By Mairtin O’Riada, founder and CIO at Ravelin
Despite more people drifting back to the high street now restrictions are lifting, it’s clear that the digital shift isn’t going anywhere and ecommerce is continuing to boom. Good news for online merchants, many of whom (56% from our recent survey) had already seen a positive effect on their business from Covid-19.
However, with rising digital sales comes an increase in fraud attacks, with fraudsters taking advantage of weaknesses caused by the pandemic and exploring tactics that side-step the latest 3D Secure (3DS) requirements for online payments. A significant one in five global online merchants in the same survey reported that fraud increased in 2021 and that they experienced new types of fraud the business hasn’t seen before.
So, what fraud threats do merchants need to be most wary of in 2022?
Top fraud risks to watch out for
- Online payment fraud
Online payment fraud continues to be the biggest threat to merchants, with 20% more businesses noticing an increase over the last year. Fraudsters just can’t seem to stop taking advantage of consumers storing card details and making payments online.
This is the most expensive risk, with global ecommerce losses to online payment fraud hitting $20 billion in 2021, a growth of over 14% YoY.
- Policy abuse
The costs of policy abuse can be eye-watering too. Both promotions abuse and refund abuse were rife amid the pandemic. Refund abuse is usually carried out by genuine customers taking advantage of retailer’s return policies, for example, the need for contactless delivery meant it was hard to confirm customer receipt, so many took advantage of this saying they never received items in order to get a refund.
Refund abusers have also been known to return low-cost fake goods instead of genuine merchandise, and serial bulk buyers who wear outfits once for a post on Instagram and then return them perhaps don’t realise that less than half of that inventory can be resold at full-price. It’s no wonder that refund abuse rose for 60% of merchants, up from 51% in 2020.
Promotions abuse also saw a jump with 55% of merchants seeing an increase in 2021 from 49% in 2020. While generous marketing schemes can aid in beating the competition and help brands stand-out, more promotions also make for a greater opportunity for customers and fraudsters to take advantage.
It’s therefore no surprise that merchants are starting to recognise that policy abuse is an important threat and consider it as big a risk as friendly fraud.
- Friendly fraud
Friendly fraud (also known as first-party fraud) is on the rise for 46% of fraud and payment professionals we surveyed. This occurs when customers falsely claim chargebacks from their bank instead of the merchant, it can happen by customers genuinely misunderstanding that this isn’t the route they should take to get their money back, but less innocent customers also claim they didn’t receive the item or that it was damaged to take advantage of the system.
Refund policy terms and conditions need to be clear to avoid any confusion on processes and unnecessary disputes and refund abuse.
- Account takeover
Over half (55%) of merchants have seen an increase in account takeover attacks, with over a third (35%) most worried about revenue loss as a result.
Digital goods merchants were victim to the most attacks with an average of four high-level incidents per month. A huge increase in new online shopping accounts during the pandemic and the fact that digital goods can be easily resold without operational effort like organising delivery are reasons for this.
In addition, the Travel and Hospitality industry were hit hard, with account takeovers increasing to 3.3 a month in 2021 from 2.6 in 2020, with fraudsters going after dormant accounts with valuable loyalty points and frequent flying miles up for grabs.
Achieving a balance between security and happy customers
As the nature of fraud attacks evolve, the techniques and technology required to defeat them is endless, but there are steps online merchants can take.
The Payments Services Directive (PSD2) was introduced in the hopes of stimulating growth and competitiveness in the EU financial sector and addressing the rapid growth of ecommerce fraud. It introduces new standards for making payments secure such as multi-factor authentication to help combat fraud, with the latest version of 3DS enabling strong security and great customer experience to co-exist.
In fact, 90% of merchants we surveyed who are aware of PSD2’s impact believe it will be positive for these reasons. This is great news, as it is possible for merchants to strike a balance between managing risk and optimising conversion with SCA as part of PSD2.
The SCA mandate, now in effect in the UK, means savvy merchants can take advantage of exemptions for some transactions to provide a frictionless customer experience where possible when transaction risk is low. For example, merchants can prevent trusted customers with low fraud rates, regular subscriptions, or low value transactions from going through additional authentication hoops.
But at present only a quarter of fraud and payment professionals we surveyed plan to use each of the exemptions available as part of their PSD2 strategy. And just 36% of UK and Irish online merchants were sending over 40% of their transactions through 3DS in 2021. In 2022, it’s vital that merchants do take the time to segment and analyse all their customer’s payment transactions to understand the potential for exemptions.
The importance of detecting fraud faster
Importantly, however, these extra layers of identity checks don’t remove the need for fraud tools because fraudsters will continue to explore new tactics.
It’s crucial that online businesses invest in fraud tools and teams that manage fraud and payments solutions together, to maximise payment approval rates and frictionless flow from payment providers to prevent customer dropout.
Everything starts with a business’ data. The best approach is to work with a fraud detection and payment acceptance platform provider that can build a custom solution around this bespoke data to gain better control of it. With this centralised platform online merchants can then develop a deeper knowledge of customer behaviours, keep pace with evolving threats, detect fraud signals sooner and reduce the cost of fraud.
