‘Soup To Nuts’ – A Multi-Layered Fraud Menu for the Holiday Season
The holiday shopping season is well underway, with Black Friday now behind us and many retailers around the world braced for higher levels of eCommerce fraud, from Cyber Monday all the way though until Christmas.
It’s a nerve-wracking, adrenalin-fuelled time of the year for any retailer – because of the potential traffic and sales volume, the technical challenges, and the potential to close out the year in an immensely profitable manner. But it’s always marred, in part, by the ever-increasing interest – and ingenuity – of fraudsters.
It’s not exactly ‘new news’ that holiday season fraud, especially in online channels, continues to rise year-on-year – but this is a trend that is truly global. A recent report by the Australian Payments Network, for example, highlighted the fact that 85% of all Australian card fraud (out of $561.4 million in total losses) falls in the card-not-present category. Retailers certainly can’t be blamed for experiencing elevated levels of stress at this time of the year!
Preparing for the perfect storm
We’ve said it before (probably around this time every year), but it bears repeating – it is critical that merchants prepare for a significant uptick in fraud attempts during the holiday period, especially in eCommerce channels. Partly because the industry has been so successful in securing card-present transactions with the now commonplace EMV chip and PIN cards that the online space is the one attracting the attention of criminals. But when you marry that trend with the business growth in the online channel, you have the potential for the perfect storm.
Keeping the fraudster ‘out’ is everyone’s responsibility. Consumers need to be more vigilant than ever during the holiday shopping season, and no-one is immune to fraudulent attacks, as high-profile data breaches have shown. Stealing and reselling data from ordinary consumers is a highly organized criminal activity and fraudsters have been finding ever more sophisticated ways to hack databases or obtain data from individual consumers, including via social engineering and phishing activities.
We’ve also seen new pathways being exploited by fraudsters, due to the increase in omni-channel shopping. Analysis of our own data shows that digital downloads (virtual gift cards or eGifting) have the highest attempted fraud rates, followed by online purchases with next day/overnight delivery. Fraud rate attempts for international online orders also made the top 10, as did ‘buy online/pickup in store.’ This last one has become an attractive option for fraudsters, as some retailers do not require consumers to re-run cards when they pick up products in store.
Merchants must be more vigilant than ever and shore up eCommerce fraud protocols. I can’t overstate the benefit of a targeted risk strategy based on peak holiday trading predictions to ensure maximum revenue, but also to minimize false positives. Keep an eye on your promotions teams and marketing efforts – don’t get taken by surprise!
The need to effectively identify and block fraud, but keep the ‘good’ sales flowing, is what makes this such a tricky time of year. Retailers should look to implement a real-time fraud solution that is both hyper-scalable (watch this space – this catchphrase is going to grow in the context of eCommerce) and continuously monitors fraud behavior and trends across all channels, both online and in-store.
The role of service providers and ‘hyper-scalability’
What can we do, as service providers, to help ensure that fraud in digital channels (as highlighted in the Australian Payment Network’s report) doesn’t take the sheen off what otherwise should be a season of joy?
You may have read reports that indicate that less than half of consumers trust stores, online shopping sites and restaurants to protect their financial data – but in reality, that doesn’t seem to be dampening the appetite of those same consumers to ‘take the risk’ and shop online anyway. And fraudsters’ appetite in targeting this channel is not going to diminish as long as this is the case.
With highly targeted and increasingly sophisticated fraud, merchants will only ever be as successful as their weakest link – so service providers MUST be able to demonstrate the ability to hyper-scale. They need to be fast to cope with the ever-increasing traffic over shorter and shorter timeframes. Peaks within the peak season.
It is such ‘non-functional requirements’ (NFRs) – namely, security, scalability, globality, serviceability, capacity and availability – that are increasingly the differentiator for service providers.
At ACI, we have an emphasis on delivering against these NFRs, but also focus on how consortium data can be used across our user-base in a more comprehensive way, allowing us to create calculations within the consortium that can be used in creating rules. Existing customers are seeing uplifts in conversion, reduction of false positives, faster through-put and fraud savings as a result of this consortium approach – something that is more important than ever as holiday season shifts into high gear.
There is no magical ‘silver bullet’ to fraud prevention though – I strongly believe that a multi-layered approach – a “soup to nuts” solution, if you will – provides the best results. Machine learning capabilities alone will not suffice. You must also have rules that enable you to react to immediate needs, promotions and deviations from ‘the norm’ (for example, the peak processing period!).
