More people switched to buying their shopping online and paying for it using their smartphones, the economic lockdowns introduced to counter the impact of the coronavirus pandemic. But the enhanced consumer preference for mobile commerce (mCommerce) and mobile payments also attracted the unwanted attention of fraudsters keen to capitalise on the trend.
In its latest Risk Solutions True Cost of Fraud Study for Ecommerce and Retail report, Lexis Nexis found that businesses in North America that allow online transactions experienced the most significant year-on-year increase in fraud.
Lexis Nexis drew its conclusions from a survey of 1,118 retailers and eCommerce merchants selling 19 different goods and services to North American consumers, either online or through physical stores. It was conducted in April 2021 with responses tied to merchants’ experience over the past twelve months – in other words, at the peak of coronavirus induced economic disruption and lockdown restrictions.
Multiple categories of fraud are defined in the survey. These included identity fraud (the misuse of stolen payment methods like credit cards or personal information); fraudulent requests for refunds or returns and bounced cheques; lost or stolen merchandise; fraudulent applications involving the deliberate provision of false information about the applicant; account takeover by unauthorised individuals; and use of accounts for money laundering.
Increased fraud aligned with mCommerce expansion
The results of the Lexis Nexis survey suggest that eCommerce fraud rates, and the cost of dealing with fraudulent eCommerce transactions, have increased sharply just as more significant numbers of online retailers expanded to include more mobile channels to address customer demand.
The percentage of transactions completed using mobile channels in 2021 was up 10% year on year in the US (to represent 18% of the total) and 13% in Canada (21%). Lexis Nexis noted several key industries more likely to have seen mobile transaction volumes increased by over 20% year on year, including digital games, telecommunications, pharmaceuticals, healthcare, gifts, food and beverages, homeware, and sporting goods.
The volume of fraud attacks increased during 2021. The average number of successful attempts jumped 140% to 344 from 226 in the US, for example, and 52% from 275 to 400 in Canada. The number of fraud attacks that were prevented similarly quadrupled in the US to 480 and expanded 60% in Canada to 405.
Cost of fraud rises in parallel
There was a corresponding rise in the cost of dealing with those fraudulent transactions as calculated by the LexisNexis Fraud Multiplier. This algorithm estimates the total amount of loss a firm incurs based on the actual dollar value of the fraudulent transaction. Costs for eCommerce merchants in Canada experienced a pronounced spike between the pre- to early COVID-19 period in the first half of 2020 and the twelve months spanning July 2020 to June 2020, for example, when they swelled 34% from US$2.90 to US$3.90.
The percentage of overall fraud costs attributed specifically to mobile also grew in both countries – up 34% to account for 39% of the total in the US and up 22% in Canada to contribute 25% of overall costs. Only the online channel cost merchants more, and in both cases, that proportion declined in 2021 as more consumers switched to shopping via mobile channels.
Transactions shift from mobile browsers to apps
The increased use of mobile apps and contactless payment methods at the expense of mobile browsers have also prompted hackers to alter their targets and tactics, found Lexis Nexis, a problem compounded by difficulties with fraud detection of mobile transactions involving third-party payment providers.
Consumers have begun to use more contactless payment methods, including in-store contactless/payment readers, text to pay and bill to mobile channels. At the same time, Lexis Nexis also noted the emergence of virtual currency use to fund a small volume of mobile transactions.
In the US, the percentage of fraud losses attributed to mobile apps increased from 36% to 48%, while the equivalent figure for mobile browsers fell from 70% to 25%. Contact payment fraud losses too jumped sharply from 1% of the total in 2020 to 18% in 2021, as it did for text to pay and bill to mobile (up from 3% of the total to 19%).
Canada followed a similar pattern, with mobile app fraud losses jumping from 24% of the total in 2020 to 41% in 2021 as fewer consumers purchased goods and services online via mobile browsers. The most significant increase came from text to pay and bill to mobile, however, which accounted for 22% of fraud losses in 2021, up from a mere 1% in 2020. Contactless payment fraud amongst eCommerce merchants grew to represent a more significant proportion, up from 4% in 2020 to 18% in 2021.
The rise in mobile commerce fraud corresponds with a parallel rise in the number of merchants allowing transactions through mobile channels. In the US, 82% of eCommerce companies accepted transactions via mobile apps in 2021, up 53%. The equivalent numbers for Canada saw the number of eCommerce merchants accepting payments through mobile apps rise to 75% from 27% a year earlier. The use of mobile apps for food/delivery, shopping/curbside pickup and entertainment saw a massive surge in usage during the lockdown.
It was a similar story from a lower base for mobile billing and text to pay. Lexis Nexis’ labels for mobile carrier billing and SMS payment solutions involve purchasers sending a text message to pay for an item or service charged to the buyer’s mobile account balance. The number of US eCommerce merchants accepting transactions through the text to pay/mobile bill channel jumped from 17% to 81% between 2020 and 2021, concluded Lexis Nexis, while in Canada, it increased from 9% to 67%.
There was a parallel decline in the percentage of consumers using mobile browsers to do their shopping, down from 54% to 29% in the US and from 63% to 35% in Canada.
Best approach to minimising losses from fraud
Identity verification issues were behind a larger share of fraud losses amongst North American eCommerce merchants in 2020 compared to previous years. These were often linked to the theft of digital identity data such as mobile phone numbers and email addresses.
Many online sellers also struggled to determine the source and origin of individual transactions or differentiate between legitimate human activity and that performed by malicious bots devised by hackers to commit large-scale fraud using automation techniques. The survey also found that merchants struggle to accurately assess fraud risk according to individual country or region while balancing fraud prevention against reducing customer friction to minimise transaction abandonment rates is a constant challenge.
Specialist third-party payment providers can help here with sophisticated anti-fraud engines that use machine learning to analyse customer transactions in real-time and block any unusual purchases compared to previous purchasing patterns. Mobile network operators (MNOs) also have a role to play in supporting more robust know your customer (KYC) checks that help merchants identify and verify the customer (read my detailed blog here Telco KYC knowledge can combat mobile payments fraud here).
No one approach to combatting eCommerce fraud is likely to solve the problem when deployed in isolation. What is more likely to help merchants reduce both the volume of attacks and the cost of mitigation is a multi-layered platform that can integrate transaction risk mitigation with digital customer experience operations. Such a platform can provide an overlay of cyber security defences such as the multi-factor authentication and biometric tools commonly built into modern smartphones.