The Nilson Report projects that credit card fraud losses will exceed $50 billion in 2022. Particularly vulnerable to falling victim to escalating fraud trends are eCommerce merchants. Without access to physical payments or engaging in person with customers, eCommerce businesses are forced to rely on cold data and guesswork to verify the identity of their customers.
While advances in AI and data collection are impressive, countless loopholes abound. Credit card data can be stolen, copied, or manufactured, prepaid phones lack any link to their actual owner, and there is no limit as to how many email addresses one customer can create. Moreso, career fraudsters invest heavily in creating card testing bots and funding large scale data breaches. Sophisticated fraud tactics are often hard to detect and data breaches provide a continuous source of stolen credentials available for sale.
Frightening as the prospect of being a target of online fraud may be, being overly cautious can be just as detrimental to an eCommerce business. Rigid rules and setting conservative risk thresholds will lead to declining legitimate orders. Causing customers too much friction by asking for an excess of authenticating information will result in increased cart abandonment rates.
Ultimately, awareness and adaptability are an eCommerce business’s best line of defense against fraud losses. Staying up to date on fraud trends and putting intuitive fraud prevention practices into place will have a significant impact on revenue.
In this guide, we will describe the 8 Global Fraud Trends we have seen, divided into two categories – Common Fraud Tactics and Emerging, New Fraud Trends.
Four Common Fraud Tactics
Persistent, age-defying fraud schemes are still going strong and show no sign of decreasing anytime soon, despite the abundance of fraud prevention technology. A NoFraud expert fraud analyst weighs in to advise merchants as to how to avoid falling prey to these tactics:
- Account Takeover Fraud
- Card Testing
- Interception Fraud
- Friendly Fraud
Account Takeover (ATO) Fraud
Account Takeover Fraud occurs when a fraudster gains access to a legitimate account. The fraudster uses an existing customer’s login and stored payment information to mask their theft as a returning customer. The transaction may appear completely legitimate as the customer is a recognized patron.
Daily data breaches flood the dark web with stolen login credentials. Fraudster will run email and password combinations, usually with the help of a bot, on hundreds of sites in hopes that the stolen credentials grant them access to another account. It is commonplace for consumers to use the same login and password combination for multiple sites. For example, a compromised Target customer, may very well have used the identical login and password for their Paypal account. This type of fraud can be very difficult to detect if you don’t know what to look for.
Expert advice: There are a few ways to detect an account takeover. Firstly, ensure your store is safe from bot attacks that flood the login page with email and password combinations in rapid succession. Secondly, merchants should be aware of a shipping address change, an email change, or a significant change in a shopper’s behavior, such as a steep increase in volume or price. In most cases, contacting the customer via the original email address or phone number used to create the account and asking them to verify the order, shipping address change or new email can prevent a fraudulent sale.
An advanced fraud prevention solution, such as NoFraud, would use sophisticated analytics such as device data and geolocation to spot an anomaly in a returning customer’s shopping behavior that would warrant further scrutiny.
Card Testing is generally used by fraudsters to check the status of a batch of stolen credit cards to confirm which credentials are active. A single customer or multiple customers using the same IP and/or device attempting to place an order using many unique card numbers in rapid succession are telltale signs of card testing.
Expert advice: Keep your eye on order velocity and ensure you have safeguards in place to stop card testing attacks. These frequently occur at night, when the fraudster knows the attack will likely go undetected for hours. Some eCommerce platforms include bot detection technology, other merchants rely on basic velocity gateway filters or smart Recapchas. Failing to prevent such attacks can easily cost a merchant tens of thousands of dollars in gateway fees.
Interception Fraud describes a theft that occurs by rerouting an order placed by a seemingly legitimate customer. A fraudster will place an order using stolen credentials that contain matching billing and shipping addresses. This address match will disguise the fraud as legitimate and the fraudster will attempt to reroute the package once the order has been deemed non-fraudulent. The fraudster usually attempts to carry out the address change via the merchant’s customer service or by contacting the shipping carrier directly.
Expert advice: Ideally, merchants should never allow address changes conducted through a shipping carrier without approval from the merchant. This will allow the merchant the ability to rescreen the order for potential fraud. Most carriers do allow merchants the flexibility on how to handle address changes. If an address change is required, the order should be scrutinized for fraud more carefully. Ensuring the new address isn’t a freight forwarder or a known fraud ring drop site, is prudent.
Friendly Fraud is often categorized as customer abuse. The fraud occurs after a legitimate order is placed by the cardholder, or a member of the cardholder’s household, such as a child, and is later disputed as fraud or an unrecognized transaction. This type of fraud is almost impossible to predict as the order is made by the cardholder and is not actually fraudulent.
A customer may intentionally dispute a purchase in an attempt to receive the merchandise for free, or simply to avoid the hassle of returning a product they are not satisfied with. Chargebacks are also commonly initiated out of spite due to a negative experience with the merchant. Occasionally, customers forget about orders they made or simply don’t recognize a business’s billing descriptor on their financial statement.
Expert advice: Good customer service and an easy to follow return policy is a good defense against friendly fraud. A customer who has a good experience with a brand and feels confident that their complaints will be promptly and satisfactorily dealt with, will be less likely to commit friendly fraud. Repeat offenders should be put on a customer block list and effort should be invested in gathering evidence and composing compelling chargeback representments to win fraudulent chargeback disputes. A full service fraud prevention solution, such as NoFraud, allows merchants to easily add abusive customers to a block list, offers a full financial guarantee for chargebacks, as well as a chargeback management service.
