Open in app

Sign in

Write

Sign in

Fraud: The Mole

Olivier Erol
3 min readJan 12, 2021

I’ve always liked infiltration films where the Mole struggles to infiltrate a group, an entity, or a state. I was intrigued by the ability of spies to gain the trust of their target by using patience, intelligence, empathy, and persuasion. The surprise in the victim’s eyes when the mole went on the attack was priceless.

However, I am less delighted when a fraudster bypasses my anti-fraud tools afterward with gained his confidence, as would do those spies who fascinated me so much.

If I have to vulgarly present the anti-fraud tools that aim to protect e-commerce sites, I would say that they allow us to distinguish suspicious buyers from legitimate ones. The verification of buyer behavior is stricter for new buyers, and it is less and less strict, according to the seniority of the buyer.

Basically, the more we know (or think we know) our users, the less thorough our checks are. And fraudsters know that!

Just like the spies, fraudsters will gain our tools’ trust by logging on to e-commerce sites, browsing through the site’s pages, and even making purchases (often at low prices). They will connect every day to accustom the fraud tool to its presence with the same IP address, the same device, and the same browser.

After a few weeks of connecting with consistent information (same IP, same device, same browser, etc.), the Mole will gradually be seen as a legitimate user for the fraud tool.

Indeed, the tool will record the Mole’s so-called “legitimate” behaviors to link it to his buyer’s profile. The tool will also monitor the Mole’s future transactions, and he will remove his mask to show his true face. #EthanHunt

These so-called “legitimate” behaviors include, but are not limited to, making purchases, leaving reviews on a purchase, bookmarking stores or bookmarking items, etc.

After a certain period of hibernation multiplying “legitimate” behaviors, the Mole will be able to quietly make his purchases, this time fraudulent, without worrying about the fraud tool. A tool that will have, naively, put this Mole in his list of legit buyers.

How to react to this scourge?

First, we must give customers time to prove its reliability before whitelisting them. The whitelist has to be earned.

For example, an active buyer for one year at most, who has not made more than two purchases over the same period, does not necessarily deserve the status of “Super Safe Member”. It is a good idea to consider other patterns in determining whether a customer is reliable. Velocity and consistency are elements to consider.

According to a study made by Stripe in 2017, fraudulent transactions are two to ten times higher than a legitimate transaction. Educate your tool so that it is not fooled by the Mole’s first small transactions’ amount.

According to the same study, more than 40% of stolen cards are used repeatedly within a short period. Furthermore, fraudsters renew their purchases much more than a legitimate buyer (10 times faster than a legitimate one). Indeed, a Mole who attempts one or two payments during the period of infiltration may process more attempts when committing the real fraud. Make this clear to your tool.

To summarize, if the Mole goes from “sleep mode” with normal buyer behaviors to “attack mode” with suspicious behaviors, the fraud tool must be able to deploy and monitor him. And this, even with a proper history at first glance.

This being said, the goal is not to implement the most rigid Fraud Management. Firstly because we would risk stopping numerous legitimate buyers (I’m referring to false-positive ones, I’m not telling you anything.). Secondly, because it would be wise to let a Mole operates on our e-commerce sites to analyze and study his behavior. It would be a shame to block it right away without understanding its methodology.

Let’s be reckless and let the Moles infiltrate. Observe before stopping them, even if it means authorizing some of the Mole’s transactions. Let’s analyze the information entered by fraudsters and compare it to the information entered during the hibernation period. #CounterEspionage

Do not forget that our tools need bad events to feed themselves and to tame Fraud. I’m not saying that we should open the floodgates, but let’s leave a small door open to get to know them better. Indeed, since the dawn of time, man has been observing what he doesn’t know. Why don’t we?

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Fraud
Hacker
Mole
Whitelist
Olivier Erol
Olivier Erol

Written by Olivier Erol

3 Followers
2 Following

Fraud Manager. I discovered Fraud at PayPal, enhanced at Etsy and gone up in power at Back Market

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams