Voice of the Industry

Merchants need to be a mastermind in today's ecommerce world

Wednesday 20 January 2021 08:38 CET | Editor: Alex Guzu | Voice of the industry

Ronald Praetsch from About-Fraud shares his advice on how ecommerce merchants can stay on top of the fraud challenges brought about by the COVID-19 pandemic

Merchants have faced many challenges in 2020, which has stretched the mind in different directions. Many ecommerce merchants are overwhelmed with the current situation and many topics link to one another.

The COVID-19 situation has hit many ecommerce merchants hard without any preparations. Today, in the US and Europe, many traditional retailers are still heavily relying on retails stores. From one day to the next, stores were closing, and the main revenue channel got shut down.

This situation forced retailers to the ecommerce channel and not everybody was ready for this change. Today we see many retailers without a dedicated ecommerce team who is looking at the checkout experience, payment topics, and fraud prevention. Now, you can imagine the challenge for these companies to become an online first organisation.

We have seen a range of fraud topics which ecommerce companies are facing right now: 

Accelerated refund fraud

Refund fraud is not new but it gets more professional and therefore more accessible for a broader audience. Today, professional refunders are offering their services via specific social media channels where they provide step by steps instructions. Once the customer received the item, the professional refunder will provide the full documentation which is needed for the refund. The professional refunder knows the process and guideline from the relevant merchants for refunds. Therefore, the customer will pay, for a successful refund, a commission to the professional refunder.

Refund fraud comes in several types and fraudsters become very creative: 

  • did not receive item; 

  • empty box arrived; 

  • partially delivered; 

  • return empty box. 

The advice would be to: 

  • start to capture all relevant data about your refunds; 

  • remember, often refund information is not captured or not connected to your payment and fraud data; 

  • include your customer service information with your fraud review.

Social engineering

This is impacting customers and merchants in different dimensions and, without the right data and tools, it is not easy to detect. Phishing attacks are an increasing fraud trend, especially spear phishing emails, and this is revealed in statistics provided by industry reports such as APWG’s Phishing Activity Trends Report and Symantec’s Internet Security Threat Report. As well, according to Kaspersky’s spam and phishing report for the second quarter, the overall number of phishing attacks in the quarter reached nearly 130 million.

The goal of the phishing attacks is to get access to customer accounts or capturing customer data that are used by the fraudster to purchase items at the ecommerce retailer. The unexperienced ecommerce retailer will not see a difference between a normal account and a compromised one. Many retailers might use a legacy white list which will offset many fraud rules.

The advice here is to: 

  • capture data about your account creation, account login, and account changes; 

  • don’t use stand-alone white list rules which can be easily used to exploit your fraud solution; 

  • stay up to date about new trends in the industry to review your processes, policies, and tools.

PSD2-SCA is not over

With the enforcement date for many countries in Europe (1 January 2021), some merchants showed limited knowledge about PSD2, and some are not fully paying attention to the real business impact of this topic. PSD2 and the related SCA requirements have been on the radar for a long time but deadline postponements, new local regulator plans (such as the introduction of soft declines) are pressing the nerve of the merchants and the ecosystem.

Right now, all merchants need to make sure that PSD2-SCA is correctly implemented. We see the most important aspects in: 

  • requesting 3DS authentication according to the merchant use cases; 

  • ensuring the right data are sent to increase the possibilities of Issuers Risk-Based Authentication; 

  • monitoring performances and have a 2021 PSD2 strategy (exemptions, 3DS 2.2, delegated authentication etc.).

On one side, merchants are heavily dependent on their payment providers and how these PSPs implemented different acquirers. Many parties do support only basic features related to 3DS2 but are not leveraging the full potential of PSD2 to reduce customer friction.

The advice here is to: 

  • have a dedicated person managing PSD2-SCA in all aspects; 

  • implementation, update from the schemes and regulator, payment provider communication and data review.

Payment provider melting down

In the summer of 2020, Wirecard filed for insolvency and many merchants realised a massive dependency on one payment provider. Not every merchant has the luxury to run a multi-payment provider setup to mitigate such risk. Besides this situation, a multi-payment provider setup can provide you leverage for better authorisation rate and a better situation when it comes to negotiating your contracts.

The advice here is to: 

  • review your current payment provider setup and understand the dependencies which you are facing; 

  • build or buy discussion on how to connect to multiple payment providers: using a payment hub or building your own.

Overall, in Q4 2020 ecommerce merchants have a long list of topics to deal with and in 2021 they will face further challenges.

This editorial was published in the Fraud Prevention in Ecommerce Report 2020/2021, the go-to source in securing transactions while offering a frictionless customer journey.

About Ronald Praetsch

Ronald is Co-Founder at About-Fraud and consults regularly with merchants, payment service providers, and fraud solution vendors. Before About-Fraud.com, he spent close to a decade in various payments and fraud prevention roles.



About the company

About-Fraud is a Global Community for fraud fighters. Our community was born from an industry need for unbiased, educational fraud prevention resources. About-Fraud filled that gap with a platform that connects fraud fighters with the information they need to understand the technology and trends, grow their career, and stop fraud.


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: About-Fraud, fraud management, PSD 2, 3DS, SCA, COVID-19, PSP, refund fraud, ecommerce, merchants, social engineering fraud
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Securing Transactions