By: Mairtin O’Riada, Co-founder and CIO, Ravelin
The Covid-19 pandemic has been hugely challenging for merchants across the globe. Sporadic lockdowns left our high streets deserted for months on end, and with a global economic downturn lurking around the corner, consumer confidence has been shattered.
However, there’s one industry that has flourished over the past year and that’s ecommerce. In the blink of an eye, we experienced a rapid acceleration of online shopping, driven out of pure necessity. According to eMarketer, worldwide retail ecommerce sales recorded a 27.6% growth rate in 2020.
But as the ecommerce industry has boomed, so too has online fraud and abuse. Almost all businesses that operate on an ecommerce basis have experienced a rise in fraud and abuse over the past 12 months, with each industry affected in slightly different ways.
But how exactly have fraud and abuse gone up over the past 12 months? And what types should ecommerce businesses be wary of?
Online payment fraud
The most obvious is online payment fraud. As many retailers enjoyed a boom in online sales, the buoyant ecommerce sector provided an attractive opportunity for professional fraudsters to take advantage of unsuspecting victims.
Online payments are a prime target for fraudsters as they don’t require the physical card, only the card details — which can be stored digitally. Online payment fraud costs merchants more than any other form of fraud, and the costs are still rising.
Ravelin’s Online Merchants Perspectives report found that during the pandemic, 39% of merchants experienced an increase in online payment fraud. It’s interesting to note that fewer retail merchants said there has been an increase compared to travel and hospitality, digital goods and marketplaces.
Account takeover
Our sudden reliance on ecommerce has also fuelled a rise in the number of account takeover (ATO) attacks, which happens when a fraudster maliciously gains access to a customer’s account credentials.
With typical online payment fraud, a fraudster creates an account and uses stolen card details to make fraudulent orders. However, with ATO, a fraudster gains access to a legitimate customer’s account, so account activity doesn’t ring alarm bells until the point that the fraud occurs. Login details are easily purchased online, and fraudsters often use credential stuffing to try numerous login and password combinations against popular merchant websites.
ATO leaves businesses vulnerable to both financial and reputational damage. Worryingly, in the past year 45% of all retail merchants have seen a rise in ATO activity. While across all industries, merchants are facing 2.6 to 4 major account takeover attacks each month.
When an attacker does place an order, they make three to four orders on average, with around a 50% success rate. Attackers can also monetise accounts in other ways, such as reselling, or extracting customer data to be sold online.
Refund abuse
The pandemic has seen many companies simplify their refund terms and conditions to win customers and drive growth. But in doing so, they have increased the risk of refund abuse — when a customer uses the returns policy of a merchant so much that it becomes unprofitable. Customers can also abuse refunds by faking returns or receipts, or reselling merchandise.
Refund abuse is most often carried out by genuine customers pushing their luck, especially at a time where many people are struggling financially. For instance, food delivery services may encounter claims that are difficult to disprove like ‘my food was cold,’ while fashion industries are experiencing instances of ‘wardrobing’, where customers return clothes despite having worn them.
According to Ravelin’s research, refund abuse is the fastest growing type of online fraud. Further research found that half of retail merchants have experienced an increase in refund abuse over the past year, with fashion (54%) and grocery (55%) merchants experiencing the biggest rises.
The prevalence of refund abuse can largely be put down to changing delivery patterns, such contactless deliveries. Disputes can quickly turn into a he-said-she-said situation, with no evidence to validate the word of either party.
High-volume retailers have also relaxed rules about collections and returns. While this is convenient, networks have become so vast that returns can be hard to track. Factor in a diminishing workforce and a door is left wide open to opportunistic fraudster to easily slip through the net.
Fraudsters are targeting subscription businesses
Now more than ever, subscription businesses are becoming an attractive target to online fraudsters. They rely on recurring card payments, offer in-demand products at a discount, and will often utilise promotions. To add to this, it’s estimated that by 2023 as many as 75% of consumer brands will have a subscription-based offering. With this increased success and popularity comes a higher risk of fraud.
For the customer, the benefit of recurring transactions is a completely frictionless experience. However, for merchants this can lead to an increase in unnecessary chargebacks. Customers often ‘set it and forget it’ and face an unpleasant surprise when money leaves their account. This buyer’s remorse is leading to more friendly fraud chargebacks.
When it comes to ATO, subscription accounts can be lucrative targets, as some businesses enable credit to build over time. Valuable accounts are targeted to attain and resell goods, or to sell on personal details — often by mimicking online subscription businesses in phishing attacks.
What’s more, organised promotion abuse and reselling schemes are emerging that can’t be ignored. We’ve seen fraudsters offering customers discounted prices for online access subscriptions by continuously signing up to free trials on their behalf. Similarly with subscription boxes, fraudsters are creating numerous accounts to repeatedly use ‘first box free’ promos and accumulate products to resell.
Staying one step ahead
With fraud risks growing and constantly changing customer behaviour, it’s becoming increasingly difficult for fraud teams to separate genuine customers from fraudsters. With this in mind, it’s vital that businesses implement the latest fraud detection technology to minimise the financial and reputational implications of fraud.
Artificial intelligence and machine learning software is proving crucial when it comes to detecting fraudulent activity. Its ability to spot unusual patterns by analysing online transactions and customer behaviour is unrivalled by humans — it’s also super-fast, cost efficient and far more accurate. What’s more, there are no diminishing returns. With a rules-only system, increasing amounts of payment and customer data puts extra pressure on the rules library to expand. But with machine learning it’s the opposite — the more data the better.
With ecommerce activity continuing to accelerate, it’s vital that ecommerce retailers act now to prevent and limit the impact of online fraud.
