The COVID-19 pandemic caught the entire world off guard, and seemingly overnight the livelihoods of small businesses were threatened by lockdowns, procurement challenges, and shipping disruptions. As a payment facilitator dedicated to the small business community, Wave observed an abrupt shift in the risk landscape of payment processing. Being the first pandemic in our lifetime, there was no playbook, but there were calculated steps we took to mitigate the impact.
Despite worldwide shortages, the small business community proved their ability to source Personal Protective Equipment (PPE), COVID-19 rapid tests, sanitiser, and other pandemic related items. It was fantastic to see the resilience and resourcefulness of the small business community, but these posed significant risks to payment facilitators and processors alike. Let’s explore them further:
Fraud risk
As with any economic crisis, fraudsters took advantage of the opportunity to scam consumers and business owners. Non-delivery scams were rampant where legitimate cardholders would make purchases from businesses that claimed to have sourced PPE, only to receive an empty box if anything at all. Counterfeit N95 masks were prevalent, and general fear about being able to make ends meet drove higher susceptibility to common scams.
Regulatory scrutiny
The Food and Drug Administration (FDA) and the Federal Trade Commission (FTC) communicated changing guidelines and protocols as new information surfaced about COVID-19 to keep the general public safe. This forced us to work more closely with our bank partners and card networks in order to know what we could and could not allow on the platform.
Price gouging was common as many businesses took advantage of product shortages, but the effects of supply-and-demand in the logistics chain made it difficult to detect what was and what was not a fair price. Many businesses were quick to sell rapid COVID-19 tests before they were FDA approved, and one of the most common violations was the selling of cloth face masks marketed as ‘COVID-19 Masks’. Any product that claims to protect, prevent, treat, cure or diagnose COVID-19 is a direct violation of regulatory guidelines that we had to enforce.
Logistical challenges
An increase in large, international payments needed to be evaluated for risk and compliance. The news was reporting border closures and an overworked postal service, putting even the most well-intentioned business owners at risk of delivery related chargebacks. Additionally, guidance on which PPE types were best (N95 vs surgical masks, for example) was not always clear and led to misunderstandings between merchant and cardholder – another driver of chargebacks.
Mitigating these risks put a significant strain on operational risk management at a time when employees were facing challenges like transitioning to remote work, managing parental care at home, and the impact of the world’s events on mental health. The impact this caused on our efficiency combined with the heightened risk and compliance requirements significantly affected our team capacity. To manage this, we made several adjustments and investments to our processes and capabilities, as follows:
Team focus and prioritisation
The majority of this volume was coming from new merchant accounts, which put a strain on underwriting capacity. This combined with the increased regulatory scrutiny pushed us to dedicate more of the team’s time to underwriting and accept more risk on subsequent payments by reducing our manual payment review rate post-onboarding. This provided us with the opportunity to build the mechanisms required to easily adjust these thresholds moving forward as our needs change.
Stricter protocols for new customers
We implemented strict protocols to protect us from unforeseen issues like shipping delays and scams. For new customers processing large and/or international payments, reserves were implemented more commonly to hold funds until the cardholder confirmed receipt of the shipment and that they were satisfied. This may be considered conservative, but we found that by taking more of an account management approach with our customers there was better cooperation and retention than we had anticipated.
Machine learning (ML) and automation
In order to support a more high-touch approach with our customers, we needed to drive automation elsewhere. We partnered with our internal ML team to build custom risk scores to drive down manual review rates in other areas of our platform. This proved highly successful, driving both efficiency and improved fraud detection with custom models. Not all organisations have the resources to support in-house ML work, but this test proved to Wave that the investment was worthwhile and has turned into a broader partnership between the teams.
What made us successful through such an intense time was being agile, networking, and collaborating to make changes quickly along with the dynamic industry. An experimentation mindset was key due to the amount of unknowns. As the small business community adapted to life in a pandemic we were able to relax many of the implemented protocols, but thanks to the controls and mechanisms that were built through this process we are confident that we will be resilient when the next challenge comes.
This editorial is part of the The Fraud Prevention in Ecommerce Report 2021/2022, the ultimate source of knowledge that delves into the evolutionary trail of the payments fraud ecosystem, revealing the most effective security methods for businesses to win the battle against bad actors.
About Angie Dobbs
Angie is the VP, Fraud & Risk, responsible for protecting Wave’s customers and financial services including its proprietary payments, payroll, and debit card products. Angie holds a Master’s Degree in Applied Mathematics & Statistics at the University of Guelph and takes a data-driven approach to risk detection.
About Wave Financial
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now