Collusion Fraud: The Art of Gaming the System with Complicity | F5 Labs
- by nlqip
Companies like Uber, Airbnb, PayPal, and others with platform business models have flourished in the past few years by matching up service providers (such as restaurants and drivers) to consumers and hiding the complex, behind-the-scenes processing (like payments) from users The rapid adoption of this business model has brought it into the cross hairs for fraudsters, who are always scheming to game the system and illegally monetize legitimate business processes. F5 Labs has found that attackers are defrauding digital systems by colluding with other participants who serve different roles on the platform. This article discusses this phenomenon, which we call collusion fraud.
What Is Collusion Fraud?
Collusion fraud occurs when two or more participants conspire to defraud another participant in a digital business transaction that involves multiple participant groups. This type of fraud is growing in prominence as more digital businesses pivot to become platforms that serve more than just one purpose. For example, an online e-commerce provider’s digital platform allows a consumer to select items from a seller of their choice and have it delivered. A single business transaction on that platform provides online processing, payment, preparing goods, logistics, and delivery. Completing these activities require services from multiple providers specializing in different areas, which at times takes the processing out the platform’s control. The collaborative act to complete these multistep business transactions provides an avenue for malicious players. Fraudsters design these hacks so they can quickly make money and target returns that are generated as by-products of the main transaction, such as a cashback reward or gratuity. These by-products are usually managed separately from the main transaction and are often hard to reclaim post–fraud detection if the consumer or other participant has already used them.
Collusion Fraud in Action
Collusion fraud can happen in any industry vertical. F5 Labs and Shape Security researchers followed two cases of fraud that revealed collusion in action. Fraudsters made gains in these cases in the form of gratuities and cashback rewards points.
Case One: Leading Food and Beverage Company
The first case involved a leading food and beverage (F&B) company in which collusion fraud manifested as gratuity, or tip, abuse. The company’s digital platform provides a convenient service to its customers by bringing together the restaurant outlet, logistics requirements, and online payments. Figure 1 explains the legitimate process in completing an online transaction that includes a tip.
Source link
lol
Companies like Uber, Airbnb, PayPal, and others with platform business models have flourished in the past few years by matching up service providers (such as restaurants and drivers) to consumers and hiding the complex, behind-the-scenes processing (like payments) from users The rapid adoption of this business model has brought it into the cross hairs for…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA