schemes continue to grow in number and sophistication.”
Another post from the Kansas City Star confirms this problem as well as provides some tips for individuals to protect themselves:

Slightly more than 4.3 percent of American adults were the victims of identity theft last year, according to the 2009 Identity Fraud Survey Report, and the percentage is expected to go higher when wallets are lost and stolen in the holiday shopping season. The average fraud amount per victim was $4,849 and took about 30 hours to resolve, The Javelin Strategy & Research Center reported.

It is worth noting that the $4,849, cited above, does not take into account the significant costs that businesses suffer as a result of fraud. And with all indications pointing to an increase in online fraud as the shopping season ramps up, online businesses are currently trying to prepare. A good fraud prevention process ought to be able to recognize the following items:

• Is the credit card valid? There are a number of security checks available that can point to credit card fraud. This includes authorization checks, AVS checks, card verification (i.e. checking CVV2 number), and other card validation checks.
• Has the individual committed fraud in the past? There are a number of commercial systems and internal databases that help businesses check whether the supplied Personally Identifiable Information (PII) has been associated with fraud in the past. This kind of system essentially checks whether the information submitted by the customer matches information that has been associated with fraud in the past.
• Does this transaction have high risk characteristics? Businesses should be tracking and flagging transactions that have high risk characteristics. Contributing factors can include: the country of origin of the purchase, the kind of goods being purchased, the use of IP proxies, the time of the purchase, and many others factors. For fraud systems that work with these risk factors, often a large number of factors are taken into consideration in order to determine a risk score for each transaction. Based on that score, businesses can make a decision whether to allow, deny, or flag that transaction for review.
• Has this computer been used for fraud before? Device reputation systems are now considered a best practice for fighting online fraud. An online business should be able to understand, independent of personal information, whether or not a computer that is being used to conduct online business already has a history of fraud. The critical components of this system are: the ability to identify and re-recognize a computer and the ability to take into consideration historical fraudulent activity associated with that computer.

With these techniques in place, businesses will go a long way to stopping holiday fraud.

Tags: botnet, fraud prevention, identity theft, Online Fraud

This entry was posted on Monday, October 26th, 2009 at 7:25 am and is filed under Holiday Fraud, Online Retail. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.