Fraud, In A Factory Setting

You’ve seen the pictures: rows of workers, in what could be termed “fraud factories,” armed with laptops, launching unsophisticated attacks on merchants. In the latest profile of the fraudster, Forter Analyst Gilit Saporta tells Karen Webster what’s behind this seemingly exploited type of fraudster and what makes them so dangerous.

Meet the newest factory worker: the fraudster.

In the latest iteration of the Meet The Fraudster Podcast Series, Forter fraud analyst Gilit Saporta takes PYMNTS inside another class of cybercriminals, those known simply as the “factory fraudsters.”

The name conjures up, as Karen Webster noted, rows of workers populating a literal factory floor, with activity humming day in and day out — in this case, on the prowl to lure merchants into fraudulent transactions for goods to be sent, yet no legitimate method of payment received.

And, concurred Saporta, that’s pretty much what the situation is.

One wrinkle here that belies the typical fraudster profile: These workers can actually garner the fraud expert’s sympathy since they are unsophisticated, fairly beginner-type fraudsters who are typically living in third-world countries. They’re committing fraud, using beat-up, old-fashioned laptops, because they have no other reasonable options of making a living for their family. Training is minimal, and these fraudsters do as they are told by the more experienced fraudsters who put them to work.

But, Saporta said, these factory fraudsters and their lack of sophistication is often a screen for the factory “bosses” who are perpetrating more nefarious actions.

Acting as a front line, of sorts, these factory fraudsters, as described by Saporta, use the most basic, rudimentary form of fraud — for instance, via email, with frequent evidence that they don’t even try to conceal the fraudsters’ true identities. Should they succeed in luring merchants to enter a transaction, Saporta said, they end up being lucky enough to get desirable goods, such as electronics, for example, that they can sell in their local (third-world) markets.

In the meantime, these labor-intensive, phishing-intensive lures against merchants are, in fact, meant to be a distraction, aimed at giving the more sophisticated firms an entrance to more valuable details on merchants (and more lucrative fraud).

With such staggering waves of emails and redundant attempts to lure merchants into a poorly constructed, rather transparent fraudulent web, Saporta said that such actions are “easy to catch, and we see them repeating their attempts without much improvement.”

But there’s an inadvertent impact to such behavior on merchants, continued Saporta. Over-reliance on manual processes, or pegging a particular area — think Nigeria, for instance — can result in bias that eliminates legitimate buyers from interacting with merchants, such as tourists or honest citizens.

Merchants, she added, can best combat against the factory fraudsters via automation, where “spending time and money is a waste and it is an opening for strong bias.” The firm, she stated, and its security team “can become overconfident and miss out on good transactions.”

The “factory fraudster” may be a pawn in the ongoing battle between merchants and cybercriminals, but the end result is this: With yet another wave of cybercriminals to monitor, however unsophisticated, vigilance is key, and for merchants, automation remains the surest way to vigilance.