Online merchants were hit with many kinds of fraud in 2021, including increases in identity fraud, account takeover (ATO), mobile fraud and more. Most of this fraud is committed by organized, professional criminals using botnets and vast troves of stolen data. However, friendly fraud also continued to rise in 2021. This class of fraud is committed most often by formerly good customers who seek to abuse merchants’ or credit-card issuers’ policies. These one-off instances of fraud bear the risk of becoming larger-scale or habitual fraud.
Promotion abuse fraud also increased in 2021, with customers taking more advantage of loopholes and security gaps in digital coupons and free trials, either on their own or at scale by using social media to share coupon and referral codes beyond the intended scope. Combined with other types of friendly fraud, promotion abuse can cost businesses up to 2.4% of annual revenues, per PYMNTS. Globally, ecommerce fraud losses are expected to top $20 billion in 2021.
These increases come after a surge of online fraud during 2020. Given the steady rise of fraud year after year even before the pandemic arrived, it’s wise to assume that the trend will continue in 2022. That means now is the time for merchants to review the kinds of fraud that caused the most trouble in 2021 to identify ways to strengthen their loss prevention strategies and user experience in the year to come.
Strengthen fraud controls in mobile channels
The cost of fraud in the mobile channel increased dramatically in 2021, according to the True Cost of Fraud Study. While mobile represented 5% of all U.S. ecommerce fraud costs in 2020, it comprised 39% in 2021. Merchants can counteract this rising level of risk by taking two key steps: monitoring fraud metrics in the mobile channel and tailoring fraud controls to their particular mobile risk profile.
The first step requires data on fraud attempts, completed fraud and false declines in each channel, including mobile. That data may show a similar rate of attempted fraud as the online channel but more completed fraud, or a higher rate of both fraud and false declines in mobile. By comparing fraud levels between different business channels, the merchant may then adjust their automated approval cutoff point to be lower in mobile than online. They may also implement more manual review for mobile orders to prevent fraud and false positives.
Keep a close eye on new users and accounts
Identity fraud, including synthetic identity fraud, was the costliest type of ecommerce fraud in the U.S. in 2021, per LexisNexis. Accounting for 30% of fraud costs, it is driven by criminals who steal identity information and use it to create new bank and credit card accounts, as well as new user accounts with merchants.
Screening for this kind of fraud requires looking at how recently the new user’s email address, phone number and bank or card accounts were set up. Delivery addresses can also be compared to known databases of fraudsters’ collection points for stolen goods. However, because many people who didn’t shop online before have started since March 2020, it’s also wise to manually review any orders that are flagged for recency issues. ClearSale’s 2021 State of Consumer Attitudes, Fraud & CX Survey found that 40% of shoppers in five countries won’t return after a merchant declines their order and 34% will complain about the merchant on social media, so ensuring that crackdowns only affect fraudsters may be in the best interest of the business.
Add new account takeover protections
ATO fraud took off in 2021, rising from 2% of U.S. ecommerce fraud costs in 2020 to 13% in 2021. ATO has seen explosive growth because of the huge number of stolen passwords that are available to criminals on the dark web, and because so many people reuse passwords on many of their accounts. Once a criminal with a botnet has credentials that work, they can test them on hundreds of sites, find matches, and take over those accounts to shop with the linked payment methods.
Enterprise organizations can head off ATO fraudsters by screening every order for fraud indicators, even if the order appears to come from a longtime user. A new device, location, product category, delivery address or other signal may indicate fraud — or it could indicate a trustworthy user doing something new. Manual review is necessary in these cases to avoid both fraud and the possibility of rejecting an authentic user.
Take a firmer stance on friendly fraud
Friendly fraud represented 29% of U.S. ecommerce losses in 2021. This kind of fraud occurs when users pay with a valid card, but then falsely claim their order never arrived, that it was damaged, or that it was substantially different from the product description on the website. There are several ways to combat friendly fraud, including best practices such as clear product descriptions and photos, careful packaging and warehouse-to-doorstep package tracking.
Real-time package tracking doesn’t just confirm item delivery. It also enhances user experience by showing them exactly where their package is and when they can expect it to arrive. That information can also help reduce package theft after delivery, which can lead to chargebacks and other costs.
Another approach is to screen orders to see if the customer has a track record of filing frequent chargebacks. If so, you may want to decline their orders.
Plan promotions with fraud prevention in mind
Referral codes and free trials can be abused by users who share their codes with large audiences on social media or who repeatedly cancel free trials and then sign up again with a new email address. Enterprise security leaders can limit these kinds of losses by setting expiration dates for promo codes, limiting the number of referrals one person can get credit for, and screening free trial signups for fraud, as if they were orders, to identify multiple orders coming from the same device or IP address.
Taking the time now to evaluate, customize and strengthen an enterprise’s fraud controls can help security leaders prevent more fraud, avoid false positives that turn off authentic users, and put organizations in position to earn more revenue and build more customer loyalty in 2022.