Podcast: Play in new window | Download
The many digital touchpoints today’s consumers use to connect with merchants and buy products have been a boon for businesses. Merchants have many different digital avenues to meet customers where they are and enable quick and seamless payments options for products and services. While this digital world has created convenience, it has also created ample opportunities for fraud.
It’s much easier to commit fraud in the digital realm than, for example, in a storefront, due to the quickness and ease with which transactions can be completed. Merchants must be vigilant against fraud without introducing too much friction to the seamless digital experience consumers have come to expect. This can be a difficult balancing act.
PaymentsJournal recently sat with Erika Dietrich, VP of Global Merchant Payments Analytics & Optimization for ACI, and Don Apgar, Director of the Merchant Services and Acquiring practice at Mercator Advisory Group, to discuss how merchants can toe this delicate line.
Apgar noted that because merchants operate in many different geographies, each of which has different rules about the kind of data that can be collected and with different regulations for each kind, using standard tools to detect fraud is difficult.
Though card transactions are fairly standardized, “the fraud prevention tools and third-party data sets, issuer data sets, and some of the connectivity vary from region to region, as do the privacy laws,” he added.
This means that merchants need fraud solutions that are “adaptable and easily adjusted for external variables,” Apgar said.
Orchestration Between Payments and Fraud
Dietrich agreed, adding that fraud prevention can’t be looked at in a vacuum, but that there needs to be orchestration between merchants’ fraud prevention and payments strategies. She added that this is why merchants need a solution that can operate across all entry points, including card present and card not present, and that uses artificial intelligence and machine learning to understand different operating points and can change and adapt to the different payment options and digital channels.
Having this in place means merchants can strike the right balance between fraud prevention and digital customer experience.
“It’s not about trade-offs, but it really comes down to having the right tools and solutions in place that enable you to monitor what’s happening on both a real-time, short-term basis, and also a very long-term basis, and look at how the performance is day over day, hour over hour, month over month, and quarter over quarter,” she said.
Lingering Effects of the COVID-19 Pandemic
Payments fraud was already increasing during the last decade as digital payments became more popular and prevalent, but it was exacerbated by the COVID-19 pandemic and its related lock-downs, which pushed even tech-wary consumers into transacting digitally. Even though lockdowns globally are largely a thing of the past except in certain countries, the habits consumers adopted during that time have stuck. The many more consumers that are now buying things online and using digital payments have created many more targets for fraudsters.
The U.S. Federal Trade Commission noted that consumer complaints increased significantly during the pandemic, and in 2020, fraud cost consumers more than $3.3 billion, nearly double the $1.8 billion figure in 2019. Fraud and cybersecurity firm Arkose Labs also noted that fraud attacks recorded on their network doubled during 2020.
Dietrich observed that while the ease and convenience of the growing number of digital payments options is a boon for consumers and merchants, there will always be bad actors that try to exploit these processes.
“Where there’s a will, there’s a way,” she continued. “Payments fraud is a never-ending battle for merchants and payment service providers.”
Fraudsters have many different avenues to attack in the digital realm. For example, Dietrich noted that many are using synthetic IDs — fake personas created using a combination of stolen personally identifiable information (PII) from real consumers — which can be difficult to detect. Bad actors are also continually engaged in account take-over attacks. They do this by purchasing lists of username and password combinations that have been leaked in data breaches in order to take over real accounts. After they have successfully taken over an account, they can then appear as if they are that real customer when visiting a merchant’s platform.
There is also an increasing amount of fraud that is not malicious per se, but still disruptive. One example is people who use bots to acquire high-value, limited-quantity items to then resell for a profit, such as limited-edition sneakers or hard-to-find video game consoles. There is also the issue of first-party fraud, or friendly fraud, Dietrich noted, where genuine customers order an item and then say it never came in order to get a refund and ultimately receive the item for free.
How Merchants Can Combat This Wide Array of Fraud
Since digital payments fraud is increasing daily and fraudsters are constantly changing and adapting their tactics to avoid detection, merchants need a solution that can adapt in real time, Apgar advised.
He said that rules-based solutions often become obsolete the moment they are deployed because the fraud patterns they are designed to detect quickly change as fraudsters pivot.
“The problem is the environment changes so fast, and fraudsters pivot so quickly, that by the time you write the rules, someone has figured out how to get around them,” he said. “You need software that writes itself and can pivot quickly.”
Dietrich also advised that merchants vigilantly monitor signs of potential fraud. For example, an account that has been dormant for a long time that is suddenly active can be a sign of a “sleeper attack.”
She also said merchants should look at sales patterns, and be cautious when sales figures are unusually high for that period of time. Unfortunately, “high sales that may look atypical could be fraudulent,” she said.
