Merchant Fraud in the Age of COVID-19: We Need to Prepare Ourselves for a “Tidal Wave” of Attacks
With millions of consumers around the world self-quarantining at home, online shopping for goods, services and entertainment has become the new normal for many. A recent analysis of our own data has shown that average transaction volumes in the retail sector in March rose 74 percent compared to the same period last year.
However, the COVID-19 crisis — and changing consumer behaviors — also present new opportunities for fraudsters, similar to what we saw during and after the 2008 financial crisis, meaning merchants could be hit by a tidal wave of new fraud cases if they do not act now. Some of the key fraud trends we are seeing include:
Phishing attacks and account takeover
Merchants are starting to experience dramatic increases in COVID-19-related phishing activities, with stolen credentials released into the eCommerce payments chain. Scammers have launched phishing attacks via text message and email, purporting to contain information or requests in relation to the pandemic. The messages can appear legitimate — perhaps with a prompt such as “click here to get your money now.”
However, the hyperlinks are malicious. If the links are clicked, fraudsters can access a computer or phone and steal sensitive information such as national security numbers and bank account data. They can then steal identities, money or both.
In times of economic crisis, friendly fraud usually increases. Friendly fraud means the genuine customer IS the fraudster. History tells us that when people face economic hardship and can’t pay bills, they often turn to “drastic measures” such as fraudulently claiming chargebacks on credit cards. Friendly fraud occurs when a genuine customer places an order using their own payment details and then launches a chargeback to recoup the cost of the item (while retaining the item). Friendly fraudsters often claim they did not receive the goods, that goods were faulty or damaged, or that goods were returned and the refund was not applied.
Merchants should monitor chargebacks closely during this time and ensure that order credentials are reviewed, e.g., was a delivery notification confirmed? Repeat offenders’ details can be blocked to prevent them from re-offending.
Synthetic fraud involves a fraudster mixing stolen, real information with fake information to create fraudulent accounts. By mixing genuine and fake ID details, fraudsters “create” a new persona and often set up new accounts in the name of this new fake persona, making it harder for some fraud monitoring systems to pick up the fake account, as many details appear genuine.
Fraudsters will equally use phishing tactics to steal loyalty points and then sell these points online in the same way they sell stolen credit card credentials. Consumers should therefore treat loyalty accounts as they treat their bank accounts — review them regularly and change passwords. Loyalty points should be viewed as another form of cash, albeit virtual cash. They carry significant value and can buy tangible goods and services, such as flight tickets and flight upgrades, hotel rooms, electronics items and even food — all beneficial to a fraudster, especially during challenging financial times.
This kind of fraud is often hard to spot or track down. It involves a fraudulent seller posing on an eCommerce marketplace and an unsuspecting consumer who places an order with that fraudulent seller. The fraudster then acquires the item from a genuine retailer using stolen credit card details (from another unsuspecting third party) to pay for the item. The fraudster will then use the address of the consumer who placed the order and ship the goods. Meanwhile, the third-party cardholder of the stolen credit card disputes the transaction with the issuing bank, resulting in a chargeback against the retailer. The fraudster in the meantime has received the money from the unsuspecting consumer. The retailer may blacklist the address, making future ordering for that consumer difficult. The fraudster usually gets away with the money.
During these unprecedented times, it is important for consumers to remain vigilant, check their accounts often and ensure they raise an inquiry with their bank on any onerous transactions.
Merchants should keep a close eye on transactions and will benefit from a multi-layered fraud strategy that uses a combination of consortium intelligence, profiling, machine learning and rules. Such a strategy will allow businesses to separate legitimate customers from fraudsters. It will enable merchants across all sectors to tailor the customer experience, improve conversion rates and maximize revenue and, most importantly, block fraud.
Find out more about ACI’s approach to multi-dimensional fraud prevention.
