It would be an understatement to say that COVID-19 is having major impacts on every aspect of our lives. Retail is definitely not insulated from this. COVID-19 is bringing a whole new set of challenges for the industry. In particular, the global response to the pandemic has led to a tale of two cities in retail.
On the one hand, many in store retailers have been forced to close their doors with social distancing orders. On the other hand, digital commerce has never been so in demand with people grappling with orders to stay in their homes. When looking at the billions of retail transactions we protect, we see this shift reflected in our data. In fact, we found a 23% increase in global e-commerce transactions in the week following the World Health Organization declaring the novel COVID-19 outbreak a pandemic on March 11 compared to the average weekly volume preceding that in 2020.
COVID-19 Related Fraud and Resulting Account Takeover
Always noticing a good trend, fraudsters are not missing an opportunity to exploit the situation with COVID-19 phishing scams. In our recent survey of 1068 Americans 18 and older, we found that 22% of respondents had been targeted by digital fraud related to COVID-19. Fraudsters are using phishing emails, phone calls and legitimate looking websites that promise information or prevention tips about the virus to steal login credentials and personal data. Unfortunately, consumers have a bad habit of reusing login credentials across multiple sites, which means that such compromises could lead to an uptick in account takeover attacks against retail accounts.
There are a number of measures that merchants can take to mitigate such attacks. If you’re seeing many accounts go dormant during this time, it would be advisable to add some type of identity verification check before allowing dormant accounts to resume purchases. Another way to combat account takeover is to add verification checks at account management. If an attempt is made to change an email address for an account, a common tactic used when an account is taken over to divert any notifications, you can do an email verification check to ensure that the new email address is valid.
Making the Customer Journey Friction-right
For online retailers that are seeing a surge in transactions and don’t want to add friction to the customer journey, you can add device-based authentication at login. This allows you to shut down account takeover even if a fraudster has the right login credentials by checking to see if a device has been paired to the account or if there are risk signals associated with the device. If it’s a known device with no risk signals, you can seamlessly authenticate your trusted consumer. If it’s an unknown device or shows risk signals such as geolocation mismatch or attempting to evade detection, you can step it up for greater assurance.
Fraudsters Emulate Good Transactions
We are also seeing fraudsters exploit the surge in online transactions as consumers turn to digital channels. Retailers experiencing a rise in online transactions will need to consider how to stop bad actors that might find it easier to hide among the uptick in volume.
Furthermore, with 78% of all e-commerce transactions coming from mobile devices in 2019 and a 118% increase in risky retail transactions from mobile devices last year, fraudsters have certainly taken notice of the mobile move. This trend is likely to accelerate this year as fraudsters try to mimic consumer behavior to avoid detection, using either mobile devices or emulators on their desktops so transactions appear to be coming from a legitimate mobile device. It is important for retailers to consider what fraud prevention controls are in place across all channels, while providing a friction-right customer experience.
As COVID-19 reshapes our lives for the foreseeable future, it’s imperative that we adapt to the new reality. The retail industry and fraud are prime examples of that. Although not life or death, much like we must social distance ourselves for all of our health, retailers and fraud teams must implement new approaches and controls for the health of the industry as this tale of two cities for retailers continues to play out.
