FIS Modern Banking Platform
Advance your bank with a modern core platform.
John Winstel | Director, Fraud & Risk Product Management | Worldpay from FIS
September 21, 2020
While most of the world was on lockdown due to COVID-19, consumer purchasing behavior changed almost as rapidly as the virus was spreading. With many retailers open only for online orders and curbside pickup, a vast majority of consumers had to switch to online or other digital means to make purchases for basic goods and services.
The change in purchasing behavior is not just a blip in response to the pandemic. A recent FIS survey says 40% of consumers found they are now more likely to shop online in the future than in-store. The payments industry is also seeing a dramatic rise in the use of P2P payment options like Zelle and Venmo which are rapidly becoming the preferred way to move money without actually having to use cash.
Even before COVID-19, fraudsters were creating new methods to defraud merchants, customers and financial institutions. The pandemic has accelerated what they already started. According to a 2019 Juniper Research report, retailers were projected to lose an estimated $130 billion globally in card not present fraud over the next five year, a number that is sure to grow as merchant and consumer response to COVID-19 continues to evolve.
The major trends we are seeing in cybersecurity effecting merchants are the same ones impacting all of us as individuals. For example, there has been a huge increase in phishing attacks. Google reports they are stopping 240 Million COVID-19 spam emails and 18 million malicious COVID-19 emails each day. Additionally, “smishing” attacks are on the rise. Smishing is any kind of phishing that involves a SMS text message.
The BOPIS (buy online pickup in store) buying trend or “Mobile Order Ahead” in the restaurant industry, covers the combination of physical and digital experiences. Fraudsters have followed the popularity of BOPIS by using stolen credit cards or stolen account credentials to place an order online, pick up the goods at a store, and then either keep the items or resell them for a profit. Since BOPIS pickups often require minimal proof of purchase, it is easy for fraudsters to get in and out without detection.
EMV technology has proven very effective in reducing card present fraud. In the United States those rates have dropped by 88% since merchants started upgrading their POS terminals. But when it comes to eCommerce fraud, a Mastercard/LexisNexis study reports that overall retail fraud attempts doubled year-over-year and tripled since 2017. Fraud Rings use artificial intelligence (AI) tools and deploy sophisticated bots to test cards and credentials purchased from the dark web.
Account takeover (ATO) is seeing significant growth and is a lucrative market for loyalty points on the dark web and login credentials for accounts loaded with points. These accounts can fetch hundreds of dollars. With the precipitous decline in travel, consumers are less likely to spot suspicious activity in their airline and hotel accounts making them ideal targets for criminals. When a fraudster finds or steals user credentials, they enter the account, change their settings (like email and phone number) and lock out the user. Next, the fraudster essentially takes over the account and purchases from the site.
There has been an uptick in friendly fraud though it’s not typically as malicious as criminal fraud. But it still results in massive losses for businesses from chargebacks and fees, double refunds, the cost of lost goods, and placement in chargeback monitoring programs, friendly fraud can be accidental or intentional. Sometimes a consumer simply doesn’t recognize or remember a purchase, or their card was used by a family member without their knowledge. It could also be the result of someone making a purchase and not having the money to pay for it.
BOT or carding attacks are also increasing for merchants. A fraudster can place a BOT on a merchant’s site to match up account numbers they stole from a data breach are still valid. The BOT will run through thousands of cards to find an active account number and they will use that card number to illegally purchase items.
So, what are the most effective strategies and best practices that merchants can use to help mitigate current fraud trends? Here are several to strongly consider:
Let's work together to reach your goals. Contact us at the links below and a representative will be in touch.
We are here to help you and your business. Contact us using the button below.Learn more