Uri Arad, co-founder and VP Product, Identiq writes for PaymentExpert on the growing problem of gig economy fraud, which takes on significant importance as so much shopping and interaction has moved online – and looks set to stay that way.
New year, new problems. While growth in chargebacks is something many businesses have been fighting for some time, the pandemic has put new pressure on fraud teams everywhere.
As if it wasn’t enough that many teams are working remotely, facing a flood of new users (great for the business, challenging for fraud fighters) and dealing with statistical systems such as machine learning faltering when thrown into situations of constant change, a new corner of the online criminal ecosystem is exploding to make fraud harder to identify than ever. There’s now a gig economy of fraud.
Pandemic piles on the pressure for customers
COVID-19 has added stress to life in so many ways, but for a lot of consumers, it has created frightening financial uncertainty. Many found themselves unexpectedly out of work, and new jobs aren’t always available – especially now people are looking to work from home.
Desperate job seekers aren’t necessarily very careful about which jobs they’ll take – and some of the jobs out there involve working for a fraudster. The descriptions of the roles are often phrased carefully, so that it’s not obvious that fraud is involved. There are a lot of people who don’t look too closely to see what’s hidden between the lines.
That gives fraudsters a huge opportunity. There’s now a massive pool of ordinary people whose profiles, addresses and IPs they can leverage as part of their fraud schemes.
Putting gig economy fraud to work
The applications for gig economy fraud are numerous, if you’re a fraudster. There’s the traditional muling setup, of course, where the fraudster sends packages to a mule, who then repackages it and sends it on – either to the fraudster directly, or to a third party who thought they were making the purchase legitimately. There are plenty of legitimate reshipper positions, which makes it particularly difficult for consumers to see the catch in the fraudster jobs ads.
With the explosion of the gig economy, fraudsters have branched out from the traditional model – though they’ll sometimes use a standard muling reshipment setup to attract their mules at the start, easing them into more dubious work later on.
Fraudsters now use the gig economy to get people all over the world to set up accounts and profiles, pick up packages, transfer money, beat CAPTCHAs, file refund claims, and even make transactions on their behalf. It’s far harder for fraud prevention systems to identify these users’ actions as fraudulent, because they’re leveraging their own good reputation online. Moreover, fraudsters are careful about choosing the right mule for the right job, so that the IP location matches whatever might be expected.
Scale like never before
Mules are nothing new, of course, and fraudsters have always loved to use witting or unwitting accomplices to expand their operations and options. But the current situation has taken it to a whole new level in terms of scale – it’s now a whole gig economy in its own right.
The global economic impact of the pandemic means that fraudsters can pick and choose the right accomplice for the job they have in hand, targeting different sites in different countries with the appropriate mule. If they have a stack of stolen credit card information, they can make sure that the purchases are placed using someone who lives near the billing address.
Digital goods are particularly vulnerable here, because there’s an expectation of speed on the part of the consumer, and businesses working with digital goods are sensitive to that and try to avoid delay wherever possible. That puts a lot of pressure on fraud prevention teams, who often rely on details such as the behavioral profile of the user, device intelligence, or details about their IP and so on, to differentiate between fraudulent and legitimate transactions and users. But with the rise of the gig economy, those details are far less reliable than they have been previously.
Similarly, gig economy workers are used to age accounts – create an account, and give it regular light, legitimate-looking use. The fraudster might only leverage it months later, when it seems well-established. That messes with other assumptions many businesses have about fraud.
The fundamental principle at work here is that to a fraudster, their own time is valuable. It’s all about their personal ROI – minimise effort, maximise profit. But a low-paid gig worker can spend time on dull, repetitive and time-consuming tasks, which the fraudster then leverages later. From the perspective of the fraudster, that just makes sense.
Companies need to collaborate
Fraudsters are increasingly part of a complex, global network, on which they draw for numerous things, from gig workers to stolen information to concerted attacks against a business. Merchants need a similar support structure to combat them.
Sharing best practices and updates on the latest fraudster tricks and trends is more crucial than ever – even though it’s so much harder to meet in person. Online groups, virtual roundtables and organisations which exist to bring fraud fighters together can fill the gap, even if it isn’t quite as fun as a conference.
Moreover, one of Gartner’s picks for 2021 as a top strategic trend is Privacy Enhancing Computation, which enables companies to leverage one another’s data without ever sharing any personal user information at all. That’s technology which could be enormously valuable for fraud fighting teams, especially in an environment where some of the more traditional approaches are falling short due to the pandemic, or being circumvented by gig economy fraud.
Companies which pool their knowledge (without ever sharing personal user data) will be able to flag suspicious identities right from account creation, protecting both their ecosystem and preventing chargebacks further along.
Fraudsters are collaborating more tightly than ever, and expanding their reach around the globe. Fraud prevention teams need to do the same – or risk falling further and further behind.