Fraud management during challenging times: learning from recent experience

The current COVID-19 situation has impacted the entire world. How has it changed consumer behaviour? And how did merchants respond?

The most noticeable change is, of course, an increase in ecommerce, as people buy online for the first time, or buy from a wider range of merchants than before. This can pose a challenge for fraud screening tools as characteristics of risky transactions — such as a new customer account or use of a dormant account — are now just as likely to indicate legitimate orders. 

Other changes in consumer behaviour I would highlight include:

• People shopping more frequently online, and often spending more per transaction than before, as they stock up on essential items. 
• Increased orders from mobile devices and a rise in app downloads.
• Individuals ordering on behalf of relatives, leading to multiple delivery addresses on a single account, or payment details being shared between two or more accounts. Because both of these can be signs of fraud, merchants may have seen an increase in false positives. 
• Changes in daily ordering patterns since people started working from home, with more orders being placed at lunchtime (as most of us don't go out for lunch) and fewer during traditional commuting windows. The fact that people are at home has helped make some common fraud rules more applicable: for example, delivery to homes rather than workplaces makes it more likely that shipping and billing addresses match. 

In response to the current situation, merchants have pivoted to online sales — some for the first time. This has been great for consumers; but merchants without much in-house ecommerce experience, or who lack the right tools to manage fraud effectively, may become targets for fraudsters.

What fraud trends do you see on the rise?

Fraudsters are ready to exploit any new situation and the pandemic has been no exception. Among fraud trends on the rise are:

• Fraudsters taking advantage of contactless deliveries by arranging shipping to empty houses, claiming self-isolation so that the courier leaves the package outside. Once the courier leaves, the fraudster arrives to collect the package.
• Card testing, as fraudsters count on businesses lowering barriers to sale and aim to see which have opened their doors the widest. Botnet attacks can run thousands of transactions at a time, leading to additional fees and a decline in authorisation rates for some merchants.
• A shift to fraudulent purchase of digital goods, such as eGift cards and other downloadable assets. Fraudsters are trying to circumvent the extended shipping windows for physical goods that gives merchants more time to review orders that their screening tools flag as suspicious. 
• Phishing scams, as fraudsters look to steal account credentials using pandemic-themed fake websites and emails. The stolen credentials are subsequently used to attempt account takeover fraud and identity theft. Some fraudsters may not use the stolen data until after the end of lockdown, so businesses should be prepared for a wave of these attacks later in the year.

Also, at this period of uncertainty, chargeback claims have risen. A common scenario relates to airline ticket refunds — customers unwilling to accept vouchers or points for cancelled flights may raise disputes with their card issuers to obtain refunds.

Online shoppers want a fast, frictionless experience but they also want it to be as trustworthy and secure as possible. What is needed to ensure this user experience?

To give genuine customers a great experience while protecting against fraud, merchants need to be able to rapidly adapt their fraud prevention strategy. Recent events have uncovered gaps in some fraud management approaches — in particular, those that rely exclusively on machine learning (ML) and artificial intelligence (AI). In a fast-changing environment, these tools can't learn quickly enough to adjust to the ‘new normal’, leaving some merchants struggling with high numbers of false positives, which can negatively affect the experience for genuine customers.  

For a better customer experience, merchants should consider a hybrid approach to fraud management that brings ML and AI together with human expertise. This combination can help them adapt more swiftly to changing behaviour patterns. In addition, a ‘white box’ approach to ML and AI will go beyond a simple reject/accept decision to give the merchant a granular breakdown of the screening checks undertaken. So if, say, false positives start going up, the merchant has enough information to understand where adjustments to screening rules may be needed.

Tapping into external expertise can also bring benefits: a fraud advisor's knowledge of the wider market can help merchants foresee certain fraud-related activities and further reduce false positives. The advisor should also be able to share information about positive behaviours, to help merchants identify genuine customers more confidently and streamline their shopping experience.

What advice can you give merchants to stay one step ahead of fraudsters?

As well as taking a hybrid approach to fraud management, merchants should ensure they understand what data is available to their fraud screening tools. The more unique data points a tool can access, the more sophisticated the fraud configuration can be. 

A fraud screening tool that has access to a large, cross-merchant dataset and can also leverage third-party data services will provide additional insight into fraudulent behaviours, allowing a merchant even greater flexibility in addressing emerging fraud trends. Cross-merchant data is also instrumental in identifying genuine customers so that fraudsters can be isolated. Once a merchant can track genuine customers who place orders using consistent historical details and automate decision-making about their orders, the fraudsters will soon stand out.

Merchants may also want to expand the range of tools they use, adding, for example, a solution to help identify account takeover and origination fraud before transactions are attempted. And as merchants develop recovery strategies, they may want to consider implementing solutions that support rapid evaluation of multiple scenarios, to help them understand the best approach to optimising conversion rates and minimising operational costs.

About Mark Strachan

Mark is a fraud risk professional with more than 12 years’ experience in the card payment and banking industry. In his role as Director, Cybersource Global Services, he works closely with enterprise clients on strategies for reducing the risk associated with fraudulent activity and optimising revenue.

About Cybersource

Cybersource helped kick start the ecommerce revolution in 1994 and haven’t looked back since. Through global reach, modern capabilities, and commerce insights, we create flexible, creative commerce solutions for everyday life - experiences that delight customers and spur growth globally. All through the ease and simplicity of one digital platform to manage all payment types, fraud strategies, and more. Knowing we are part of Visa and their security-obsessed standards, you can trust that business is well taken care of - wherever it may go.