Online sales have boomed during the pandemic, but so too has eCommerce fraud as hackers prey on people new to online shopping who have little choice but to buy more of their goods and services over the Internet as physical stores have remained closed.
Figures compiled by risk management and research firm Lexis Nexis last summer suggest that among mid-to-large online retailers (those which sell over US$10m worth of goods online a year), every US$1 of fraud costs US$3.73 to deal with, up 6.6% from US$3.50 in 2019. The company published its 2020 True Cost of Fraud Study E-Commerce Retail Report in July 2020, based on a survey of 801 risk and fraud executives working for retail and eCommerce companies across the US and Canada in the first quarter of 2020. It found that total fraud attempts impacting online merchants per month were up 24% from 277 to 344 in 2020, with only 118 (34%) prevented.
That trend looks set to continue with the number of people set to buy more digital and physical goods and services and transfer money online over the next few years predicted to rise further. A study from Juniper Research forecasts that businesses in eCommerce, airline ticketing, money transfer and banking services will cumulatively lose over $200bn to online payment fraud between 2020 and 2024, driven by the increased sophistication of fraud attempts and the rising number of attack vectors.
Its Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2020-2024 report found that the increasing volumes of digital payments continue to expand the attack surface for fraudsters significantly. Lexis Nexis also concluded that selling digital goods is riskier than selling physical goods while detecting fraud in remote channels, especially mobile, is more complicated than in physical stores. Smartphone eCommerce transaction speeds and volumes exacerbate the problem, while synthetic identities and botnets present a significant challenge for mCommerce companies.
Juniper Research highlighted digital money transfers as one of the fastest-growing areas of fraud, with losses set to expand 130% between 2020 and 2024. With so many mobile payment providers offering money transfers within their apps (WorldRemit, Venmo, PayPal, TransferWise and MoneyGram are just a few examples), the problem is again linked strongly to smartphones and mCommerce. Juniper found digital money transfer fraud particularly strong in emerging markets with payments vulnerable to handset SIM swapping and synthetic identities. Smartphone embedded security tools are generally less stringent than those on laptops and desktop PCs.
How to prevent online fraud
Online merchants know they have to get better at detecting and remediating eCommerce fraud to minimise their losses. But they are also aware that introducing onerous cybersecurity steps into the buying process could negatively impact the customer experience and lead to potentially higher transaction abandonment rates.
To date, most merchants have tended to focus on addressing fraud risk at the point of a transaction rather than engaging in session or behavioural monitoring or validating the identity of a user to assess risk before the transaction. Yet Lexis Nexis believes the best strategy involves the integration of both cybersecurity and risk-appropriate identity verification. And that requires more real-time data and better transaction tracking if retailers are to spot and eliminate risks before fraudulent purchases happen.
Juniper Research also recommends that payments companies focus on omnichannel fraud management to combat the threat, encompassing tight cybersecurity controls at access points and machine learning analytics to identify fraudulent behavioural patterns. Implementing know your customer (KYC) verification, for example, including events-based re-verification following customer onboarding, will go some way to securing rapidly expanding levels of digital transactions.
Payment service providers deliver greater security protection
Those type of cybersecurity capabilities can be complex and time-consuming for merchants themselves to set up and maintain. Still, third-party payment service providers are available to manage the platforms on the seller’s behalf. Available tools include protection against the wrapping, spoofing, and clickjacking that stop counterfeit landing pages from being embedded in legitimate websites, such as incoming data monitoring and validation tools to weed out malicious activity.
Providers can also instigate real-time processes that analyse hit rates and conversion rates to detect signs of suspicious behaviour, which may indicate fraudulent activity, alongside real-time checks on user subscription histories to help verify their identity and shopping history.
They can work with merchants to address customer profile and KYC-related regulations, which can vary in different countries. Support for direct carrier billing (DCB) as an online payment option allows a merchant to block or allow certain transactions depending on their network of origin (4G or WiFi, for example) and user location, apply limits to user spending by day, week or month and apply multi-factor authentication (MFA) processes in the form of OTP or PIN confirmation. DOCOMO Digital also offers a Billing Risk Manager, which provides complete transparency in subscriber transaction histories and billing details which can help to significantly reduce bad debt incurred through non-payment of bills and billing disputes.
For online merchants that want to maximise their revenue by reducing or eliminating fraudulent transaction rates, outsourcing security to a specialist payment provider able to forge DCB relationships with multiple mobile network operators (MNOs) simultaneously is a fast and convenient approach.