How to prevent damaging spam from stealing my payment data – interview with Sift

Since the inception of online businesses, the internet has become a place where anyone can promote and sell just about anything

Scams, spam, fake reviews, and misinformation have evolved in tandem with online shopping, and fraudsters have adapted their methods to bypass advanced security measures and invade new channels.

The result: merchants losing money, as their customers are bombarded with fraudulent content to steal their payment data. But there is a silver lining to this problem, as we sat with the Sift team to learn more about content abuse tactics, how to spot it, fight it, understand fake content’s role in payment fraud and account takeover, and most importantly prevent it from happening.

What is content abuse and how big is this problem for the ecommerce industry?

The definition of content abuse really depends on the company that it is affecting. It can be something like a fake job or car listing, phishing attempts, or a spammy message. All of it is done with the intention of defrauding a business or person online.

Content abuse is a tremendous problem for the ecommerce industry. When you think about purchases online one has to acknowledge what they are often driven by: recommendations, reviews, and user generated content. Now imagine a fraudster using those same methods to direct traffic to scam sites, steal PII, and inundate your inbox. The worst part is that fraudsters will continue to utilise these methods because they’ve proven so successful.

You have recently published a new Digital Trust & Safety Index where you talk about the ‘fraud supply chain’. How does content abuse, ATO, subscription trap, etc. fit into this chain?

They are all part of the same fraud ecosystem. What we at Sift encourage you to consider is how different fraud types actually contribute to one another. Content abuse always has an angle: go to this website, send this information, click this link, and so on. After that the trap is sprung as it were, whether it be ATO or otherwise. Content abuse is often the vector which directly proceeds fraudulent activity.

What are the major negative repercussions malicious content can have over digital merchants and how to prevent them?

When the entirety of your business occurs online, it becomes even more imperative to secure online channels. We see the most repercussions around brand damage and customer churn.

While thinking about a company, like an online marketplace for example, a customer is looking for engagement and legitimate, trusted interactions. Content abuse strikes at the heart of this. Not only can customers feel a lack of safety but may also explore alternatives as ways to secure the goods and services they are requiring. Additionally, a lot of these negative experiences can lead to viral social media posts, which only furthers the impact of any single poor interaction.

How has the current pandemic influenced fraud rates in the ecommerce space in general and content abuse rates in particular?

We’ve actually been keeping track of this through the pandemic if your readers would care to check it out, just visit: https://sift.com/covid-19. We’ve been updating this on a monthly basis so do expect updates here.

We’ve observed increases in fraud rates and attempts, though we have seen the significant fluctuations based on the vertical affected. Not surprisingly, travel, transportation, ticketing, and events saw tremendous increases in fraud. Their fraud rates were compounded by the fact that experienced a decrease in traffic over the same period, thus really affecting their rates.

Content abuse continues to rise, but with targeted types of content to reflect the larger macro environment. Spam and scams related to employment targeting the recently unemployed or furloughed, for example are popular. Also, content related to medical goods or those in short supply.

What approach would you recommend fraud fighters adopt to better understand, internalise, and proactively prevent all types of fraud?

I would tell fraud fighters to do what they do best: investigate. Oftentimes I’ll talk with people that solely focus on payment fraud because there are easier measurables to track like chargeback rate. When you’re dealing with account takeover, content abuse, or a fraud supply chain, impact can be less apparent. However, I think with some due diligence you can expose other types of fraud happening at your company and, not surprisingly, how it often relates back to the payment fraud that you’re already tracking. Try to think of it like opening your fraud horizons as it were.

About Jeff Sakasegawa

Jeff Sakasegawa is a Trust and Safety Architect for Sift. He has spent over ten years fighting fraud for Google, Facebook, and Square. In addition, his last two years at Square were spent managing teams covering BSA/AML reviews, quality assurance, identify verification, and host of other compliance related matters. He has a passion for cross functional and scalable solutions that delight as opposed to simply deliver.

About Sift

Sift, formerly Sift Science, is the leader in Digital Trust & Safety, empowering companies of all sizes to unlock revenue without risk. Sift prevents fraud with industry-leading technology and expertise, an unrivalled global data network, and a commitment to building long-term partnerships with our customers. Twitter, Airbnb, and Twilio rely on Sift to stay competitive and secure. Visit us at Sift.com and follow us on Twitter @GetSift.