Fraudsters move fast. The most popular fraud tactic of 2017 may no longer be en vogue today. A smart online criminal is always on the hunt for new methods of attack, and they are growing increasingly more sophisticated in their capabilities. Recent data breaches have provided an unprecedented amount of information for fraudsters to leverage in order to gain unlawful access to user accounts. This data, combined with new, advanced technology, means merchants are at risk more than ever before.
It’s imperative for online merchants to have a clear understanding of the trends within the world of online fraud. They need to understand how criminals work, where criminals work, and which types of fraud attacks are most successful. Only then can e-commerce professionals put the right defenses in place and engage with the right partners to stop fraudsters in their tracks.
According to Forter’s 2018 Fraud Attack Index, fraudsters are increasing their frequency of attacks. In the past year alone, fraud attacks have surged 13%, with some industries seeing rates over 12X higher than average. But what might be most surprising is that fraud is no longer happening just at checkout. Retailers know that transactional fraud is a point of vulnerability, and they have put defenses in place to counteract these attacks. As such, fraudsters are learning to exploit retailers throughout the customer journey. Fraud professionals need to be aware of the other pain points beyond the point of transaction and how best to prevent them from being exploited.
In early September 2017, Equifax made the announcement that they had been breached, and that the personal information of over 143 million Americans (as well as Canadian and UK citizens), was compromised. This flood of personal data likely contributed to a significant uptick in account takeovers (ATOs) in recent months. According to Forter data, there was a 31% increase in attempted ATOs year-over-year as of Q3 2017, with a significant spike of 53% in Q3 2017 compared to the previous quarter.
With a new breach occurring every day, customers feel vulnerable and expect merchants to protect their accounts, but many merchants do not yet have the security measures in place to guard against fraud throughout the buyer journey (from the moment a shopper logs onto a loyalty account to the point of transaction and beyond). Online retailers should fine-tune their fraud prevention to ensure they can differentiate real account owners from fraudsters who use stolen information to pose as legitimate shoppers.
After gaining access to an individual’s account, fraudsters find identity manipulation an appealing fraud method, as it is particularly difficult to detect. Identity manipulation occurs when a fraudster alters account details, such as phone number and shipping address, without ever being flagged as suspicious.
After changing these details across multiple platforms, fraudsters will often exploit loyalty point programs connected to the accounts, depleting the accrued points and reaping the rewards without the account owner ever being notified. In these cases, the value of the account is higher than the individual’s identity itself, and it’s less risky to exploit.
Coupon & Promo Abuse
Customers are savvy. By creating a new account, they can take advantage of promos that would be otherwise unavailable to them as a return customer. But when individuals continuously abuse promotions, businesses suffer a direct financial loss. In some cases, the perpetrator may not even be aware that they’re committing fraud.
Forter has seen more than 200K of these policy abusers in 2017, with repeat offenders attempting to conceal their identities and strike again. Both professional fraudsters and consumers alike are increasingly exploiting retail promotions, and in Q4 of 2017 there was an unprecedented 217% increase in coupon abuse.
Customer expectations have shifted. Flexible return policies are no longer the exception, they are the rule. But return abuse is a growing problem for online merchants. Repeat abusers will frequently return goods for a full refund after already using the merchandise. Sophisticated abusers set up multiple accounts and leverage alternative payment methods to hide their identities. As this abuse continues to grow, merchants often struggle with the operational costs of fulfilling fraudulent orders, processing returns, restocking merchandise and reassessing the worth of the returned items. In fact, retailers are experiencing $28.2 billion in financial loss annually from return abuse and fraud. Some retailers, including L.L.Bean, Nordstrom, and even marketplace giant Amazon, have changed their return policies in order to combat this scam.
Return abuse is especially common during the holiday season when there is an increase in online shopping and similarly an increase in excessive returns. If not carefully analyzed, blocking return abusers can inadvertently lead to blacklisting good customers. Sometimes even legitimate shoppers can be punished for making what the company deems to be “too many returns in a given time span.” By using imprecise fraud prevention methods like static rules, retailers run the risk of adding friction to an otherwise valuable customer’s shopping experience, to the detriment of the continued loyalty of the shopper.
From the moment a customer logs onto a website, all the way through to purchasing or returning merchandise, the shopping journey is rich and simultaneously vulnerable to methods of attack and exploitation. Retailers must look to their fraud teams and solution providers to create a more robust preventative solution to stem these growing methods of attack, while also continuing to provide a seamless shopping experience for valued customers.