Security & Fraud

The Hidden Fraud That Spells Big Marketplace Losses

Everyone loves a good, free introductory offer: the month of free access to a streaming service, the free lift from a ridesharing service, the free meal kit delivered right to the front door. Brands know that customers like these offers, which is, of course, why they offer them. They are a great way to get that foot in the door with a consumer, and give them a chance to consider how much they might like to continue using the service — for a reasonable fee.

The problem, Boku CEO Jon Prideaux told Karen Webster in a recent conversation, is that legitimate first-time customers aren’t the only ones who like free introductory offers.

“Marketplaces of all kinds want to attract users, and these offers absolutely do that. The trouble is that any offer that attracts a genuine new user is also going to attract fraudsters who want to exploit this opportunity,” Prideaux explained.

Sometimes, that fraudulent activity around offers is small scale — a user creates a new email address or two to continually sign up for new streaming memberships, for example. That is annoying to marketplaces, Prideaux told Webster, and is something they have been working harder to crack down on, along with other individual abuses, like password sharing or trading that individual customers tend to use to wring a bit of extra utility out of the platform. However, beyond being an irritant, he noted, one-off friendly frauds like these aren’t a major risk to a firm’s bottom line.

Unfortunately, there is a far more malignant form of offer fraud out there that does pose a much bigger risk. This is the type that happens on two-sided marketplaces, when one side of the transaction — the service supplier — realizes they can exploit a marketplace’s offer system to line their own pockets. Those attacks, Prideaux noted, are happening at scale across the entire ecosystem, and the losses there can be high enough to start putting a firm’s bottom-line performance at risk.

Merchants don’t want to pull the plug on offers to keep fraudsters out any more than shopkeepers want to close their doors for good to prevent shoplifting. The good news, Prideaux said, is that they don’t have to — they just need to start looking at their offer transactions more carefully.

“Sometimes, simple controls can yield astonishing results in this arena,” he explained. “The goal is to give the right set of tools to repel it.”

The Dark Side Of Offer Fraud 

The individual who keeps making burner email accounts to repeatedly sign up for their free “first” month is basically limited in the damage they can do. They can only steal a month’s worth of individual value at a time.

What becomes a much bigger problem is what happens in two-sided sharing economy marketplaces, where the value-grabs are much larger. For example, Prideaux pointed to ridesharing services that offer first-time users a free ride. Those offers work, he noted, because the ridesharing services compensate the drivers for the cost of the rides — since, obviously, drivers aren’t volunteering to give anyone a free ride.

Clever fraudsters driving for Uber, though, realized they could create scores of fake phone numbers via Google or other VOIP services, then book lots of first-time rides. The consumer was a fake, the number was fake and the ride never really took place. However, since it looks like a ride happened in Uber’s system, the driver gets paid for it.

That activity happening over and over again — with drivers hitting a loophole in the system, and collecting fees for jobs that never happened — is not a small concern because that type of fraud gets expensive quickly.

“This is all over marketplaces. It is a vulnerability that exists across the sharing economy,” Prideaux told Webster. “It is much more serious than an individual facing off with a streaming service. This is a way for fraudsters to take cash out of marketplaces providing initial, sign-on offers. The systemic risk they face is that if the service provider is getting a share of the revenue generated by that first-time user offer, that creates an incentive to abuse the promotional budget the platform has set.”

The good news, he said, is that most sharing economy workers aren’t thieves. They are there to do their jobs honestly, and get paid an honest wage. Perhaps the better news for marketplace operators, however, is that there is a way to shut down this kind of fraud — as long as one is looking at the right data at the time.

Beating Back Opportunistic Offer Fraud 

Marketplaces can see this is an issue after the fact, when they realize they have a massive number of users who are seemingly signing up once for the free trial, never to be seen again. It is especially suspicious if most of those “new” riders got those rides from a handful of drivers.

Yet, by that time, the damage has been done, and the fraud has happened. The better security protocol, he said, is dedicated to stopping the fraud before it starts by seeing it for what it is.

“What Boku can do is check on the line type being used here. If it is not a mobile device, if we see it is a VOIP number, for example, we can ping that transaction as something you should be suspicious of,” Prideaux said.

There are more in-depth scans that can be done from there, such as checking what type of mobile line it is, the history of the SIM card or how long the account has been in service. Often, though, he noted, it doesn’t need to be that involved. The simple fact that an account is being signed up for with something other than a regular mobile phone is enough data to tell the marketplace that it is likely dealing with someone trying to commit fraud.

The fraudster might go on to do more convincing frauds around sign-ups and better spoofing, thus requiring those deeper dives into the data. Yet, he said, more likely than not, when this easy loophole closes off, most of the fraud that clusters around it will just move on to the next easier hole to exploit.

The goal in the long run, Prideaux said, is to let the mobile marketplace continue to put out attractive initial offers to bring in consumers (as that is often what it needs to do), but do so in a way that isn’t also bringing on a whole new demographic of fraudsters.

“We’re talking about companies that are growing fast, [and their] main priority is to bring in new users who will keep on spending,” he said. “That means it is not about limiting that, but about equipping merchants with tools for the mobile, marketplace and sharing era with the knowledge that something new is always going to be popping up.”

——————————–

Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. In the November 2019 Mobile Order-Ahead Report, PYMNTS talks with Dan Wheeler, Wahlburgers’ SVP, on how the QSR balances security and seamlessness to secure its recently launched WahlClub loyalty program.

TRENDING RIGHT NOW