A healthy economy, a rising stock market, and falling unemployment could put consumers in a festive mood this holiday season. According to PwC, consumers are expected to up their spending by 6% this year. Unfortunately, the spending surge, which for many retailers can mean the difference between a successful and a mediocre year, is likely to also mean a spike in fraud.
Many of the holiday purchases will occur electronically, as Cyber Monday has replaced Black Friday as the most anticipated shopping day of the season. Research from Euclid, a retail analytics firm, shows that 42% of shoppers plan to do more than half of their holiday spending online. In fact, online holiday spending is expected to exceed in-store for the first time. All of this could open the floodgates for e-commerce fraud.
Beyond Losses: Fraud Management Costs On The Rise
The increasing incidence of fraud has forced retailers to take preventive measures such as adopting new technology and hiring specialized personnel. The Vesta/Javelin study showed that fraud losses and management expenses now account for 8% of merchant revenues. The problem is even worse for digital goods merchants, who sell eBooks, eTickets and other instant download items — they end up losing 9.7%.
It is not surprising, then, that fraud management costs for the average retailer jumped 17% in 2017. For digital goods retailers, the increase was a whopping 42%.
Factors Behind The Rise In Online Fraud
As consumer shopping volume continues to shift to digital channels, fraudsters have focused more of their efforts on identifying and exploiting the unique attributes of e-Commerce. This poses dangers for merchants today, and for the foreseeable future. E-Commerce is nowhere near peaking, as it still accounts for only about 10% of total retail spending. According to another Javelin report, electronic shopping is expected to accelerate over the next three years, with annual increases averaging $50 billion, up from $40 billion annually over the previous two years.
The EMV migration and consumers’ chip card adoption has thwarted much point-of-sale (POS) fraud. But determined fraudsters have since turned to Card-Not-Present (CNP) transactions, including the more vulnerable mobile and online channels. In addition, unlike in-store POS fraud, CNP has opened the door to an entire world of international scammers, for which existing fraud mitigation tools may be less effective in combating.
Finally, criminals have simply become smarter. By taking advantage of technologies such as VPNs and virtual machines, they are able to commit fraud using tactics that were rarely seen as recently as a few years ago.
These include botnet attacks, where a fraudster takes over computers without the owners’ knowledge, each time establishing a “bot,” and links the hijacked computers together to establish a “net.” The cybercriminal can then use the powerful web of connected computers to hack into an online retailer's site, access customer logins and complete transactions without anyone being the wiser.
Another new ploy makes use of the “Buy Online, Pick Up In-Store” (BOPIS) feature increasingly offered by retailers that have both online and physical stores. With BOPIS, fraudsters, who may be thousands of miles away, can place orders online and then designate runners to jump from store to store to pick up the items. The faster they move, the less time retailers have to run fraud controls. This tactic also eliminates the need for drop shipment locations that can quickly become compromised once merchants recognize them as suspect.
The Three Major Fraud Risks For The 2017 Holiday Season
As the saying goes, to be forewarned is to be forearmed. Retailers should be looking out for the following risks during the Holiday 2017 shopping season.
- Unauthorized transactions occur via the use of stolen card or payment credentials, which allow fraudsters to pose as the customer and make purchases on the stolen card or payment account. Unauthorized transaction losses are proliferating because fraudsters are becoming increasingly proficient at disguising their actual locations and devices, circumventing many e-Tailers’ checkout safeguards. In 2017, unauthorized transactions produced an average merchant loss of more than $462,000, up 25% from 2016, or more than 43% of losses.
- Account takeover (ATO) iccurs when a fraudster makes purchases using another person's retailer account information (e.g. username and password). ATO accounted for an average merchant loss of nearly $285,000 in 2017, according to the Vesta/Javelin study, or about 27% of the average merchant’s fraud losses.
ATO differs from unauthorized transactions in that the criminal takes control of the person’s merchant account (like an Amazon Prime login and password), often resetting his or her username and password. In addition, ATO frequently involves changing the physical address or phone number on the account to prevent the legitimate accountholder from discovering the theft.
Fighting ATO has become more difficult with the rise of secondary account takeover. This occurs when criminals compromise non-financial accounts to facilitate account takeover of merchant or financial accounts. Mobile accounts have become especially popular targets. By taking over a mobile account, a criminal can intercept alerts, password resets, and SMS-delivered one-time passwords. Secondary account takeover also makes ATO more difficult to confirm. It takes an average of 53 days to detect account takeover fraud, compared to an average of 30 days for all fraud types.
- Friendly fraud, which differs from the other two types in that the perpetrator is the primary payment accountholder, produced an average merchant loss of more than $323,000 in 2017, up 4% from 2016, and accounted for about 30% of total fraud losses.
Friendly fraud arises through a combination of factors. The most egregious is the intentional abuse of the chargeback system, amounting to a sort of cyber-shoplifting. Less egregious but no less impactful are “disputed” transactions. These may occur in response to buyer’s remorse, when a customer changes his/her mind about a purchase. Instead of returning the item, the buyer contacts their issuer to dispute the transaction. This often involves merely clicking the “dispute” button on the issuer’s web site.
Unintentional purchases and unrecognized purchases are also major contributors to friendly fraud. Often consumers will see a charge on their credit card statement and not recognize the merchant or the amount of the charge. Purchases may be unrecognizable due to unclear merchant names on transaction registers or to differences in transaction dates (compared to posting dates). Unintentional purchases can result from shopping cart errors, accidental clicking on the “purchase” button, or through children’s use of in-app purchasing.
In its own way, this form of fraud may be the most challenging. Because the buyer is the legitimate accountholder, he or she will pass all fraud prevention or identity proofing challenges. Efforts to combat it may be hindered by a desire to avoid alienating the customer. It can be time-consuming and expensive to fight a chargeback claim, and often taking the loss is the least costly option.
A Growing And Evolving Threat
For many retailers, a successful holiday season is essential to a prosperous year. But with fraudulent opportunity booming via digital payment channels, fraudsters are likely to step up their online attacks this season.
Fraudsters have adopted new tactics and technologies that make detection of online and mobile fraud more difficult, forcing retailers to respond with countermeasures of their own. However, increased spending on anti-fraud measures is reducing the capacity of merchants to invest in other areas of their business.
Retailers should monitor their efforts — including the deployment of tools, processes, and personnel — to determine which are most effective in addressing this growing and evolving threat. Sacrificing over 20% of operational costs to fraud management should not be the norm, especially in an incredibly competitive environment that demands constant innovation and growth. If retailers don’t address these emerging fraud challenges promptly, this holiday shopping season could be the last time they serve their customers.
Tom Byrnes leads Vesta’s global marketing, communications and strategic business development operations. With more than 25 years of experience in business development and developing integrated B2B branding systems, loyalty programs, digital retail and social platforms, and integrated multi-channel communications strategies, Byrnes brings a results-oriented approach to driving sales and revenue. Prior to joining Vesta, he served as the CMO at TGate Payments, Spectra Payments and Evanta. He was also VP of Marketing for Chockstone, a customer loyalty and payments innovator. As the founder of Spark Brand Marketing, Byrnes worked closely with C-level executives in providing counsel on a wide range of brand, business and launch strategies in the payments and high technology industries.