Tips to combat eCommerce fraud during the holiday season
For eCommerce, 2020 is not business as usual. The emergence of COVID-19 resulted in a seemingly overnight shift to digital environments. While at first glance this seemed like a major opportunity — as evidenced by a recent Salesforce report that found a 71% global increase in online sales in the second quarter of 2020 — it also introduced significant challenges.
“It is not hard to see why the crisis might provide fertile ground for fraud. The combination of financial and health threats makes people more vulnerable and creates opportunities for fraudsters,” stated a recent Deloitte article. Cyberattacks are at an all-time high, with IDC predicting global spending on cybersecurity to reach $133.8 billion in 2022. This only reinforces that fraudsters are looking for unique opportunities to exploit COVID-19-related fears and steal valuable information from businesses and consumers.
In order to survive a crowded marketplace in a heightened threatened landscape, eCommerce businesses have no choice but to invest in competitive differentiators, including providing secure and customized online experiences. Deloitte predicts eCommerce sales in the U.S. alone will grow by as much as 25% to 35% between November and January.
Against this backdrop, businesses will need to be vigilant and digitally prepared in order to win customer loyalty, combat fraud and protect reputations and revenues well into 2021. However, to do that effectively, it’s important to understand the variety of threats that lie ahead.
Identity theft occurs when a fraudster opens up an account and makes an unauthorized purchase using a different person’s information. A study from Worldplay found that identity theft was the most common type of eCommerce fraud committed last year — almost three quarters (71%) of cases. The COVID-19-fueled spike in online shopping could very likely complicate matters further. It’s for this reason that businesses must make it a priority to identify bad actors and ensure that only legitimate customers are validated to make purchases.
While high-profile breaches such as Macy’s or Target grab headlines, this type of identity theft proportionally impacts SMBs more because they do not have large security budgets or dedicated tech teams. Forty-three percent of cyberattacks are aimed at small businesses, and alarmingly, only 14% of them are prepared to defend themselves. Whether the result of limited resources or awareness, well-informed, opportunistic fraudsters know to target eCommerce businesses less able to defend themselves. And those that remain unprepared are much more likely to fall victim to the financial and reputational repercussions that ensue.
In addition to knowing the trends and tactics used by today’s identity fraudsters, eCommerce businesses of all sizes should adopt identity verification solutions that ensure anti-money laundering and know your customer compliance requirements are met in order to combat fraud during busy shopping periods.
COVID-19 has also been a catalyst for card-not-present (CNP) fraud — when a fraudster uses stolen information to make an online purchase where a physical card is not required — but CNP fraud’s prevalence predates the virus. A 2019 study from Juniper Research predicted that retailers worldwide were positioned to lose $130 billion from this kind of fraud between 2018 and 2023.
Partially a result of the rise in eCommerce, which is made up almost entirely of CNP transactions, CNP fraud is 81% more prevalent than point-of-sale fraud. This is particularly damaging to businesses because the responsibility to ensure that they’re selling to a legitimate customer falls on the organization. This can pose a double hit financially for these organizations that not only lose goods but also need to reimburse the defrauded consumer.
When verifying identities at account creation, smarter data can be a great solution to keep fraudsters away. It’s no secret that every online transaction leaves a data trail, even the fraudulent ones. While purchasing goods online, customers will need to provide their name, shipping address, credit card number or other personal information, and this data can help companies define, authenticate and verify identities, ensuring that the right person receives the right goods and services.
Statista research indicates that mobile eCommerce accounts make up more than half of sales. This opens up another far-reaching avenue for fraudsters and ample opportunity to exploit vulnerabilities in mobile by leveraging phishing and vishing scams, as well as malware attacks.
In fact, Check Point Research put out a report examining apps pretending to be COVID-19 apps that are actually created to take over Android devices. Meanwhile, the use of malware to gather personal data and overtake an account is often too advanced for consumers and merchants to prevent it all together but, nonetheless, the onus falls on the business to minimize such fraudulent mobile transactions.
To mitigate mobile fraud, mobile identity verification technologies should be incorporated into anti-fraud defenses. But it’s not just for mobile fraud. When combined with a digital identity network that offers multiple verification layers, it can defend businesses from any type of account opening fraud.
Navigating the fraud landscape
Nobody can predict exactly how the eCommerce landscape will fare as we move into a slew of busy shopping periods amid a global pandemic. But in a year of uncertainty, we can trust in one thing: To effectively prevent fraud, it’ll be important to invest in the digital infrastructure necessary to verify legitimate customers.
Pandemic or not, consumers have high expectations, and the global shift in how we buy has only fueled their demand for a seamless purchasing experience. COVID-19 has put eCommerce security firmly under the spotlight and only businesses able to respond to existing and emerging threats will grow their reputations and revenues into the coming year.