It’s also imperative to have the flexibility to decision in real-time, or in near real-time, if your business lends the opportunity to conduct manual reviews. A comprehensive business intelligence capability provides a window into transactions in near real-time and is necessary to pre-empt where fraud strategies need tweaking as the holiday shopping season progresses.
Find out more about ACI's UP Payments Risk Management solution for Merchants, or read tactical recommendations about stopping holiday fraud from our Leader of Risk Services, Erika Dietrich.
Related Blog Posts
The EMV Deadline Has Been Extended for U.S. Fuel Merchants – Now What?
U.S. fuel stations were originally supposed to be EMV-compliant by October 2017, but due to complications and costs at the time, the deadline for EMV at the pump was extended for three years – and it has now been pushed out further to April 2021 due to the COVID-19 pandemic.
Merchant Fraud in the Age of COVID-19: We Need to Prepare Ourselves for a “Tidal Wave” of Attacks
With millions of consumers around the world self-quarantining at home, online shopping for goods, services and entertainment has become the new normal for many. A recent analysis of our own data has shown that average transaction volumes in the retail sector in March rose 74 percent compared to the same period last year.
Global Fraud Landscape Evolving Quicker Than Ever – What Banks Need to Know
In the fraud prevention and cybercrime world, we often talk about fraudsters as the ultimate opportunists – looking for any weakness in a system that can be exploited. In recent years, as technological systems have advanced, fraudsters have increasingly turned to ”social engineering” to achieve their goals. Basically, hacking the person rather than hacking the system, as humans become the weakest link in the chain.
Predicciones de fraude para el 2020: Qué esperar con la rápida evolución del panorama de pagos en América Latina
La industria de pagos en América Latina está experimentando diversos cambios en varios segmentos a medida que la población de la región está cada vez más bancarizada y comienza a usar pagos electrónicos. Aunque el efectivo sigue siendo la forma de pago dominante, los gobiernos han impulsado los pagos electrónicos a través de la regulación. Esto ha asegurado que la aceptación y el crecimiento del pago con tarjeta hayan aumentado constantemente, han aparecido bancos digitales en diferentes países y el comercio electrónico ha aumentado significativamente.
Previsões para fraudes em 2020: O que esperar com o cenário de pagamentos em rápida evolução na América Latina
As violações de dados que envolvem dados de pagamento dobraram no ano passado por várias razões - falta de inovação em segurança, prioridades corporativas equivocadas e fraquezas nos portais de desenvolvedores, para citar alguns.
9 Holiday Preparedness Tips to Stay Protected from Fraud in 2019
The hustle and bustle of the holiday season often makes it difficult to prioritize consumer safety, especially when it comes to eCommerce and mobile devices. But with the growing threat of identity theft and other security concerns, it’s more important than ever to stay on top of consumer protection. After all, brand reputation and trust can take years to build, but all can be lost in a matter of minutes.
How to Survive Black Friday and Cyber Monday… and Provide a Great Consumer Experience
As Black Friday and Cyber Monday approach, shoppers and merchants alike await amazing deals and a welcome boost in sales, respectively. I took a moment to speak with two of ACI’s merchant payments and fraud experts, Andrew Marshman (merchant payments lead, Europe) and Erika Dietrich (VP, Global Fraud Prevention Risk Services) about what merchants need to know as they head forth into one of the biggest shopping seasons of the year.
Strong Customer Authentication in Australia: Reducing CNP Fraud and Streamlining eCommerce Payments
Minimizing fraud without harming the customer experience can be done – using the right tools
In 2017-18, card-not-present (CNP) fraud cost Australian eCommerce AUD $478 million and accounted for some 85 percent of all fraud on Australian-issued cards1. In 2016, CNP fraud in Europe represented 70% of all card fraud2. Seriously uncomfortable numbers.
2020 Fraud Predictions: What to Expect Across the Globe as Cybercrime Evolves
Our payment experts take stock of the trends that shaped 2019 and make their predictions for where they see the industry heading in 2020.
I sat down with our own fraud experts, Marc Trepanier, principal fraud consultant for North America, and Giselle Lindley, principal fraud consultant for APAC, to get their thoughts on what we can expect in the year ahead around payments fraud.
Strong Customer Authentication under PSD2: Consumer Education Will Be Crucial to Success
The European Banking Authority (EBA) has finally provided the promised update on SCA supervisory flexibility timelines – with a new hard deadline for migration completion of December 31, 2020. According to the new guidelines, migration plans of PSPs – including the implementation and testing by merchants – should be completed by that date, otherwise all players could face serious penalties for non-compliance.