Written by Marc Mosman, Senior Business Consultant – Fraud and Identity
Pre COVID-19, operations functions for retailers and financial institutions had not typically consisted of a remote (stay at home) workforce. Some organizations were better prepared than others, but there is a firm belief that retail and banking have changed for good as a result of the pandemic and resulting economic and workforce shifts.
Market trends and implications
When stay at home orders were issued, non-essential brick and mortar businesses closed unexpectedly. What were retailers to do with no traffic coming through the doors at their physical locations? The impact on big-box retailers like Best Buy, Dick’s Sporting goods, Sears, JCPenney, Nike, Starbucks, Macy’s, Neiman Marcus, Nordstrom, Kohl’s to name a few, has been unprecedented; some have had to shut their doors for good.
Over the past several months global retail has seen e-commerce sales grow over 81% compared to the same period last year, according to Card Not Present. Some sectors have seen triple-digit growth year over year. Most online retailers have been ill-prepared to handle this increase in transactional volume in such a short amount of time, which has resulted in rapid fraud loss increases. Prior to COVID-19, Gartner analysts had forecasted an 8% decrease in fraud for 2020, but have since revised the projection to increase 10-15%.
What does this all mean?
Bad actors are taking advantage of the pandemic to exploit the online retail channel. The increased remote channel usage—online, mobile, and contact centers in particular—continues to be an area where retailers are exposed. Account takeover, through phishing and relaxed call center controls, is rising as well. Increases in phishing attacks are leading to compromised and stolen identities and synthetic identity fraud.
Account takeover (ATO) fraud has increased 347% since 2019 according to PYMNTS.com. A recent survey found more than a quarter of merchants (27%) admit that they don’t have measures to prevent ATO. 24% of merchants can’t identify an ATO during a purchase. 14% of merchants say they are not even aware that an ATO has occurred unless a customer contacts them.
When criminals use these compromised accounts to make fraudulent purchases, the merchant loses revenue and the value of the goods. They can also suffer from damage to brand reputation and a loss of customer confidence. A lack of account security can have lasting effects as 65% of customers surveyed say they would likely stop buying from a merchant if their account was compromised, according to that same Card Not Present study.
So how can retailers start to identify bad actors with malicious intent?
This will be a constant struggle for retailers. Rather than a one size fits all solution, retailers must move toward a strategy that is nimble and dynamic and can address multiple areas of exposure. A fraudster could easily slip by one verification method—for instance with a stolen credential—only to be foiled by a secondary authentication tactic like device identity.
A layered fraud strategy continues to be the industry best practice, where both passive and active authentication methods are leveraged to frustrate fraudsters without applying undue friction to “good” consumers. The layered solution should also utilize device risk, identity verification and fraud analytics, with tailoring to each businesses’ needs, risk tolerance, and customer profiles.
Learn more about how to build a layered fraud strategy today.