Two seconds. In the time it took to read those words, another instance of identity fraud occurred in the United States. And with e-commerce accounting for 49% of the nation’s retail growth in 2017 — with incredible sales of more than $453 billion — it’s a problem merchants can’t afford to ignore.
E-commerce lost nearly $7 billion to chargebacks caused by fraud in 2016 — and that number is expected to reach $31 billion by 2020. It’s not just a matter of reimbursing fraud victims. Revenue also takes a hefty hit from replacing, shipping and insuring items lost to fraudulent transactions, as well as costs associated with manual reviews, chargeback fees, investigations, and attrition from angry customers whose orders were wrongly rejected.
Widespread EMV (Europay, Mastercard and Visa) adoption, massive data breaches, increased international transactions, new payment options like mobile wallets, and the sheer sophistication of criminals have caused an increase of online fraud that translated into total costs of $530 billion. American merchants a major target, drawing 52% of attacks worldwide, according to Chargeback’s E-commerce Payment Fraud Outlook 2017–2020. By comparison, next-highest number was in the United Kingdom which experienced 9% of global fraud.
E-retail is expected to be confronted with an alarming 65% of fraud by value by 2020 – facing losses of $16.6 billion, according to Juniper Research. Although luxury goods were often targeted by fraudsters in brick- and-mortar stores, apparel websites have been a heavy target online, experiencing a 70% increase in attacks in 2016. The holidays are a particularly dangerous time for all merchants, with retail fraud attempts surging 31% in the Q4 2016 over the previous year – and far outpacing the 16% growth in the number of overall transactions, Security magazine reports.
Retailers face a tough balancing act: vigilantly detecting fraud while delivering an exceptional customer experience. Customers demand safe and reliable online transactions, and companies that don’t deliver — or worse, wrongly reject legitimate transactions as fraud —quickly risk losing their loyalty.
Learning to spot fraud at the earliest signs is vital for merchants struggling to keep these costs from hitting their bottom lines. Read on to stay on top of the latest threats clever criminals are launching at online retailers worldwide.
- EMV-driven fraud: With chip cards making illicit actions more difficult at the point of sale, criminals have shifted their focus to card-not-present Online retail fraud rates have surged since the EMV rollout as hackers scramble for another way to use credit card account information stolen during data breaches.
- Identity fraud: Identity fraud — when cybercriminals steal sensitive data and use a victim’s personal information to conduct transactions— is the most well-known form of e-commerce fraud, and it can have devastating effects. A record number of identity fraud victims in the U.S. triggered losses of $16.8 billion in 2017, according to the 2018 Identity Fraud Study by Javelin Strategy & Research. The cost of application fraud, in which information stolen in a hack is used to open new credit card accounts, is expected to hit $2.1 billion by 2020.
Retailers take a double hit from these crimes in lost merchandise and chargebacks to the victim. To add insult to injury, recent retail data breaches suggest that clever hackers have also started stealing personal information directly from retailers.
Common sources of this theft are:
- Pagejacking, when cybercriminals redirect customers from a retailer’s site to an illegitimate website that asks for login and other information.
- Man-in-the-middle attacks, when hackers muscle in on communications between the retailer and customer.
- Targeting third parties that the retailer does business with who are not likely to employ strict security measures.
- Account takeover/loyalty fraud: The number of account takeovers — in which thieves used stolen login information to access consumers’ accounts — hit a four-year high in 2017, with losses that surged 120% in 12 months to $5.1 billion, the Javelin study reports. The rise of same-day shipping makes these crimes even harder to prevent, as merchandise is often lost before retailers realize there is a problem.
- Returns/chargeback fraud: The National Retail Federation reports that return fraud, when customers return merchandise they used or stole, costs merchants $17.6 billion every year. Chargeback fraud doesn’t necessarily have to involve identity theft. Fraudsters simply order items from a website and then initiate a chargeback after the items ship, claiming their identity was stolen or the merchandise was never received.
- Triangulation fraud: This complex form of fraud involves three steps and is quite difficult to track. First, a cybercriminal sets up a fake online store on a site such as eBay to collect a customer’s private data. Once the victim places an order, the thief uses the information to commit fraud by making purchases with accurate cardholder information after stealing copious amounts of their personal data. A second victim’s card information is typically used to pay for the purchases and the items are shipped to the first shopper, leaving the merchant to absorb the loss.
- International transactions: An increase in international orders has left retailers more vulnerable to e-commerce fraud, as research shows that fraudulent transactions originate most often overseas. Chargeback’s outlook asserts that Indonesia presents the most risk, with more than 30% of its online purchases proven to be fraudulent. Venezuela, South Africa, Brazil and Romania round out the top five list for fraudulent attacks. The difficulty of prosecuting cybercriminals across international borders further complicates matters, as well as difficulty keeping international tabs on individual customers. This information doesn’t mean retailers shouldn’t approve international sales, but it does indicate a need for vigilance.
- Multiple-channel fraud: Good customers and retailers enjoy the convenience and lower costs associated with online ordering and in-store pickup, but this also presents an opportunity for fraudsters. Lack of communication and tracking across different sales channels makes it easier for criminals to bypass protections. Verifying a customer’s shipping address is a safeguard for online screenings, for example, but it’s less effective when thieves choose in-store pickup.
- Mobile fraud: M-commerce, or transactions initiated on a mobile device, are expected to grow nearly 260% by in just two years to $284 billion as new payment options like mobile wallets grow in popularity. Not surprisingly, fraudsters are seizing on the security learning curve this new sales avenue presents. M-commerce companies reported an average of 880 fraud attempts each month in 2016 – 581 of which, or 66%, were successful.
- Automated fraud: The black market is loaded with sophisticated tools that thieves can download to commit illicit actions quickly, resulting in large losses for retailers. One common attack is card-testing fraud, when fraudsters test randomly generated or stolen credit card numbers with random CVVs on ecommerce sites. Once a match is made, thieves can use bots to place fraudulent transactions at lightning speed. These criminals are also using bots to place many orders in sequence with computer-generated email addresses.
The sheer volume of e-retail transactions is exploding, and customers won’t stand for anything less than smooth and speedy service. But retail fraud is exploding at an exponential rate, and merchants are scrambling for ways to detect increasingly sophisticated fraudsters without frustrating good customers.
TransUnion understands that one of the most effective way to fight fraud is for retail organizations to understand attack trends and thoughtfully invest in identity solutions. IDVisionsm was created to restore companies’ confidence in conducting business by providing tools to enable them to mitigate instances of fraud and identity theft in real time.
Most identity management solutions focus on linking supplied information to an identity, but struggle to determine if the identity is compromised, fraudulent or even real. IDVision adds this critical step, and stands out from other solutions by providing the tools necessary to help companies prevent losses in a single suite.
By building upon TransUnion’s vast experience handling sensitive information, as well as its access to a layer of quality data not offered by other sources, IDVision helps companies protect their bottom lines by enabling them to approve transactions with confidence — while delivering a superior customer experience.