Four Emerging Fraud Patterns
The recent coronavirus pandemic has created a sudden shift in consumer behavior sending many customers to online stores. In addition to facing scalability challenges, staffing shortages, and supply chain issues, eCommerce businesses are being challenged by emerging post pandemic shopping patterns, such as the growing popularity of Buy Now Pay Later (BNPL) and the implementation of Curbside Pickup. In addition to the four fraud tactics listed above, merchants should be on the lookout for these four fraud schemes:
- BNPL Fraud
- Buy Online, Pickup In store Fraud
- Promotions Abuse
- Global Commerce Fraud
BNPL Fraud is gaining traction due to several factors. Primarily, creating a BNPL application requires significantly less personal information than applying for a credit card. Fraudsters easily create synthetic identities using stolen or manufactured PII, making identifying the customer more challenging. Additionally, in the race to capture market share in a heavily competitive industry, BNPL providers are pressured to approve as many new customers as possible, often without a thorough vetting process.
Another factor that contributes to BNPL fraud is that in some cases the transaction is only screened for fraud long after the customer takes possession of the merchandise purchased, by then it is too late to prevent the fraud. Such is the case in BNPL purchases that don’t require any money down for 60 days.
Expert advice: Merchants should put a fraud prevention solution in place that includes access to device recognition, geolocation technology, and email history data. Device data provides transparency on a shopper’s identity. Geolocation helps identify if the order is being made far from the shipping address, which can be a risk indicator. Email history can shed light on email longevity, typically associated with consumer trust. An email address may also reveal purchasing patterns, such as, recognizing the email across a fraud prevention solution’s broader network of retailers, and identifying purchase-pattern anomalies.
Buy Online, Pickup In-store (BOPIS)
Buy Online, Pickup In-store presents a wide opening for fraud as the product is often picked up before the merchant has a chance to manually screen the transaction for potential fraud. A new BOPIS trend is fraudsters hitting many stores in a neighborhood on a single day, getting the most use out of a single stolen card, before the fraud is identified. A fraudster will place an order online using stolen credit card information at an online store with a local physical presence and input all the correct information associated with the stolen credit card, including the billing address and zip code. They will then immediately request a BOPIS pickup, swing by the physical store location and quickly pick up the merchandise with no more than an invoice number or order confirmation printout.
Expert advice: Businesses should take the time to verify the cardholder’s identity when the customer arrives in person for a pickup. Photo ID and the credit card used for the purchase should be examined carefully and confirmed that they match the data on the order. For high value items, stores can consider making a copy of the presented photo ID and have the customer sign the invoice.
Promotions Abuse has always been an issue for businesses during flash sales, the holidays, and during seasonal spikes. However, the post-pandemic marketplace and the reopening of in-store shopping, the advances in targeted advertising, and the affordability of marketing via social media platforms all contributed to a rise in issuing promotional codes, and the inevitable increase in promotion abuse. The most common form of promotions abuse occurs when a single customer creates multiple accounts to take advantage of a promotional code or discount.
Expert Advice: A fraud prevention system that can ingest thousands of data points of an order instantly is best suited to combat this type of abuse. Any two orders displaying the same credit card number and shipping address should be assumed to be a single customer. Often, those orders include new email addresses that don’t have longevity. New emails are usually created to fool the brand into treating the order as a new customer. A good way to prevent coupon code abuse is to create unique codes for each customer. If that is not possible, ensure the code can be used only once per email and shipping address combination, and only release the code to verified email addresses.
Global Commerce is a new arena for many national eCommerce companies. The financial strain that the pandemic left on many consumers and the extra time they were afforded due to lockdowns, prompted many bargain hunters to discover that they can get better pricing for products in other countries. Businesses that have forced to shut down in-person sales, have been focusing on expanding their online reach. According to a Financial Report by The Paypers, cross-border commerce is expected to account for 20% of eCommerce by the end of 2022. The fraud issues involved in global commerce can be challenging to businesses that are just beginning to expand into new markets. Different cultures have different behavioral patterns, and many international credit cards lack an Address Verification System (AVS).
Expert advice: Expanding into new markets provides endless new opportunities to expand a merchant’s reach and acquire new customers. However, selling internationally does pose new risks, specifically with the unfamiliarity with fraud trends in those new markets. Accessing expertise and data on international fraud trends and region specific behavior patterns are necessary to confidently accept orders from new regions.
In the fast paced environment of eCommerce, businesses need to stay ahead of the curve. Fraud and the fear of fraud can seriously hinder a company’s growth, siphoning resources and distracting merchants from their primary task of selling great products. Merchants who rely on manually reviewing orders for fraud are not only risking valuable time and resources, but are unwittingly leaving gaping holes in their fraud detection system during weekends or late night hours for fraudsters to take advantage of. Additionally, the lack of rich data typically used by fraud prevention solutions hinders their ability to make accurate decisions, often resulting in chargebacks or false declines.
Fear of fraud often leads eCommerce businesses to treat all customers with caution, adding layers of friction, such as requesting more information than necessary to complete a purchase to avoid being hit with fraud. Excess friction negatively impacts customer experiences and discourages conversions. In fact, 65% of consumers surveyed by PWC stated that a positive experience with a brand was more influential than great advertising.
It is not surprising that in increasing numbers, most eCommerce businesses opt to outsource fraud prevention entirely. A full service fraud prevention solution like NoFraud, offers merchants accurate decisioning, full chargeback protection and peace of mind without necessitating any of the merchant’s time, training, or involvement. NoFraud’s advanced AI technology and expert team of analysts provide their customers with the industry’s highest approval rates. NoFraud also offers an innovative Checkout solution that eliminates friction and increases conversions, resulting in great customer experiences. Learn more about NoFraud HERE.