Ecommerce is fast-paced, competitive, and ever-changing. Digital tools such as mobile apps and wallets, cryptocurrency, and financial technology are all contributing to the evolving fraud landscape. During the COVID-19 pandemic, ecommerce fraud increased significantly worldwide.
Mid-to-large general merchandise retailers faced 70% more fraud attempts per month during the 2020 lockdown than prior to that. Types of ecommerce fraud that saw an increase emerge during covid and post covid landscape are account takeover (ATO), bot attacks, and unauthorised reselling.
In 2022, most of these fraud methods continue to cause merchants losses. However, as criminals are becoming even more sophisticated, their fraud tactics are also evolving.
Here are three of the most common ecommerce fraud challenges we’re seeing in 2022, based on Signifyd’s ecommerce data report.
Account Takeover (ATO)
Account takeover (ATO) is one of the most popular types of ecommerce fraud that both retailers and consumers have been battling for years. Essentially, it’s an identity theft attack where criminals are trying to illegally access accounts via stolen credentials.
During the pandemic, ATO attacks had the highest increase (282%) and were harnessed by the evolving sophistication of criminals. While the total amount of all fraud losses was £43 billion in 2020, account takeover scams amounted to £34 billion of that cost, according to a study by Javelin Strategy & Research.
Scammers were not relying solely on credentials stolen in data breaches. “Identity fraud has evolved and now reflects the lengths criminals will take to directly target consumers in order to steal their personally identifiable information,” said John Buzzard, Lead Analyst, Fraud & Security, with Javelin Strategy & Research.
Automation and the increased use of bots broaden the scope of ATO fraud, as fraud rings can attempt to quickly breach thousands of accounts. Not only that, but they’re finding their way into loyalty schemes too. During the pandemic, loyalty fraud increased, as fraudsters were easily targeting neglected loyalty program accounts. Loyalty points are as good as cash and much less protected, providing fraudsters with the ground basis to steal them, make purchases, and either sell the goods or exchange them for gift cards
The best way to protect your business from ATO fraud is by strengthening account access security through multi-factor authentication. A fraud protection solution that uses machine learning and automation will also help you prevent fraud.
The evolution of fraud methods doesn’t end here. Fraud rings moved down the payment chain to more vulnerable links, and that’s how synthetic identity fraud, or new accounts fraud (NAF) emerged.
Criminals create new and non-existent identities by combining stolen and self-generated personally identifiable information. They come up with a name and a billing address, apply for a credit card, and then make fraudulent purchases. Criminals have even found a way to get around biometric verification by using technologies that combine facial traits for creating these new identities.
What they’re making use of is the fact that the early stages of the payment process, such as account creation and adding payment methods, are less scrutinised. Differentiating synthetic identities is a primary verification challenge, according to 58% of mid-to-large retailers selling digital goods.
Financial technology leader and Signifyd strategic partner FIS commented: “In our recent Global Payment and Risk Mitigation Survey, the majority of merchants surveyed reported increases in synthetic and account takeover fraud over the previous year. As these and other new fraud trends emerge, the safeguarding of a merchant’s revenue requires smart, dynamic protection against fraud throughout the payment lifecycle.”
Return fraud isn’t something new, but it’s definitely increased in momentum due to the covid 19 pandemic and as Strong Customer Authentication (SCA) reduces fraud within the payments layer. It’s been affecting both brick-and-mortar stores and ecommerce, but while in-store returns run in the single-digit percentages, online returns can range between 25% and 40%, depending on the vertical. According to the National Retail Federation, working with Appriss Retail, 7.5% of online returns are fraudulent.
Return fraud types are becoming notoriously innovative. The most “innocent” type is wardrobing. That’s when consumers purchase high-end clothes and accessories, wear them, and then return them with the tags still on. Friendly fraud is when customers receive their items but then report them as an Item Not Received (INR) and a merchant is left footing the bill for a replacement while the customer receives an additional product. Recently, sending back a counterfeit copy of the product or an old or damaged version is gaining force.
During the pandemic, many retailers aimed to offer a seamless customer experience and offered to issue a refund as soon as the return package was dropped off with the courier and scanned. However, fraudsters would fill the packages with items of the same weight to send back instead. For example, Maplin, a leading UK electronics specialist, has received cans of beer instead of electronics. In another case, a potato replaced an iPhone, or old toys and candies stood for high-end electronic devices.
Return scams can cost retailers millions of euros every year. One way to mitigate it is by setting limits on returns, making return policies clear, and only issuing a refund once the item has been received. Investing in a return abuse prevention tool that uses automation is the future of fraud prevention.
As fraudsters are becoming more and more sophisticated and innovative in their methods in 2022, it’s important to stay ahead of the game to prevent losses. The key to that is making sure that your fraud prevention strategy is robust.