Related Blog Posts
Taking a Holistic View of ISO 20022 Migration and Payments Modernization in the Pacific
Today’s payments modernization efforts, most notably real-time payments, not only work to satisfy changing consumer preferences and behaviors, they also serve to future-proof national economies throughout the world. But for real-time payments to deliver maximum value, consumers and financial institutions must be able to exchange meaningful and actionable information — hence the development of ISO 20022, a standard for electronic data interchange that facilitates the fast, standardized and secure exchange of financial messages across borders.
How ISO 20022 Represents Both a Challenge and an Opportunity for Southeast Asia’s Payments Landscape
Governments across Southeast Asia (SEA) are increasingly recognizing the vital role that payments play in the engines of their economies, which has resulted in a number of payments modernization initiatives such as those in Vietnam and Malaysia (PayNet). Yet there is one particular area in which SEA’s financial institutions might still be lagging behind their global counterparts: the adoption of ISO 20022, which has become the global standard for high-value payments and immediate payments (IP) when it comes to cross-border payments.
Ready or Not, The Time Is Now for Real-Time Payments
Research from ACI and GlobalData confirms that demand for real-time payments is only going in one direction: up. The root cause of this increasing demand is rising customer expectations and behaviors; clunky and opaque payment experiences are becoming less tolerable in a world where customers can buy, watch and listen to almost anything with a swipe, tap or click.
When It Comes to Payments, COVID-19 Crisis Could Lead to Long-Term Shifts in Consumer Behavior [Q&A]
ACI Worldwide and GlobalData recently launched Prime Time for Real-Time, a new global report tracking and analyzing real-time payments volumes, growth and dynamics across 30 global markets. According to the global research, an industry first, more than half a trillion real-time payments transactions will be processed over the next five years. I discussed what the findings mean, and how the COVID-19 pandemic might be a further catalyst for behavioral change, with ACI’s global head of real-time payments, Craig Ramsey.
TCH RTP and FedNow: What’s Next for U.S. Immediate Payments?
It has taken some time, but immediate payments (IP) are on the move in the United States. Although the speed of adoption has been slightly behind the curve of regions like India, the Nordics and the U.K., the U.S. has seen significant year-on-year IP growth of 69 percent.
Social, Mobile and Instant Payments: How Digital Payment Overlay Services Will Power Up P27
For some years now, the Nordics region has been a global-standard bearer for payments and financial services innovation. Sweden has for many years been a leader in the progressive move towards cashlessness, championing the range of efficiencies that it brings. Major payments innovators like Klarna, FundedByMe and iZettle are based in the region, rubber-stamping Stockholm as a genuine fintech hub. Analysts and insight leaders also regularly single the Nordics out as a genuine leader, in particular praising the collaboration between governments, regulators, financial institutions and businesses that has led to such fertile ground for financial modernization initiatives.
How to Meet ISO 20022 Migration Deadlines for Fedwire and SWIFT
Over the next decade, we will undoubtedly see huge shifts in how financial institutions throughout North America transact, whether domestically or across international borders. This will be driven not just by changing technologies, but also by regulatory events – such as the widespread adoption of financial messaging standards like ISO 20022.
How Can European Banks Meet the ISO 20022 Migration Deadlines for TARGET2 and SWIFT?
First published in 2004 – and already broadly used in some quarters – ISO 20022 is rapidly set to become the de facto standard for financial messaging around the world, replacing MT messages.
The Pathway to Global Real-Time Payments: What Will Be the Impact of SWIFT and ISO 20022?
The whole world is moving toward the ISO 20022 standard, and almost in unison. Globally, most major currencies are planning to shift to the new data-rich standard for either high-value payments or immediate payments (high value being global messaging via the SWIFT network or an RTGS scheme).
Digital Payments Overlay Services: Accelerating Real-Time Payments Growth
The global real-time payments landscape is transforming every day, as the world moves toward payments that offer a multitude of digital payment overlay services that drive consumer experience and adoption. But what are digital payment overlay services? They are ancillary services that often ride the real-time payments rails, and can be flexible, nimble drivers of innovation. These digital services – piggy-backing on the standard real-time payments rails – not only add value to core payments, but also bring about convenience and ease of use for all participants in the payments ecosystem.