Targeting ‘The Actors', or ‘Their Actions’ for detecting Loyalty Frauds? – A defender’s Dilemma
How 'Actors' and 'their Actions' lead to the formation of fraud?
If fraud is assumed to be a staged process, actors (in this context, fraudsters) and their actions decide the success or failure of this planned show. In the last 2 to 3 decades, since digital became the way of life, we have seen a spate of incidents, where actions of distinct actors led to erosion of trust in the ecosystem and resulted in a complete overhaul of practices across the board. Irrespective of the actors, be it internal or external, the losses have accrued to the entities in various forms, such as smeared reputation, reduced profits, and regulatory hurdles. At one end, unwarranted actions by a group of internal actors cascaded into a collapse of the entire system, e.g., financial meltdowns and the dot-com bubble. On the other hand, external actors exploited the vulnerabilities of a well-structured ecosystem and cut into the foundation of businesses or economies for illegitimate gains, e.g., large data thefts and national security breaches.
Loyalty fraud is no different from these large scale episodes, when assessed on the basis of the underlying formation of fraud. It is commonly a process of 'threat actors' performing a series of actions motivated by certain 'threat vectors'. Fraudsters chose these 'vectors' by careful analysis of technical fissures in the system, loosely defined processes, and ineffective monitoring systems. Over the past few years, several loyalty programs, which were caught off-guard from a security and risk perspective, have become the latest hotspots for internet fraud. There are few pertinent themes that we can draw from these global events to conceptualize a trust and experience-driven loyalty program - a program that is threat-proof to a great extent and resilient enough to absorb the shocks from such disruptions.
How Fraud Actors and their Actions become unique in Loyalty Context?
Since the inception of the free market culture, meanings of the words such as 'expectations', 'loyalty', and 'value' have come a long way for both customers and brands. The business and technology landscape has also evolved at the same pace. Fraud is designed and implemented much in the same way as marketing campaigns, where penetration of each step decides the scale and scope of the next step in the planned process. Malicious intent is triggered by certain peculiar attributes (as listed below) of loyalty programs and holds the key for loyalty security practitioners to understand the 'actor and action' vocabulary of fraudsters. In general, loyalty programs are considered to be
- Easy to penetrate
- Troublesome to monetize
- Uncertain on ROI for the fraudster
- Possibility of longer fraud execution window*
- The lower risk associated with getting caught
*Remaining unnoticed for a longer period due to the majority of the accounts being less/not-at-all active
In essence, loyalty programs are an all-weather option for fraudsters to keep meddling with and getting away unscathed. This very nature of loyalty programs changes the dynamics of the fraudster's behavioral and action flow E.g., in one of the disclosed events, fraudsters monetized a large volume of stolen loyalty accounts (points) by booking travel packages at steep discounts for travellers who transferred the payments directly into the fraudsters' accounts. This incident highlights the additional set of actions and effort that fraudsters take to monetize such unauthorized gains without worrying much about the risk of getting caught. However, despite their lower ROI resulting from additional effort and actions required from fraudsters, frauds in loyalty have proven to be a desirable proposition.
Targeting Actors, Actions, or Both?
- Account Takeover
- Sign-up Abuse, and
- Policy Abuse
Within these categories, there are various ways in which fraudsters devise their strategies and execute fraud. With such diverse fraudulent objectives and execution options, the challenge for us, as security experts, is to define the problem in a sizeable window that is not too broad to address and control. It should also not be too narrow to constrain the remedy into a limited set of popular fraud events. Therein lies the well-known dilemma of screening 'actor vs. action' and raises a variety of questions: Should a security expert target the user attributes (e.g., demographics, web access behaviours, etc.) to contain the fraud, or tap action attributes (e.g., transaction details) to minimize unnecessary losses? Further, what are the implications of adopting one strategy over another?
While the 'actor vs. action' approach works great in specific situations; in general, it turns out to be a false dichotomy. To put it in perspective, an 'actor only' screening approach that ignores the transactional attributes can help curtail the proliferation of suspicious identities and attempts to a great extent if narrowed down successfully and early in the process. However, with ever-evolving techniques, fraudsters have adopted new approaches where actor-driven screening may remain ineffective. For example, fraudsters have adopted ways to masquerade themselves as genuine users. They switch between proxy servers to make a large volume of login attempts and prevent a surge in traffic from the same IP address or location - a signal which could typically be used by loyalty programs to detect and prevent fraudulent attempts. Similarly, in cases where a typical genuine user is going rogue and showing signs of fraudulent behavior, a purely actor driven approach may not result in the desired results. Such scenarios of fraud have necessitated the use of a combinatory method of screening 'actors and actions'.
In summary, the scrutiny of actors (alone) can prove effective in the early detection of a large volume of frauds. But without the constant monitoring of the actions, the behavior of nuanced actors who escape the actor-level scrutiny can cause considerable damages to loyalty programs. The fast-paced development of loyalty programs, their growing outreach beyond the core offering, and the associated values will further attract fraudsters. Security experts can enhance their efforts and deliver aligned and enhanced approaches by screening both the actor and the actions to protect the value being destroyed.
To learn how advanced technology can be used to improve fraud detection and investigation, please download our white paper – "Advanced Loyalty Fraud Detection Using Machine Learning"
Brijesh leads the Loyalty Fraud Detection and Prevention Strategy at IBS Software. He has almost a decade of Innovation and Product Strategy experience in the domains of Travel & Hospitality, Banking, and Insurance. He holds Engineering Degree in Computer Science and Management Diploma in Financial Economics.