Fraud rings can be a tricky beast to face off against. Rather than dealing with an individual trying to steal money or abuse your promotions, you’re often up against professionals who make stealing from you their job.
Many identity verification and fraud prevention solutions can help stop individual fraudsters. But you may need to take a different approach if you want to catch an entire fraud ring.
What are fraud rings?
Fraud rings are groups of individuals that work together to commit fraud. These rings range in scale from small groups to large, corporate-like organizations. They’re different from lone wolf and opportunistic fraudsters in that fraud rings:
- Have access to more money, technology, and information.
- Can coordinate and attempt complex attacks and types of fraud.
- Might work with or share resources with other criminal organizations.
- Can quickly scale up attacks once they detect or learn about a vulnerability.
- May specialize in a particular type of fraud, with members who focus on one aspect of the operation.
Although fraud rings are often made up of willing participants, some of whom spend years developing their skills, large fraud rings might also employ people who are unaware that they’re part of a fraud ring. Additionally, in a much sadder turn, some fraud rings now exploit human trafficking victims.
Common methods used by fraud rings
Almost any criminal group or organization focusing on fraud-related crimes might be considered a fraud ring, and their methods can vary widely. But they may include:
- Phishing, smishing, and vishing: Emails, texts, and phone calls (respectively) that attempt to trick recipients into sharing their personal information or sending a payment to the fraudster.
- Using generative AI: Fraudsters might use generative AI to create images, such as fake ID cards, or write natural-sounding messages as part of a phishing attack.
- Stealing mail: There’s been a drastic rise in mail theft across the country. Fraud rings might use stolen mail to commit identity theft or steal and wash any checks they find to commit check fraud.
- Committing identity fraud: A broad category of crimes that involve a stolen or synthetic identity. These can include attempts to take over someone's accounts, create new accounts, launder money, or take out a loan.
- Making false claims: Often overlapping with types of identity fraud, fraud rings may make false claims to collect insurance payouts, government benefits, or get a refund from a merchant or card issuer. In some cases, the fraud rings get involved in multiple sides of the situation. For example, when people collude and intentionally crash vehicles (or claim damage was due to a crash to file false auto insurance claims).
- Paying off insiders: Fraud rings might hire insiders — or “innys” — to help them commit various crimes. For example, phone company employees might be able to authorize a SIM swap, retail workers could approve illegitimate returns, and shipping company employees might be able to change a delivery address or status.
- Hiring money mules: Fraud rings might pay people to launder money using bank accounts, gift cards, virtual currencies, or other methods.
The methods fraud rings use also change as the crime rings grow, share information, invest in technology, and react to new fraud detection and prevention tools.
For example, there’s been a rise in fraud as a service (FaaS). Rather than seeing a scheme through from conception to payout, a fraud ring might specialize in a particular part of a crime. They could then make money selling the resulting products or services — such as stolen identities or account logins, synthetic identities, or ready-to-use phishing kits — to other bad actors.
Some fraud rings even advertise and sell to unsuspecting (or indifferent) consumers. Using triangulation fraud, a consumer pays the fraudster for an item that the fraudster then purchases with stolen credit card details. Or, the fraud ring might use refund fraud to sell “discounted” products.
How fraud rings can impact your business
Fraud rings can have direct and indirect impacts on various types of businesses, including financial institutions, marketplaces, cryptocurrency exchanges, and online gambling organizations. These impacts tend to be felt most within three categories.
Financial losses
Fraud can impact every business’s bottom line, and the direct impact can be much higher than the fraud losses. The 2022 LexisNexis® True Cost of Fraud™ Study found that every $1 lost to fraud by US financial services companies cost the company $4.23 overall.
The extra costs come from the time and money spent on investigating the fraud, loan-related fees, and legal and recovery costs. And the study pointed to lack of identity verification as a top challenge because bad actors often create new accounts to commit fraud.
Fraud losses can also be relatively high for other types of businesses. For example, online retailers could be victims of triangulation or refund fraud and have to cover the cost of the product, shipping, refunds, and any associated fees.
Reputational risk
Companies that fall victim to fraud rings also have their reputations on the line. Consumers may hesitate to open a new account if the company has a data breach, makes headlines because of account takeover fraud, or becomes known for fake accounts or fraud in its marketplace.
Organizations may also have a reputation among fraud rings. A member of a fraud ring might discover a way to get through the company’s identity verification process, launder money, or abuse promotions and discount codes. Unlike individual bad actors, the fraud rings might have the resources, such as AI-powered tools, to quickly scale their attacks. And once the word gets out, additional fraud rings may join the frenzy
Legal consequences
Regulations require certain companies to have identity verification and other fraud-prevention processes in place.
For instance, financial institutions need to comply with know your customer (KYC), know your business (KYB), and anti-money laundering (AML) regulations. These can require companies to collect and verify identifying information and continually monitor transactions.
