Fraudsters and online stores have played an evolving game of cat-and-mouse ever since the first eCommerce platform was invented. In this article, we’ll talk about some of the latest emerging patterns of fraudulent behavior and what it’s costing businesses that don’t have an effective fraud prevention solution, so you can stay ahead of the curve.
Digital Goods and Why Fraudsters Love Them
The Risk Solutions True Cost of Fraud Report is a LexisNexis study that examines the growing trends in eCommerce sales fraud and the consequences for businesses of all types and sizes. According to a recent report, chargeback losses have increased by 60% among digital goods merchants.
“Digital goods” is a common term to describe any products that are stored, used, and distributed in an electronic format. Digital goods are typically delivered to the consumer via email or download from the Internet. They include products like movies, music files, software packages, cloud-based apps, eGift cards, audiobooks and ebooks. Due to their convenience and widespread popularity, the sale of digital goods is on the rise, and the fraud schemes that target them are as well.
One key factor responsible for the dramatic increase in this type of fraud is that fraudsters see the immediate delivery of digital products as a weakness they can exploit. When it comes to physical products, there is a timeline between when an order is placed and when it is shipped, which allows a seller to check for fraud the old fashion way — by manually reviewing the transaction. Buying digital goods, however, often involves an online transaction followed by an instant electronic delivery. Under such circumstances, a company typically has a window of less than one second to spot and stop a fraudulent transaction. Therefore, fraud screening must occur at the moment of purchase, which is impossible for businesses without an automated fraud detection solution linked with their integrated payments process.
Fraud prevention services use analytics to reveal unusual patterns that coincide with credit card fraud, money laundering, or loan fraud. Many eCommerce businesses process millions of transactions per day, and so if even 0.3 percent of those one-second windows are missed, large financial institutions may suffer losses of $10 million per year or more. In short: eCommerce businesses (especially large ones) must get a highly efficient automated fraud detection system.
Source: LexisNexis Risk Solutions 2019 True Cost of Fraud Study E-commerce/Retail Report
Credit Card Data Breaches Hurt eCommerce, Not Consumers
When it comes to preventing credit card fraud, eCommerce merchants must keep a very watchful eye. Fraudsters often obtain credit card information to make unauthorized purchases, but how do they gain access to this sensitive data? Two words: Data breaches. Data breaches in businesses and financial institutions are largely responsible for the continuous rise in sales fraud.
In 2014 and 2015, data breaches hit an all-time high, and we continue to see its effects today. The Identity Theft Resource Center noted that there were 786 data breaches in 2014, a 27.5% increase from 2013. Within the first six months of 2015, 436 data breaches exposed more than 135 million records. With so much personal data floating around on the dark web, it’s easy for a fraudster to find credit card information and execute an attack.
At first glance, it may seem that the customer is the victim of a data breach. However, customers who discover fraudulent activity are protected by their financial institution. All they need to do is file a dispute and get their money back. They can even freeze their credit to prevent identity theft. Merchants, however, are the ultimate victim.
The millions of dollars lost from chargeback fees can do serious damage to businesses. Some of the largest companies in retail such as Staples, Michaels, Neiman Marcus, Home Depot, Goodwill, and K-Mart, have been seriously harmed by data breaches. Other businesses like Dairy Queen, P.F. Chang’s, casinos, UPS, and large chain hotels have hacked within the last few years.
To learn more about how stolen credit card information can sneak its way into your transactions, click here.
Combating Bot Attacks
There’s been a 33% increase in automated botnet activity since 2019. A bot or botnet is a network of compromised computers and similar devices controlled by one central server. Bot networks can consist of hundreds, thousands, and sometimes millions of computer devices being controlled by one source. Bots are often used to infect innocent devices or software with malware (malicious software). While the central “command” server can control the bot, they also have the worm-like ability to self-propagate. They are capable of causing major damage to individuals and businesses alike. A bot attack may consist of gathering passwords, identity theft, collecting financial information, DoS attacks, relaying spam, logging keystrokes, opening back doors on the infected computers, and exploiting back doors opened by viruses and worms.
Merchants need to be on high bot-alert when selling heavily discounted or free products. Sometimes fraudsters use these bots to create multiple orders in an attempt to get as many free products as possible. A smart tactic, right? Bot attacks are particularly active on Black Friday and Cyber Monday. We recommend that the merchant charge at least a shipping fee to disincentivize this behavior.
Synthetic Identity Fraud
Synthetic identity fraud is when fraudsters create fake identities by stealing Social Security numbers and coupling them with false information like names, addresses, and even dates of birth. This constitutes a serious threat to merchants because there is no identifiable culprit. Synthetic identity fraud can take years to detect, and it may even go unnoticed. It has become the fastest growing and most common financial crime in the United States. It cost banks $6 billion in 2016, with the average chargeback amounting to $15,000.
There are two methods that fraudsters use to create synthetic identities:
1. Manipulated Synthetics – This type of false identity is created from an individual’s real identity, but with limited changes made to their SSN and other personal information. This method is popular among people attempting to hide their credit card history in order to open a new line of credit, but it can also be used by fraudsters with malicious intent.
2. Manufactured Synthetics – Here, fraudsters collect bits and pieces of personally identifiable information (PII) from a group of real people and create a single fake identity. This is much more difficult to detect.
Identity fraudsters are capable of opening many accounts simultaneously. Then, they can use those accounts responsibly to build a credit score. When they rack up enough fraudulent charges, they use real credentials (used to create their fake identity) to pose as a fraud victim and get their credit line restored. Then, they use the additional credit to commit more theft.
Synthetic identity fraud is a complicated challenge, growing by the day. Solving this problem requires effective strategies that examine the core issue of identity legitimacy and typical outcomes. There needs to be a long and short term holistic prevention system capable of addressing the entire issue.
How Do You Determine the Cost of Fraud?
According to the LexisNexis Fraud Multiplier, the average cost of each dollar of fraud is now $3.13. This is up by 6.5% since 2019.
Source: LexisNexis Risk Solutions 2019 True Cost of Fraud Study E-commerce/Retail Report
To determine the “cost of fraud” companies should pay close attention to:
– Chargeback Fees: The chargeback fee was created to be a customer protection tool. Chargeback fees and refunds are taken from the merchant’s account automatically without any consultation. Merchants may dispute a chargeback if it’s illegitimate or fraudulent. However, the fees that come from the original chargeback will always remain the merchant’s responsibility.
– Penalty Fees: Penalty fees are primarily based on the percentage of chargebacks received in relationship to total sales. Merchants who exceed the allowed threshold are subject to penalties from both the card network and the acquirer.
– Merchandise redistribution: This is the process of planning, controlling, and managing the flow of merchandise from a vendor to a distribution center and then on to the store or customer. Rerouting along the way (due to fraud) can result in extra costs of thousands of dollars.
– Labor/investigation: Work and investigation in a fraud predicament takes time, energy, money (lots of it).
What Can You Do to Fight Chargebacks?
With the current fraud trends, the Risk Solutions True Cost of Fraud Report highlights the importance of using “more sophisticated fraud mitigation solutions”. It finds that “merchants who use a multi-layered solutions approach experience fewer issues and a lower cost of fraud.” A multi-layered approach to fraud defense may include some or all of the following: traditional verification solutions, automated fraud solutions, a one-time passcode, knowledge-based authentication, and/or digital verification and document verification.