On Tuesday August 14th, fraud and payments professionals gathered in the heart of New York City to discuss some of the emerging approaches that criminals are using to commit e-commerce fraud. On the NYPAY panel were not only fraud prevention experts and payments processors but also merchants on the front lines of fighting fraud. What are the fraud trends merchants face in 2018? How is fraud being mitigated in the real world? Read our recap to find out.
The New Frontier
Our economy is becoming more digital by the second. E-commerce growth provides immense benefits to the consumer, and merchants are providing personalized and engaging experiences to capture more of consumers’ time. But with this shift also comes immense opportunity for fraudsters to exploit online payments platforms.
According to Mitch Mahfoud, Senior Fraud Analyst at Shutterstock, account takeover (ATO) is the newest fraud frontier. Forter data shows that ATO attacks increased by 31% year over year. Fraudsters are quickly realizing that accounts are incredibly valuable, as they can not only use saved payment information and change account details, but they can also take advantage of any accrued loyalty or rewards points without the merchant or account owner ever finding out. Merchants are increasingly providing reward incentives to customers in order to promote brand loyalty, but unfortunately fraudsters inherently want to exploit this.
Rules- and Review-Based Systems
Transactional fraud is still a constant struggle for merchants. Historically, rules have been a leading strategy to combat fraud, but as Forter’s CFO Colin Sims put it, “rules can often have pitfalls.” They are inherently reactive, because they are built on historical fraud trends, and at some point they fail, which is always catastrophic. Mahfoud agrees that the biggest mistake merchants can make with rules-based systems is stagnation. Shutterstock was not regularly assessing their rules and ended up blocking good transactions from countries that had a high level of fraud, directly affecting their revenue.
Megan Brady, who is a fraud investigator at Square, believes that review teams provide a human intuition that machines cannot provide. However, many merchants do not have the luxury of reviewing all transactions if they are in the digital goods or on-demand space. Think of buying a song on iTunes, ordering a meal from your favorite restaurant, or calling a Lyft on your phone. Customers expect immediate gratification and thus won’t tolerate delays in receiving their goods and services. When you think of the speed at which Amazon can now process and ship goods, even physical products are moving more and more in that direction.
While human intuition can often be a good thing in reviewing transactions, it also introduces inherent human bias into the process. When Sims was COO of delivery.com, fraudsters would often call in, livid that they did not receive their food and adamant that they were good, loyal customers. This could often sway a reviewer who would then let through fraudulent orders. Additionally, manual reviewers are oftentimes inconsistent in their reviews, especially when transactions are at peak volume. The tenth transaction of the day may be much more accurately reviewed than the 500th, and the 11am transaction may be assessed better than the 2am transaction.
While automation and machine learning are becoming more mainstream when it comes to fraud prevention, this doesn’t mean that humans will be out of the equation entirely. It will always be imperative for merchants to actually know their own data and be aware of what their biggest fraud issues and pain points are. Only then can they effectively combat fraud, whether with rules, humans, technology, or all of the above. At Forter, we have a team of analysts that work full-time to analyze not only our merchants' individual fraud challenges and update our machine learning models to combat these best, but also to research new fraud trends and techniques in order to stay one step ahead of the criminals.
While merchants are continuously working to combat fraud more effectively, there is agreement that consumers will not tolerate any added friction in their purchasing experience. Multi-factor authentication is a tempting approach for many businesses to ensure that only good customers are allowed to engage. But payments are becoming more and more invisible. Think of the Uber and Lyft economy, where you only need to put payment info into your account once, and never manually complete a transaction again. As Sims said, “Until Amazon decides that friction-filled checkout is imperative, consumers will always have the option of shopping elsewhere, and they will do so.”
Behavioral biometrics are another way that merchants are attempting to stop fraud, not only at checkout but also at other points of the consumer journey. Unlike a human being, bots can fly through the checkout process in a matter of seconds. Biometrics can track this speed, or other suspicious activity like copying and pasting credit card numbers, and flag the compromised account. Yet consumers aren’t entirely comfortable with biometrics yet. Thanks to Apple, thumbprint technology has made its way into the mainstream, but merchants are often hesitant to implement these advancements if they feel consumers will be affected negatively. Yet, merchants see fraud prevention moving in that direction, and believe it will be necessary as online criminals become more and more savvy.
Lastly, merchants like Zola are seeing an increase in what is called “friendly fraud.” Whether a kid is stealing their parents credit card or customers are opening multiple accounts to take advantage of referral discounts, this new type of abuse is hitting the bottom line of retailers much more frequently. In conjunction with account takeovers, companies are looking to put new fraud prevention systems in place that look beyond hostile, transactional fraud to cover fraud and abuse throughout the customer journey.
Want to learn more about how Forter can help? Get in touch!