Early Indicators of fraud trends emerging from COVID-19

Sunny Thakkar | Senior Product Manager, FIS

July 13, 2020

COVID-19 continues to disrupt virtually every aspect of commerce. These once-in-a-generation disruptions pose urgent challenges to many businesses.

Merchants are rapidly trying to adapt to COVID-19, with a shifting emphasis from in-store to eCommerce environments. Though it’s still early, hints of a “new normal” may be emerging:

  • 78% increase in card-not-present activity from March to April 2020 (Worldpay from FIS’ FraudSight data)
  • U.S. click-and-collect eCommerce sales are projected to jump 60.4% to $58.52 billion in 2020 (eMarketer, May 2020)
  • 40% of U.S. consumers are more likely to shop online more in the future (May 2020 FIS PACE survey)

Unfortunately, opportunistic fraud is also a feature of this new normal.

Fraudsters are seizing on the opportunities created by disruption and COVID-19 is also amplifying existing fraud trends, especially as more traditionally in-store transactions are being forced online. We’re seeing 5 key fraud trends emerge due to COVID-19.

Bot and “carding” attacks are increasing in eCommerce as a result of COVID-19 alongside increases in eCommerce transaction volumes. Fraudsters first obtain compromised consumer data from the dark web, then deploy bots to make small purchases to identify valid cards, followed by more frequent higher value transactions. Fraudsters target vulnerable merchants with less robust fraud systems like small to medium eCommerce businesses, quick service restaurants, or charitable websites.

Account takeover (ATO) is also increasing. Account takeovers are when fraudsters compromise sensitive personal information—like an email password—that can be leveraged to impersonate a consumer. Fraudsters take over the account by changing the account password and personal information such as email addresses and phone numbers to deny access and remove communication channels to the legitimate account holders. From there Fraudsters can make fraudulent purchases using cards on file, use loyalty points, buy gift cards, and leverage other personal identifiable information (PII) to compromise other accounts. This is a great way for bad actors to operate under the radar since the purchases look like they are coming from a legitimate loyal customer.

Friendly fraud is on the rise. “Friendly” fraud is when a legitimate cardholder makes a valid purchase only to later dispute the charges as fraud. Sometimes this is done simply because the cardholder does not recognize or remember the transaction, or maybe another family member made the purchase unbeknownst to the cardholder. However, there are also instances where cardholders can be more malicious in their approach to get out of paying for goods and/or services by disputing a transaction as fraud, even though the cardholder is well aware of making the purchase. A great deal of Friendly Fraud can be experienced in digital channels, especially those who offer trial periods. COVID-19 means new routines that involve social distancing and more time spent doing activities at home or digitally. Such activities can include starting a new digital subscription with a free trial period that starts billing automatically or playing online games that offer easy digital purchases. Purchases like these often fall victim to First Party Fraud as the cardholder claims the legitimate transactions as a fraudulent dispute. Friendly or not, merchants presented with such chargebacks are typically required to refund these types of transactions as well as bear the additional costs that come along with chargeback management.

Huge increase in click and collect. Many merchants are turning to click-and-collect—or Buy Online, Pickup In-Store (BOPIS)—services that reduce face-to-face contact. While convenient for consumers this practice is helping fraudsters evade point of sale defenses and gain access to goods the same day. Fraudsters can now use compromised credentials to make purchases online and pickup in-store, avoiding robust in-store EMV defenses.

COVID-19 accelerates existing eCommerce and mCommerce fraud trends. Long before COVID-19, trends in fraud were moving broadly from card-present in-store environments to card not present (CNP) eCommerce and mCommerce fraud. Juniper Research estimates that global retailers are set to lose $130B globally in CNP fraud over through 2023. Look for that to rise in the wake of COVID-19 as merchants are required to adapt and offer more eCommerce shopping alternatives.

Merchants will need to adjust to these new realities brought by COVID-19. A great place to start is working with your payment partners to refresh your company’s fraud strategies with emerging best practices, such as:

  1. AI-based machine learning fraud solutions helps your business stay ahead of fraud trends. Leveraging data profiles to model both “good” and “bad” behavior helps find and reduce fraud. AI-based machine learning will be increasingly essential to stay ahead of the explosive and sophisticated eCommerce fraud.
  2. Increasing capabilities around device fingerprinting and behavioral data are essential to detect fraud before it happens. While much of the user-input values can be easily manipulated to look more authentic, device fingerprinting and behavioral data are captured in the background to derive unique details from the user’s device and behavior. Bringing in more unique elements into decisioning, can help authenticate the users and determine the validity of the transactions.
  3. Fine-tune strategies. Collaborate with payment and security partners to harmonize and effectively leverage all your fraud defenses. Pair AI/ML with device fingerprinting through analytics to develop targeted strategies that are most relevant to your industry.
  4. Prioritize user authentication. User authentication is a vital linchpin in any fraud defense and should receive even greater priority today. Setting strong password requirements and implementing multi-factor authentication helps curb fraud attacks from account takeover.

Fraud was around pre COVID-19 and will continue to remain long after we’re past this point in history. Protecting your business and revenue requires continued diligence but we’re here to help. Contact us to learn more about the fraud strategies that can help protect your business revenue.