> One particularly frustrating aspect of fraud prevention is that fraudsters are better than the rest of us at getting human support staff to do what they want. They have way more practice, and they learn techniques that work from other fraudsters.
Then put a flag on that account. Repetitive issues will make it clear what's happening.
Fraudster also doesn't have the same needs as most customers, they don't need to keep the same account... at best the same account will barely give them more credibility, but that would no longer be true if a flag has been raised previously.
There's plenty of ways to verify identities, use that when a flag has been raised previously. Again, something that sure a fraudster can do but lower odds than an actual customers.
It's never that simple. You're implicitly assuming that a fraudster wants the account long term, which is rarely true.
And identity is a VERY complex area, and nothing like as simple as "plenty of ways to verify identities". Particularly noting that fraud is often carried out by leveraging many partial opportunities: I use the (false/stolen) identity from over there to carry out of the fraud over here.
> You're implicitly assuming that a fraudster wants the account long term, which is rarely true.
Wait what?
Here my comment:
> Fraudster also doesn't have the same needs as most customers, they don't need to keep the same account...
How does I assume fraudster wants the account? I'm arguing the reverse, that they don't want it, thus give more credibility over anyone doing effort to get his account back. I don't understands that part, feel free to clarify it.
> And identity is a VERY complex area, and nothing like as simple as "plenty of ways to verify identities".
I was arguing that opening up customer service for theses instances won't be a huge risk if you keep a flag on the account as they fraudster don't need the account long term (as you seems to agree).
Doing others verification is to reduce that risk further, risk that I already consider minimal. No one said that it would be 100% effective, nothing is perfect, sure some will be able to bypass, but as I said, they don't need to.
> Particularly noting that fraud is often carried out by leveraging many partial opportunities: I use the (false/stolen) identity from over there to carry out of the fraud over here.
Yup, thus why getting more proof of the user identity will allow to confirm he is actually who he is claiming to be. Here in Canada we can do that at Canada Post office. It's not something Stripe ask for, thus if someone with a flagged account ask to get it back, doing a local verification will most probably be harder for him.
Then put a flag on that account. Repetitive issues will make it clear what's happening.
Fraudster also doesn't have the same needs as most customers, they don't need to keep the same account... at best the same account will barely give them more credibility, but that would no longer be true if a flag has been raised previously.
There's plenty of ways to verify identities, use that when a flag has been raised previously. Again, something that sure a fraudster can do but lower odds than an actual customers.