How businesses can prevent fraud during COVID-19

The COVID-19 pandemic not only brought misery to healthcare systems but also profoundly touched individuals with scam hands. Online sharks exploit the pandemic to profit from people’s FOMOs and FUDs. They may try to steal card credentials and other sensitive personal information in the guise of donations for charity purposes – or use phishing and social engineering schemes. 

The US Department of Justice (DOJ) has already detected the first pandemic-related enforcement action against a scam site (coronavirusmedicalkit.com) that tried to sell non-existent free vaccine kits for COVID-19 allegedly developed by the World Health Organization. Additionally, the City of London Police informed about an increase of scam reports by 400% within the space of a month, which was caused by a growing trend of COVID-19-related fraud. 

Thankfully, there are already lots of guides for individuals on how not to become a victim of COVID-19 scammers. 

What about businesses? While the majority of offline services are under danger of extinction, the online niche sees rapid sales growth, as well as chargebacks, bonus abuses, CNP, and friendly fraud growth. The situation with online payment fraud became rigorous enough that INTERPOL assists national authorities to fight it. The international organisation has helped with 30 COVID-19-related fraud cases with links to Asia and Europe, leading to the blocking of 18 bank accounts and the freezing of more than USD 730,000 in suspected fraudulent transactions. 

Therefore, how can businesses prevent payment fraud during the COVID-19 pandemic, and how can they use these methods in a long-term perspective? 

1. Automate knowing your customers 

No matter whether you are in gambling, for example, where KYC is crucial to ensure responsible gaming and age verification, or in fintech, where KYC is compulsory – the demand for online identification services has increased. Your customers can no longer be strangers. Your business can no longer fight fraud without this procedure. 

However, three general units of KYC procedure (identity verification, due diligence, and ongoing monitoring) are mostly done manually by compliance officers. Usually, it is a time-consuming and expensive process – which, for no good reasons, remains the elephant in the room. 

According to a report launched by Mitek and Consult Hyperion, KYC compliance costs banks EUR 50 million per year. The potential cost of losing just a small percentage of new customers to complex manual KYC processes is now as high as EUR 10 million a year. After five years, the cumulative lost opportunity could cost banks above EUR 150 million. 

In truth, each company can avoid colossal time and cost spending by automating the KYC procedure. With an automated KYC procedure a business can obtain the following:

• no need for manual work carried out by compliance officers = much more attention to core business processes;

• reduced onboarding time = higher customer satisfaction; 

• up-to-date, ongoing monitoring and real-time prevention from financial crimes; 

• real-time transaction monitoring ensuring AML compliance; 

• auto-detection of users who do not meet age requirements; 

• high data accuracy by removing risks of human error; 

• up-to-date user information with ongoing and transaction monitoring; 

• false positives and negatives detection. 

With KYC automation, businesses stay protected from almost all types of money laundering and payment fraud (SEPA credit transfer and direct debit fraud, credit card fraud, card-not-present fraud, identity theft, age fraud, fake IDs). 

2. Check each user step 

Fraudulent users should be detected not only during one of the KYC procedure steps, but at the very first (and each) step of interaction with your platform/product/app/website: installation, registration, confirmation, login, payment, refund, payout, transfer, KYC. This becomes possible with rule-based scenarios, machine learning (ML), and global reputation databases. Better combined. 

It might seem that a rule-based approach became outdated in the era of AI and ML. As a matter of fact, there is no point in erasing “if-then” rules from risk management processes enhanced by ML. Unique features of various industries do not always allow each fraud prevention solution to adapt their ML models perfectly – thus, in most cases, a problem of false positives and false negatives occurs. So, the rule-based approach can be used to complement ML models. 

There are two types of learning in ML that combine rules and machines: supervised and unsupervised learning. Long story short, unsupervised ML is more suitable for fraud prevention and risk management. 

Reputation databases available within fraud prevention services store various user identifiers and allow businesses to check users’ risk scores, tracks of suspicious activities, and other information. Reputation databases during COVID-19 are a must. They can unveil fraud patterns on each step of the user journey and prevent chargebacks, account takeovers, bot attacks, bonus abuse, and they can even detect fraud syndicates. 

3. Use device fingerprinting 

In simple terms, while interacting with your platforms and websites, users leave digital footprints (device fingerprint) on different conversion pages. Device fingerprint can be detected, analysed, and used further for marketing and sales purposes (understanding the user behaviour), and mainly to spot fraud schemes. Despite its controversial nature in terms of GDPR policies, device fingerprinting remains one of the most efficient methods to fight chargebacks while being used in combination with other fraud prevention services, like the above-mentioned KYC. 

The combination of KYC procedure with device fingerprinting during the COVID-19 pandemic will help to detect the most spread types of scam and fraud, as well as previously unknown fraud patterns: application fraud; account takeover; device/user emulation; compromised accounts; bot attacks; payment fraud; email phishing. 

To sum up, although the majority of businesses that just entered the online space or were already part of in for a long time were not ready for the amount of fraud brought by the pandemic, there are plenty of solutions to fight any type of fraud and scam efficiently with already-known methods. 

Currently, businesses are at the very beginning of changes brought by a pandemic; most of them are going online and start to encounter previously unseen fraud patterns. The most crucial thing now is to understand that we have no time to build utterly new fraud prevention methods, but we have been adapting existing ones and can efficiently continue to do so, and use them in a long-term perspective. The pandemic will end, fraud prevention – never. 

About Pavel Gnatenko 

Pavel has a master’s degree in intellectual systems for decision-making. He is a risk management expert with more than seven years of experience in fintech. Currently, Pavel is focused on developing Covery – the next generation of risk management platforms. 

About Covery 

Covery is a global risk management platform helping online companies solve fraud and minimise risk. We focus on the universality of our product and its adaptation to any type of business, based on distinguishing features and customer needs, using both rule-based and machine learning approaches.