E-commerce merchants have seen a lot in the last six months —from a record-breaking holiday shopping season to a sudden spike in online shopping as consumers around the world shelter in place to avoid coronavirus.
But with this added traffic comes added risk.
Increased volume is almost sure to bring out opportunistic fraudsters trying to compromise customers’ accounts and online data and damage a merchant’s reputation and revenue. So, merchants must be aware of new and evolving e-commerce risks.
Here are five predictions about what those risks might look like in 2020.
Prediction 1: The Number of Data Breaches Will Continue to Increase
The number of data breaches rose 17% in 2019, including high-profile victims Capital One, Wawa and DoorDash. Fraudsters continue these types of attacks in the hopes of gaining customer data that will help them launch account takeover attacks and compromise other customer accounts.
If there’s any good news to be found, it’s that there was a 65% reduction in the exposure of personally identifiable information, like Social Security numbers, driver’s license numbers and bank account data.
Still, merchants must closely examine their security protocols and take steps to protect customer data, like:
- Require customers to establish a user name that’s not their email address, to reduce successful credential-testing by criminals working with stolen data.
- Offer two-factor authentication options beyond SMS messaging, like authenticator app codes and codes sent via email.
- Monitoring customer data and alerting customers whenever there’s a contact information or password change request on the account
Prediction 2: Increased Economic Uncertainty Results in Increased Fraud
As COVID-19 continues to affect the way the world operates and does business, it’s critical for merchants to understand the “fraud triangle,” or how the interaction of pressure, opportunity and rationalization significantly affects the fraud rate in a location.
The prevalence of each of these factors varies by region, but here’s how each point of the triangle contributes to fraudulent behavior:
- Pressure motivates the fraudster to commit fraud in response to emotional or financial issues.
- Opportunity arises when there are little to no fraud controls, making it simple for fraudsters to capitalize on unprotected data.
- Rationalization occurs when a fraudster feels justified in committing fraud and refuses to self-identify as a criminal.
Companies must account for these factors when evaluating the risk of engaging in international business. Fortunately, there are simple ways to minimize the increased risk of fraud during periods of economic uncertainty:
- Storing only partial information about customers and using encryption software, making your data a less-than-ideal target for hackers and helping to keep your accounts safe.
- Allowing only partial access of data to employees, as it takes only one employee to leave the company on bad terms and take data with them to use maliciously.
- Configuring alerts for suspicious activity, which lets you obtain proper validation from the customer or by a specialist to stop fraudsters before their transactions go through.
Prediction 3: Employees Working From Home Increase Opportunities for Fraud
While social distancing and self-isolation have shown employers just how much their employees can do from home, it hasn’t been without its risks. The quick, unexpected transition from secured office networks to unsecured home office systems is leaving companies vulnerable to fraudsters. Even the World Health Organization (WHO) has been a recent target, with hackers able to convincingly replicate a portal used by remote WHO employees.
Here’s just a sampling of what businesses should be on the lookout for:
Phishing attacks designed to steal funds and tax data rose 60% in 2018, in part because criminal gangs are leveraging legitimate business tools like marketing contact lists to target specific victims to scam. Fraudsters are also getting better at impersonating brands that consumers trust, such as Microsoft, Amazon and Netflix, to dupe email recipients into handing over login credentials that can be used to launch account takeover attacks.
Using Unsecured Networks
Employees may be eager to take advantage of free Wifi when at their local coffee shop or in the airport, but they don’t realize they might be placing their devices and its content at risk for an attack. Hackers can set up rogue networks designed to look like free Wifi access points but whose true intent is to harvest a business’s sensitive data, install malware or launch malicious attacks.
Any device a company’s employee is using to perform work tasks should be protected with preventive software, like antivirus, firewalls and device encryption.
Prediction 4: Regulatory Shifts Can Cause Space for Fraud
New regulations, while well-intentioned, can serve to expose gaps in payment processes and opportunities for fraudsters to leverage weak points in the fraud prevention armor.
For example, new 3D Secure and the Payment Services Directive (PSD2) regulations are designed to make it harder for cybercriminals to make a purchase with someone else’s payment card information. But in reality, many merchants might not be seeing these benefits right away. Merchants might still be using outdated fraud prevention solutions that don’t meet PSD2 requirements and aren’t robust enough to protect against emerging fraud threats. And as PSD2 allows the opportunity for new payment intermediaries, that could lead to an increase in transaction volumes — which could correlate with an increase in fraudulent transactions.
Prediction 5: Merchants Will Implement External Fraud Prevention Solutions to Protect Their Business
While there are new fraud risks to merchants in 2020, one thing remains the same: Merchants can benefit from partnering with an outsourced solution for fraud prevention. Merchants benefit not only from these solutions’ wide range of expertise, but also their ability to identify emerging (and subtle) fraud patterns before they have a chance to do real damage.
But picking the right solution to collaborate with isn’t always easy. You need to understand your risk for fraud and chargebacks and be able to evaluate the different fraud prevention alternatives available — from simple fraud filters to managed services solutions.
At ClearSale, we’ve made it easier for you to navigate the often-confusing world of fraud prevention and protection and help you find the right solution for growing your business. Our free “Merchant Guide to e-Commerce Fraud Protection” helps you understand your risks, so you can take the right steps to protect your business, your profits, and your good reputation.