Skip to Main Content Skip to Footer Content
Close Search

Merchant Fraud in the Age of COVID-19: We Need to Prepare Ourselves for a “Tidal Wave” of Attacks

Merchant Fraud in the Age of COVID19

With millions of consumers around the world self-quarantining at home, online shopping for goods, services and entertainment has become the new normal for many. A recent analysis of our own data has shown that average transaction volumes in the retail sector in March rose 74 percent compared to the same period last year.

However, the COVID-19 crisis — and changing consumer behaviors — also present new opportunities for fraudsters, similar to what we saw during and after the 2008 financial crisis, meaning merchants could be hit by a tidal wave of new fraud cases if they do not act now. Some of the key fraud trends we are seeing include:

Phishing attacks and account takeover

Merchants are starting to experience dramatic increases in COVID-19-related phishing activities, with stolen credentials released into the eCommerce payments chain. Scammers have launched phishing attacks via text message and email, purporting to contain information or requests in relation to the pandemic. The messages can appear legitimate — perhaps with a prompt such as “click here to get your money now.”

However, the hyperlinks are malicious. If the links are clicked, fraudsters can access a computer or phone and steal sensitive information such as national security numbers and bank account data. They can then steal identities, money or both.

Friendly fraud

In times of economic crisis, friendly fraud usually increases. Friendly fraud means the genuine customer IS the fraudster. History tells us that when people face economic hardship and can’t pay bills, they often turn to “drastic measures” such as fraudulently claiming chargebacks on credit cards. Friendly fraud occurs when a genuine customer places an order using their own payment details and then launches a chargeback to recoup the cost of the item (while retaining the item). Friendly fraudsters often claim they did not receive the goods, that goods were faulty or damaged, or that goods were returned and the refund was not applied.

Merchants should monitor chargebacks closely during this time and ensure that order credentials are reviewed, e.g., was a delivery notification confirmed? Repeat offenders’ details can be blocked to prevent them from re-offending.

Synthetic fraud

Synthetic fraud involves a fraudster mixing stolen, real information with fake information to create fraudulent accounts. By mixing genuine and fake ID details, fraudsters “create” a new persona and often set up new accounts in the name of this new fake persona, making it harder for some fraud monitoring systems to pick up the fake account, as many details appear genuine.

Affiliate fraud

Fraudsters will equally use phishing tactics to steal loyalty points and then sell these points online in the same way they sell stolen credit card credentials. Consumers should therefore treat loyalty accounts as they treat their bank accounts — review them regularly and change passwords. Loyalty points should be viewed as another form of cash, albeit virtual cash. They carry significant value and can buy tangible goods and services, such as flight tickets and flight upgrades, hotel rooms, electronics items and even food — all beneficial to a fraudster, especially during challenging financial times.

Triangulation fraud

This kind of fraud is often hard to spot or track down. It involves a fraudulent seller posing on an eCommerce marketplace and an unsuspecting consumer who places an order with that fraudulent seller. The fraudster then acquires the item from a genuine retailer using stolen credit card details (from another unsuspecting third party) to pay for the item. The fraudster will then use the address of the consumer who placed the order and ship the goods. Meanwhile, the third-party cardholder of the stolen credit card disputes the transaction with the issuing bank, resulting in a chargeback against the retailer. The fraudster in the meantime has received the money from the unsuspecting consumer. The retailer may blacklist the address, making future ordering for that consumer difficult. The fraudster usually gets away with the money.

During these unprecedented times, it is important for consumers to remain vigilant, check their accounts often and ensure they raise an inquiry with their bank on any onerous transactions.

Merchants should keep a close eye on transactions and will benefit from a multi-layered fraud strategy that uses a combination of consortium intelligence, profiling, machine learning and rules. Such a strategy will allow businesses to separate legitimate customers from fraudsters. It will enable merchants across all sectors to tailor the customer experience, improve conversion rates and maximize revenue and, most importantly, block fraud.

 

Find out more about ACI’s approach to multi-dimensional fraud prevention.