A convenience before the pandemic, shopping online has become a necessity for many. When the US locked down to prevent the spread of COVID-19, retail stores shuttered, driving more consumers online. Not surprisingly, online sales jumped 31.8% in the second quarter of 2020.
At the same time, account takeover (ATO) fraud for e-commerce customers has skyrocketed. Fraudsters have focused on hijacking online accounts to divert goods in-transit, or utilizing Buy Online Pick Up in Store (BOPIS) to commit shipping fraud.
It starts with criminals and fraud rings gaining access to a customer account with the intention of stealing merchandise. They may not change account information to avoid detection, but instead place an order and have the package shipped to the address on file. Once the package has shipped, the criminal accesses the customer’s account and redirects the in-transit shipment to their own address.
Alternatively, fraudsters are placing orders for BOPIS and picking up the goods without the legitimate customer realizing it.
To protect consumer accounts and their bottom lines, retailers should look to implement device-based authentication solutions into their fraud prevention program.
Shipping fraud was a growing problem even before COVID-19
Based on our findings, shipping fraud was one of the biggest fraud trends in 2019, when we saw a 391% increase YoY.1
Pandemic-related store closures drive record e-commerce growth in 2020
Hunkered down with stay-at-home orders as the first wave of the COVID-19 pandemic hit last spring, rising numbers of consumers relied on online retailers for food, masks and even toilet paper. Even retail stores that were able to remain open during the shutdown shifted to support curbside or in-store pickup as a way to protect staff and customers. As a result, online retail growth spiked in Q2.
In the US, online retail sales increased 31.8% in the second quarter of 2020 and 44.5% over the same quarter in 2019, according to the U.S. Department of Commerce. For the first time, e-commerce represented 16% of total retail sales in the quarter, as overall retail sales decreased 3.9% in Q2 and 3.6% year over year.
Online shopping fraud follows the money
Criminals never let a crisis go to waste. While fraud related to online shopping is hardly a new concern, fraudsters have taken advantage of the global pandemic to steal significantly more merchandise.
During the pandemic, 18% of consumers report being victims of porch piracy, having had a package or delivery stolen since March.
Retailers face increasingly sophisticated shipping fraud tactics
|Type of shipping fraud||How it’s done||Bottom line|
Once a package is en route, the fraudster logs in to modify the delivery address and redirects it to their own address.
Hurts retailers and harms customer loyalty. Stopping it helps to reduce customer service call volumes and ensures timely and quality delivery of packages for consumers.
Stolen/compromised shipping accounts
Fraudsters steal pre-paid shipping account numbers from consumers or businesses to make unauthorized shipments.
Hurts logistics companies, retailers and consumers. Stopping it helps companies and retailers avoid fraudulent shipping expenses and helps reduce friction for good customers.
Once accounts are compromised, packages are routed to a central location and then distributed to fraudulent locations. The central distributor may be a part of the fraud ring, or may also be a fraud victim and unaware that they are shipping stolen goods.
This hurts logistics companies, retailers and consumers. Stopping it would help companies and merchants decrease fraud attempts and break up fraud rings.
How to stop shipping fraud: Better account authentication and authorization
Since shipping fraud starts with unauthorized account access, stopping it requires retailers to improve protections to customers’ online accounts. This doesn’t mean interrupting every customer transaction with an authorization request, but it does demand a friction-right approach to protecting certain types of account activities.
Given the growing number of data breaches, many user account credentials are readily available for sale on the dark web. Therefore you have to assume that accounts aren’t secure. To combat shipping fraud, applying authentication and authorization triggers to certain types of account behavior that are key risk points — such as when an email address, shipping address or phone number is updated — is critical. There are a number of risk-based authentication tools retailers can utilize to combat shipping fraud:
- Device-Based Authentication. –Two-factor authentication that pairs known devices with accounts for an effortless login experience. It simultaneously checks against a full spectrum of risk indicators in real time — like when a package is left at the door, or when a purchase is made over a certain price point — to determine if additional authentication methods are needed.
- One-Time Passcode. Protecting accounts is a logical first step to stopping shipping fraud. Reliable verification of a phone number associated with an account can help retailers and shipping companies protect against account takeover from unknown devices.
Verify that a consumer is associated with the provided phone number by issuing a one-time SMS code. This familiar and effective authentication method enables businesses to transact with confidence while delivering a friction-right consumer experience.
- Multifactor Authentication. Most major shipping and logistics companies now have mobile apps in which customers can track orders, reroute shipments and sign off on deliveries. Given the high shipping volumes and need to socially distance during COVID-19, contactless delivery is a major priority and trend that is likely to stick around post-pandemic.
Multifactor Authentication is a comprehensive solution that extends the authorization capabilities of mobile devices that end users already own. Having real-time push authorizations that offer consumers numerous options for authentication, all easily embedded into a mobile app, is becoming a must have.
Making a plan to stop shipping fraud
The holiday season is already underway, and it looks like COVID-19 will continue to influence consumer behavior well into 2021. Now is the time to implement better account authentication and authorization capabilities to protect customers and your business. Ask yourself these three questions:
- Do you protect customer accounts with authentication that goes beyond username and password?
- Do you prioritize validating certain account changes and transactions with additional security?
- Do you require logistics partners to get mobile authorization to change shipping addresses prior to delivery?
If you answered ‘no’ to any of those questions, consider making some changes to the user account management process. Start by checking out how B&H Photo used TransUnion’s fraud solutions to shut down a 5-figure reshipping scam and stop 95% of fraud.
12020 e-commerce report