Online marketplaces need to comply with the INFORM Consumers Act in the US and DAC7 in the EU, which may require them to collect certain users’ information and verify their identities. Age verification may also be required for companies that sell age-restricted products or services.
3 steps to protect your business from fraud rings
Fraud rings have the resources and knowledge to launch large-scale, sophisticated attacks. The systems and tools you use to stop individual fraudsters will be helpful, but the attackers may be able to slip past or overwhelm your defenses.
Developing and managing in-house solutions can strain resources, particularly as companies (and fraud ring attacks) scale up. But you can use third-party tools or combine in-house and external solutions to create a robust fraud prevention strategy.
Pragmatically, even if you don’t catch every fraudster, being better at detecting and preventing fraud ring attacks than your competitors is important. As with running from a bear, you don’t necessarily need to be the fastest, but you definitely don’t want to be the easiest prey.
1. Use link analysis to uncover fraud rings
Although they often try to hide the connections, whenever a fraud ring is behind an attack, commonalities usually exist. As a result, organizations can use link analysis to identify potentially fraudulent accounts and transactions.
For example, Persona’s Graph link analysis tool helps organizations uncover fraud rings using:
- Active signals: User-submitted data, such as the name, email address, physical address, verification documents, selfies, and payment details associated with an account.
- Passive signals: Background data that you can collect when users create an account or use your website, such as the geolocation, IP address, and device fingerprint.
- Internal data: Other account data, such as hashed banking details, promotional IDs, and crypto wallet addresses.
- Connections between bad actors: Once you identify a fraudulent account, you can use link analysis to find accounts that share details — including accounts that are several degrees or “hops” away. You can also create blocklists around those connections to stop the fraud ring from creating new accounts.
- Pattern recognition: Link analysis can also find patterns among legitimate users, allowing you to spot abnormalities quickly. Or, you might uncover a pattern among suspicious users. For example, you might find that your marketplace buyers with high chargeback rates tend to make purchases from the same three sellers.
Graph databases are designed to help you identify relationships between data points and often display visual results for queries, allowing you to literally see how the data points are connected. With Persona Graph, you can also continuously scan your network for risk signals and use them to automatically trigger a new workflow.
2. Request verifications based on risk levels
Use Persona’s Dynamic Flow to adjust your onboarding process based on risk signals.
For example, say your marketplace initially asks for a new user’s name and either a phone number or email during onboarding. Behind the scenes, it quickly runs a database verification and a phone risk report or email verification, doesn’t find any risky signals, and allows the person to create an account without any added friction.
However, if the initial reports identify risk signals, such as links to known fraud activity, having the user complete a government ID verification with a selfie could help stop fraud rings from using stolen or fictitious identities to create new accounts.
3. Continue monitoring after onboarding
Continuous monitoring is especially important for catching fraud rings that are slowly infiltrating your company — and for keeping new attacks from scaling.
Whenever you identify a bad actor, you can use the associated signals to look for connections throughout your network. If the bad actor is part of a fraud ring, you can use these connections to quickly find and close the accounts. Or, if you’re not certain enough to close the account, you can ask the users to verify their identities using a more robust check.
It may also make sense to require identity reverification in response to unusual or risky transactions, such as changing an account’s login details or purchasing expensive products.
Persona Graph helps nWay uncover fraud rings and free up its developers
nWay develops and publishes online games. Players can earn NFTs by playing the games and purchase, sell, or trade NFTs in the recently launched nWayPlay Marketplace.
The company has a KYC process, but only requires it in certain circumstances, such as when users want to claim tokens or withdraw funds. Since KYC doesn’t usually completely eliminate fraud, it needed a way to stop fraud ring attacks and keep bots from flooding NFT drops.
Initially, nWay relied on its development team to find links between suspicious accounts in its database — a costly and time-intensive process. Everything got easier once nWay started using Persona Graph for fraud investigation and link analysis.
Graph’s no-code query editor allows the compliance team to run their own investigations. In fact, nWay used Graph to quickly identify 40 users with shared risk signals — without any manual database queries.
“We use Graph in any way possible to prevent fraud. From users trying to circumvent KYC or create more than one account to those committing fraudulent transactions under non-KYC accounts, Graph helps us identify these tricks,” says David Kim, nWay’s compliance program manager. “We never would have been able to catch these instances without Graph.”
nWay also uses Graph as part of its initial investigation process. It can take a suspicious account or activity and see if there are any connected accounts or patterns. If these confirm the suspicion, nWay can use the newly identified risk signal to update its automated workflows and block the fraud ring’s future attacks.
“The biggest advantage of Graph is that we can proactively block fraud incidents before they happen with automated decisioning,” adds David. “So we're going from reactive to proactive.”