By Sam Ranieri, Chief Executive Officer, Reach
Global e-commerce is thriving. Sales across the world reached $876 billion in the first quarter of 2021, up 38 percent from the first quarter of 2020. With the opportunity for growth, though, comes the ever-present and accelerated threat of fraud.
Juniper Research recently predicted losses due to fraud would jump 18 percent in 2021 to more than $20 billion. The avenues for malfeasance have expanded as fraudsters constantly change their methods and cook up new schemes. It’s no wonder that businesses fighting the threat of fraud feel like they have to hit multiple moving targets at once.
To stop the constant drip of fraud—and to prevent this from becoming an inevitable flood—retailers must first understand what the bad guys are up to, then bring the right weapons to the fight.
Are Your Customers Who They Say They Are?
Among the many methods fraudsters employ, account takeovers (ATOs) have been particularly popular the past year, with a 650 percent rise from the first quarter of 2020 to Q4. ATOs require stealing personal details to hack into someone’s account and make purchases.
However, ATO attacks are extremely difficult to detect—even more so with the Covid-19 pandemic, which has scrambled previous historical patterns that anti-fraud systems have used to flag high-risk transactions. The boom in cross-border sales is one reason why the methods and models that were once tried and trusted to detect suspicious activity are no longer able to cope.
New thieves are constantly popping up outside the established fraud networks, using new tactics and tools often harvested from the dark web.
The Bot Boom
Retailers are doing ever more business online. That means more data available to hack. Thieves are creating bots—automated bits of software—to infiltrate various points of entry into a business: customer account creation, log-ins, payments, loyalty point redemptions, even product selection.
Fraudsters have infiltrated emails and hacked passwords, log-ins, addresses, and other sensitive information, and are doing a roaring trade selling this data in illicit marketplaces, putting businesses, customers, third-party suppliers, and financial institutions at risk.
In 2020, Europe emerged as the top originating regional hub for automated bot attacks, overtaking Asia. Overall, one in every four attacks in Q4 2020 were from Europe, but the dubious honor of being the top attacking single nation went to the U.S. Regional variations may influence the specific method of fraud, and also the response to it, so it’s important for businesses to keep track of where fraud originates from, and through which methods.
The Refund Fraudster
Fake refunds are all the rage right now. These can involve someone stealing an item from a porch to enabling a falsified return, or using someone else’s receipt to return an item and claim a refund. A customer who ordered the item with the intention of committing fraud could also claim that the item was stolen from their porch and claim a refund. The fraudsters rely on retailers refunding the purchase with no questions asked, and the “customer” gets to keep both the product and the money they used to pay for it.
Other, more menacing fraudsters have their own Fraud-as-a-Service (FaaS) offering. Through this approach, they convince genuine customers to facilitate fraud by purchasing what they want online and arranging a false refund claim in exchange for a percentage of the money returned. A fraudster will often exploit the grey areas of a retailer’s T&Cs to make this happen.
Stopping the International Fraudster
While retailers may be confident about their fraud defenses in their domestic market, when looking to expand cross-border, they need to consider the impact of localization. Just as with payment methods, fraud methods are localized too, and they’re showing incredible levels of sophistication.
It’s tempting for businesses to respond to this threat by tightening up fraud detection for a wider transaction range, but this causes problems with genuine customers having their transactions declined—a direct hit on the retailer’s bottom line. Data shows that around $146 billion in card-not-present (CNP) purchases are declined each year, yet over half (52 percent) of these are not fraudulent transactions and are erroneously blocked by fraud rule sets, which represents a huge amount of lost sales.
To overcome this, retailers must utilize an understanding of the local nuances in fraud trends, and adjust security measures accordingly. Their online store must serve up the perfect balance of security and user experience based on these regional preferences and trends.
Other retailers make the mistake of assuming that some markets just have poor authorization levels so aren’t worth the effort to target, but this isn’t the case. By analyzing data on a granular level—such as device locations, IP addresses, and new device log-ins—they will have a much better chance at identifying genuine transactions and boosting acceptance rates across borders. And, the retailer can continue to operate in these specific international markets that may have previously been deemed undesirable, further growing their potential pool of customers.
Don’t Process Cross-Border
When managing fraud on an international level, it’s not enough to simply process transactions as “cross-border” like most payments services providers will do (particularly for smaller retailers who cannot afford physical entities in each region that they trade in). Processing payments across borders not only leads to higher processing fees, higher decline rates, and hidden fees, it also causes more false positives in fraud systems.
However, by utilizing the Merchant of Record (MOR) model, retailers will benefit from up-to-date fraud controls which are robust enough to stop fraud before it happens, yet flexible enough to react to emerging threats and new fraud patterns.
Through the MOR, the retailer can be linked to an extensive network of multiple fraud information providers who operate in accordance with each local regulator’s fraud restrictions to ensure data sets are continually updated. An MOR provider will also protect retailers with its deep insight into local consumer nuances, operational fraud rings, and patterns of fraud in each country.
By working with the MOR to process transactions as ‘in-country’ rather than ‘cross-border’, retailers can confidently accept more transactions, curtail successful fraud attacks, and reduce false positives at the same time. All this adds up to a better conversion rate and a big boost to profits.