Fraud rates have held steady throughout the year despite the move to digital, but a few factors could change that this holiday season bringing greater losses than those of Christmas past. Globally, we’ve seen a spike in digital traffic as a result of Covid-19 the past 6-9 months, with some countries like Brazil reporting a 200% increase in digital traffic to retail sites. This means some physical fraud controls, like EMV or chip-and-pin, are no longer relevant. The number of data breaches this year compromised more than 36 billion records, eclipsing history’s reported record total. This means more legitimate credentials have been stolen, sold, and/or being used to commit fraud. On top of that, many businesses may be starting to loosen their online security restrictions in order to take full advantage of the topline revenue that comes with the influx of holiday traffic. This is especially true for those who’ve struggled to stay in business during Covid-19, who will look to increased holiday spending to offset declines earlier in the year.
Unfortunately, fraud at the holidays is difficult to detect and there can often be a significant lag until fraud is realized, in some cases up to 3-6-months. So how do businesses protect themselves while providing a secure place for customers to shop online this year, especially during big events like Black Friday and Cyber Monday, while still offering a convenient digital experience? Businesses will need a layered approach to fraud management, and it starts by knowing what to expect.
Holiday fraud trends to watch:
Payment behavior: Most consumers will do all their holiday shopping online which means card-not-present payment fraud will likely spike, as fraudsters hide in the increased volume of traffic. With the shift from physical to digital transactions, traditional fraud controls, like EMV or chip-and-pin which are effective at minimizing card-present fraud, simply are not available to protect digital transactions. Average order value also tends to increase during the holiday season, requiring retailers to establish higher value thresholds for each order, to avoid flagging legitimate orders for review.
Shipping behavior: Generally shipping behavior at the holidays is different than the rest of the year. People buy gifts and ship directly to the recipient, which means fraud detection logic that matches billing and shipping addresses to the legitimate cardholder may cause more false positives than fraud detection.
Chargeback fraud: Holiday gift-giving pressure or loss of household income can sometimes lead to chargeback or friendly fraud, where a person may purchase an item – typically entertainment services or devices – use it and then return it, with or without intent to pay. Or in some cases, purchase an item, then issue a chargeback claiming no knowledge of the purchase.
In-account fraud: Many retailers are now requiring a customer to set-up an account when making a purchase to identify their behavior and track purchase history. Like we’ve seen in the banking industry, fraudsters will use stolen login credentials to gain access to these legitimate accounts, make purchases using a card on file, and set up a secondary shipping address to re-route the items.
Mule behavior: A newer form of fraud that’s gaining traction is where a legitimate customer is recruited to use either their shipping address or in some cases, their validated account to make a transaction using stolen payment information, receive the package, and forward to the fraudster’s address. Sadly, these fraudsters are known as “mule herders” are exploiting desperate, out of work people by recruiting them to work on their behalf. In the financial services space, victims may knowingly or unknowingly use their own bank accounts, to allow fraudsters to funnel money from other stolen accounts as part of an elaborate wire transfer or P2P payments fraud schemes.
Phishing: The accelerated digital traffic during the holidays presents fraudsters a great opportunity to get consumers to click on all sorts of “offers” or fake merchant websites and steal personal information. This increase in phishing can take place across all known channels – email, phone, social, text, and web – and is a trend we’ve seen attack businesses and consumers alike. Unfortunately, fraudsters are appallingly impersonating health organizations, setting up fake cleaning and healthcare supply stores, Covid-19 statistic maps, and websites, all in an attempt to lure victims into divulging sensitive data.
Who does fraud hurt the most?
Online fraud during the holidays hurts many players in the transactional relationship – the legitimate customer, the merchant, and the bank or payment provider – but merchants tend to bear the biggest burden. This is best illustrated by the dispute process. When making a purchase, the main relationship is between the customer and the merchant. However, when a stolen credit card is used, or when a consumer has been a victim of account takeover fraud or some other fraudulent behavior, the person will dispute the charge directly with their bank or credit card company (card issuer). Card issuers and banks will either hold the charges back or reverse the financial transaction until a resolution can be met with the merchant. It then lies with the merchant to prove that the transaction was in fact legitimate, and to dispute that chargeback. The consequences of fraud for the merchant include multiple pain points: the cost of the stolen goods (and any shipping fees), the chargeback fee, potential fines by the merchant’s acquiring bank, and potential reputational challenges.
Fraud prevention during the holidays
The pandemic has already put an incredible amount of pressure on businesses and the rise in sophisticated fraud attacks may seem insurmountable. Creating a secure and convenient experience for your customers is possible and there are strategies and tools that can be implemented.
Tools to layer into your fraud strategy:
- Require (and check) signatures upon postal delivery
- Offer immediate email confirmation and tracking number information
- Use a wide variety of digital and transactional data to make optimal risk/trust decisions
- Adopt dynamic risk strategies where controls can be adjusted to match the threat level
- Leverage machine learning models to access a variety of niche solutions or data sources for accuracy
If 2020 taught us anything, it’s flexibility and resilience – two words that should describe your approach to fraud management this holiday season. The holidays can be a time of great joy, and this year most people are hoping the holidays will lift their spirits. Don’t let fraudsters dampen those holiday spirits!