We’re starting 2021 in a very different place from where we started 2020 in terms of ecommerce growth and fraud prevention. The fast shift to ecommerce and away from brick-and-mortar shopping in early 2020 was accompanied by a marked rise in several types of ecommerce fraud — and an increase in fraud-related costs to merchants. By the early months of the pandemic, each dollar of completed consumer fraud cost U.S. retailers and ecommerce merchants $3.36, up 7.3% from 2019, and there’s no indication that the increase in fraud will slow any time soon.
That means that post-pandemic fraud prevention will look a bit different from before. In particular, merchants need to review and possibly step up their processes for fighting account takeover fraud, gift card fraud and “friendly fraud.”
Low-friction customer authentication to fight ATO fraud
One of the biggest fraud trends to come out of 2020 is the continued growth in account takeover (ATO) fraud. ATO was already costing merchants billions every year, and then the rapid move to ecommerce poured fuel on that fire. ATO attempts climbed by more than 280% between Q2 2019 and Q2 2020, when lockdowns and the pivot to ecommerce got underway.
Why has ATO grown so much, so fast? As consumers create new accounts online, many reuse their login credentials across multiple accounts. When their password for one account is exposed in a data breach, it effectively gives criminals a skeleton key they can use to try to unlock as many other accounts as possible, manually or with bots. Many consumers also use simple passwords that are easy for them to remember, and for criminals to quickly crack, so they don’t even need to wait for a data breach to break in.
The challenge for merchants is that ATO fraudsters are essentially impersonating known customers. If those merchants are using basic, rules-based fraud prevention programs, it can be difficult to detect this type of fraud. Requiring more verification steps to make customers prove their identity will increase friction and lead to a poor customer experience and fewer conversions.
The solution is to use behavioral biometrics and analytics to compare the customer’s behavior and choices during each session to past known good behavior. Authenticating the user’s device ID and location can also help spot ATO fraud.
For example, if a customer whose past good orders of small electronics were made from a tablet in Miami and sent to their home suddenly orders thousands of dollars’ worth of audio equipment from a phone in another country for delivery to a brand-new address, that’s a flag for possible ATO, even if they’re logged in with their usual credentials. Manual review can then either validate the order, to avoid falsely declining a good customer who’s making an unusual purchase while on vacation, or reject it as ATO fraud.
Extra scrutiny for gift cards
Gift cards are popular with gift-givers and recipients. Fraudsters like them, too, because gift cards are easy to resell on the dark web, easy to convert to cash and difficult to trace. For these reasons, many merchants see more fraud attempts on gift cards than any other product they sell.
Email and phone scams that trick victims into buying gift cards for fraudsters get headlines — U.S. consumers have been bilked out of nearly $245 million by gift card scammers since 2018. However, cybercriminals also use automation to steal gift cards at scale. By using botnets to test card credentials or stuff stolen credentials into gift card accounts, criminals can crack gift cards and use the balances or take over the accounts of gift-card holders. Between March and October 2020, we saw fraudulent online gift card purchase attempts rise by 30%. One firm found that bot-driven digital gift card scams targeting popular retailers and brands during Q2 2020 increased by more than 800%.
There are several steps merchants can take to reduce their risk of gift card fraud. The first is to shore up their overall cybersecurity, to prevent data breaches that can expose card data to criminals. Another is to track the data on each gift card you sell and monitor it for behavior that might indicate fraud, such as immediately activating and using a card after purchase. It’s also a good idea to monitor card resale and trading sites for mentions of your store’s cards, to spot counterfeit cards with your brand and to see if stolen cards are appearing on these sites.
Updated friendly fraud prevention tactics
Fraud prevention analysts and merchants saw an increase in so-called friendly fraud during the pandemic. Because friendly fraud is often an individual rather than organized crime, it’s likely that financial hardship spurred some consumers to falsely claim that the goods they ordered never arrived so they could get a refund through their card issuer or digital wallet provider.
However, another factor that contributes to friendly fraud is how easy it can be and how few consequences there are, which can lead to a fraud habit. One chargeback solution provider found that among customers who file a chargeback, 40% will file another within three months.
Each chargeback carries a fee to the merchant that can range from $20 to $100 per transaction, and they lose the value of the transaction. Merchants can dispute chargebacks with the card issuer or digital wallet provider. However, even if the merchant is successful, they only avoid paying for the fraudulent order. They’re still out the cost of lost merchandise, the time it took to file the dispute, the cost of processing the fraudulent transaction, and the chargeback fee.
What’s more, chargeback disputes aren’t always successful, and they are more difficult to win when the payment was made with a digital wallet. In addition, chargebacks can damage merchants’ ratings with digital wallet services that have customer protection programs.
Because of the cost, difficulties and reputational risk of friendly fraud-related chargebacks, the best option for merchants is to keep complete transaction records of orders, payment authentication and delivery. There are many third-party options for shipment tracking that include delivery confirmation, often with a photograph and timestamp. Sharing this information with the card issuer or digital wallet platform can bolster your case.
New possibilities and challenges in 2021
As we start to see some light at the end of the pandemic tunnel, it’s possible that economic recovery and more consumer spending will follow. Merchants that work to make their fraud screening more effective now without adding friction to the customer experience will be in a better position to protect their revenue and grow when the economy starts to regain its health.