Unfortunately, e-commerce fraud is becoming more prevalent as more sales take place online. According to Arkose Labs, in the first quarter of 2020, 26.5% of worldwide transactions were fraud and abuse attempts, which is a 20% increase over the previous quarter. Fortunately, AI is being increasingly used to combat e-commerce fraud, as machine learning uses automated predictive analysis to better counter emerging threat patterns (and is far superior to traditional use of manual algorithms which could not process data in real time, nor can they keep up with new fraudulent channels). Tech businesses will be interested to hear of the recent partnership between EURid and the Ecommerce Foundation and their respective AI anti-fraud tools.
EURid, the European Registry for Internet Domains, recently implemented new measures to combat malicious .eu domain registrations by performing daily checks on newly-registered domain names using their proprietary Abuse Prevention and Early Warning System (for more information, see this post).
The Ecommerce Foundation operates an initiative called Scamadviser.com, essentially an algorithm using 40 independent data sources (including IP address, the availability of contact details on the webpage, and ratings on review sites) to rate the trustworthiness of websites. It has a database of more than 150 million domain names which is widely used by social media platforms, anti-virus companies and payment service providers to warn customers about online stores not delivering goods or fake IT service providers.
Under the partnership, EURid will add the abusive .eu domains it identifies to Scamadviser.com’s database. It is thought that combining AI tools developed on both sides, consumers and businesses will be better informed about legitimate and potentially fraudulent online stores.
In a similar vein, Nominet partnered with Netcraft in 2009 to provide the “phishing feed” opt-in service. First, Netcraft collates and validates reports from threat intelligence providers, anti-cybercrime organisations as well as URLs reported by the online community and creates a real-time repository of malicious sites. Nominet then uses this list to notify domain owners of any phishing domain names on their ISP. The theory is that businesses will be able to reassure their customers that they are working to prevent any customers falling victim to phishing attacks. Indeed, Nominet reports that 77% of UK consumers prefer clicking on a .uk over a .com domain.
The collaboration between EURid and the Ecommerce Foundation is an undoubtedly valuable addition to the fight against malicious websites. While firms and organisations can protect themselves against malicious domains by blocking entire top-level domains (e.g. barring all connections to .biz domains – more information here), EURid’s involvement helps businesses more easily and cost effectively identify and blacklist abusive actors.
Thank you very much to Adriana Bica for her research in preparing this blog.