Online fraud is a year-round concern, but when website traffic surges during the busy holiday season, experts agree more criminals are lurking, hoping to get overlooked in the mix.

E-retailers are reluctant to discuss how they detect and prevent fraud because it’s a constantly evolving field and criminals are always trying to find new ways to get past the barriers to steal. Heading into the holiday season, one retailer ranked in the top 10 of the Internet Retailer 2017 Top 500 agreed to discuss its approach to preventing online fraud with Internet Retailer on the condition that it not be identified.

“Bad guys can hide within that increased traffic on an e-commerce platform, and it can be more difficult to detect the outliers,” says the head of fraud and investigations for the top 10 online retailer. A number of high-profile data breaches occurred this year, including a massive one at credit data services company Equifax Inc. These hacks have compromised millions of  consumers’ personal data, and that identity information can be used by criminals to attempt fraudulent purchases on retailers’ e-commerce sites, the executive says.

No one fraud prevention tool or tactic will work. An online retailer, regardless of size, needs to take a layered approach, the executive says.

How this comes together is a little bit of secret sauce for each organization.

Checking volume

The top 10 retailer, for example, monitors how a shopper interacts with a website and her browsing pattern, and it verifies that identities match with delivery addresses. The retailer also monitors product volume and order velocity to detect patterns that might be caused by fraudulent bots that are using fake identities to try to place orders.

Criminal organizations, many of them overseas—that’s how most fraud is done, not by a lone person at a computer—load thousands of IDs and credit cards at a time into their computer system and use programs that place a multitude of orders with the hope that even a fraction slip past e-retailers, the executive says.

About three to four months before the holiday shopping season kicks off, the retailer will see criminals start to test and probe its system, usually by creating a large number of new customer accounts because the perpetrators want to let the account age and become less suspicious than if they were created during the holiday season, the executive says.

“In late July and early August we saw some of these large automated events, mainly in account creation. We saw hundreds of thousands of requests from the same IP address. If a retailer has the right tools in place, it can reject these accounts and not allow them to be created. But not all retailers have that ability to make those determinations in real time, so some will err on the side of customers and let everyone create an account,” he says.

Easy collection

Criminals also may target specific products, especially ones with high resale value. For example, a Lenovo laptop computer may fetch 50 cents on the dollar when resold, but ink and toner cartridges could get 90 cents on the dollar and an electronic gift card 95 cents, he says. “Fraudsters, in an ideal situation, go after digital gifts or software downloads—something directly consumed and that does not have to be shipped—because it enables them to get the proceeds immediately.”

The retailer recently experienced an event in which $160,000 worth of a single brand of gift card was ordered during a 3.5-hour period. All the orders had a unique ID and different geo-locations, which can indicate authenticity.

“It was a gift card we don’t typically sell that much of, and it was of high concern to us,” the executive says. “We did more analysis, but a cursory review showed that it looked accurate. The individuals lived at those addresses, the credit cards matched. But as we dug deeper into the identities, all of these particular orders were coming through a proxy masking their location. All of the email accounts associated with the orders had been created about three days prior to the order. We were able to link them back to the same group of individuals based somewhere in Vietnam, and we successfully stopped and did not process the orders.”

A layered approach

The retailer uses more than 200 unique data points to verify orders and prevent fraudulent transactions. “There’s no silver bullet in fraud prevention. You have to identify the right tools and how to implement them in specific layers to enable profitable sales,” he says.

“How this comes together is a little bit of secret sauce for each organization,” he says. “Some organizations let every order come through and then evaluate it. Some will stop an order in the middle of a session by employing friction, such as sending a text message (and requiring a response) or captcha.” Captcha involves showing a consumer fuzzy letters or numbers, which are not distinguishable by a bot, and then entering the information to proceed in the checkout process.

Not only does this top 10 retailer have an in-house fraud prevention and threat intelligence team, it also uses multiple tools from vendors to confirm shoppers’ identities and decide to proceed with an order.

A retailer needs to connect data elements in real time to verify a shopper’s identity and “not treat good customers like criminals,” while ensuring that it’s not getting ripped off, says Tom Donlea,vice president of Whitepages Pro marketing, which is one of the vendors the retailer uses for fraud prevention. Whitepages Pro checks dozens of data points on orders, such as name, address, phone number, email address and more.

“Any one vendor who says they have all the answers for fraud prevention should be alarming to a merchant,” Donlea says.

The fraud executive for the top 10 retailer says his employer evaluates a shopper’s session, and if the retailer gets a hint of non-human behavior, it may deploy friction. For example, as a shopper proceeds, layers of analytics aim to verify—instantly—his identity and device information. “We’re trying to get a 360-degree view of the end user and allow for a frictionless shopping experience for good customers,” he says.