The 2020 holiday period is a huge opportunity for online merchants, however as long as they ensure account-level fraud, it doesn’t sour the success. Online is the top shopping location for 62% of consumers, something that was reflected over the Thanksgiving weekend when the number of online shoppers jumped 44% compared to the previous year and online sales hit a record of USD 5.1 billion.
Unfortunately, of course, where good customers go, fraudsters are bound to attack. As customers moved online to an unprecedented extent in 2020, fraudsters saw vulnerability, and moved to take advantage. Many merchants and marketplaces focus their efforts on protecting checkout, to guard against financial loss, which sometimes leaves accounts at risk – and this year, that’s even more dangerous than usual.
Downstream from phishing: account takeover
Source: Photo by Artem Beliaikin on Unsplash
Account takeover (ATO) is always a challenge; but never more so than in the 2020 holiday season. At the beginning of the pandemic, phishing attacks rocketed up by 667%, and they’ve stayed high.
Fraudsters are masters at exploiting the situation, and in 2020 people are working from home, unprotected by safer office infrastructure, frequently stressed and under pressure, and juggling multiple personal and professional responsibilities in a fast-changing environment.
Of course, they’re more likely to click on phishing links, and believe plausible lies that appear to be coming from a trusted source. This holiday season, that’s taking the form of phishing emails purporting to be delivery messages about packages.
Add the data breaches of the last few years and the weak password hygiene most consumers practice, and it’s no surprise that Javelin reported that by late 2020 ATOs were trending at the highest loss rate so far, up a horrifying 72% over the year before.
ATOs increase the likelihood of a fraudulent transaction going through, since fraudsters hide behind the good account reputation and can use past orders to make purchases look plausible.
They also leave your company vulnerable in other important ways, notably customer data theft, stolen loyalty points, and loss of customer trust. 65% say they would likely stop buying from a merchant if their account was compromised, and that’s a huge amount of potential lost lifetime value.
New account fraud: Powered by the newly lively fraud gig economy
Source: Photo by Jefferson Santos on Unsplash
Existing accounts aren’t the only place you need to watch out this holiday season. New accounts are just as risky, as fraudsters love to conceal themselves in the rush of new shoppers. NuData found that 36% of new accounts are fake and that was back in 2017. It’s a very safe bet that things have gotten worse since then, especially in 2020.
Things have been complicated this year by the rise of gig economy fraud – with more people out of work and needing jobs they can do from home, it’s easier than ever for fraudsters to find mules to play a part in their schemes.
That means fraudsters can arrange to have new accounts set up, and even have orders placed, by their worker bees all around the world. These mules will be working from IPs with good reputation, and have access to a clean shipping address: their own. They’ll even be willing to pick up packages from a store nearby, making the BOPIS (buy online pick up in store) trend which has exploded during the pandemic into a problem for the fraud team.
As with ATO, new account fraud carries risk beyond checkout: fake reviews, a polluted ecosystem, collusion in marketplaces. Fake accounts are bad news.
Stopping fraud at the door
This holiday season, it’s more important than ever to treat fraudsters as you would treat an intruder into your home or office. You want to stop them from even entering.
There are identity verification tools you can use to validate users’ identities at any point in the customer journey, and these are moving beyond ‘nice to have’ contributions to a fraud score or decision. They’re becoming essential to combat fraud as it’s practiced today.
More than that, fraud prevention teams should work to collaborate with other fraud fighters, in other companies, sharing the tricks, techniques, and traps they’ve seen and devised. More direct collaboration is also possible, if your team works with Privacy Enhancing Computation (one of Gartner’s top tech trends for 2021), then you can pool knowledge of which users to trust, without ever sharing any personal user data.
These tactics have their value beyond the holiday season as well. The account-level fraud we’re seeing now won’t disappear in the new year. Fraud prevention strategy needs to protect your company at every stage, from account signup, through checkout and beyond. Otherwise, if you leave chinks where fraudsters can enter, you can be sure that they will.
About Itay Levy
Itay Levy is Identiq’s CEO and co-founder. Prior to Identiq, Itay was the CEO of Appoxee, which he sold to Teradata. Before Appoxee, Itay was a part of the founding team of Buzzmetrics, which was acquired by Nielsen. Itay holds a BA in Computer Science and an EMBA from the Kellogg School of Management at Northwestern University.
About Identiq
Identiq is a peer-to-peer identity verification network that allows companies to validate new users and vouch for ones they trust, without sharing any sensitive customer data or identifiable information whatsoever. By taking third-party data providers out of the equation, Identiq leverages the consensus of other network member companies. These include some of the world's largest consumer-facing companies, collaborating to accurately fight fraud and identify trusted users. Recognised by Gartner as a Cool Vendor for Privacy in 2020, Identiq sets a new standard for end-user privacy. At the same time, it reduces false positives, increases approval rates and creates a better user experience.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now