Are you tired of losing money to fraudsters and struggling to keep up with the constantly evolving payment landscape? Sift’s Trust & Safety Architect, Jane Lee, is here to share some valuable insights on how businesses can stay agile, scalable, and effective in their fraud prevention strategies.
Ongoing economic turmoil hasn’t interrupted consumers’ expectations for fast, convenient payment methods, and friction-free transactions. Shoppers demand the speed and flexibility offered by one-click purchases, CNP (card-not-present) payments, BNPL (buy now, pay later), and crypto assets, and fraudsters know it. And, despite 62% lower total order volumes YoY in fintech, Sift network data shows that attempted payment fraud in the space jumped 13% between 2021 and 2022, with BNPL and crypto seeing increases of 211% and 45% respectively. Every attack stings more when volumes go down and fraud creeps up since there’s a lower ratio of legitimate transactions taking place.
Nearly half of the consumers surveyed by Sift earlier this year said they’ve experienced payment fraud within the past two years—with 62% of victims defrauded at least 2-4 times. That’s problematic on its own, and a major contributor to the billions of dollars that have been lost globally to fraud since 2019. Worse, though, is that anyone willing to buy and use data exposed by these attacks can, including the 16% of consumers who admit to having committed payment fraud (or knowing someone who has). Another 17% said they’ve encountered online offers to commit fraud via forums and other digital content.
This dark web recruiting, coupled with the fact that close to one-fifth of consumers admit to committing (or knowing someone who has committed) payment fraud, indicates growing accessibility. It’s the democratisation of online payment fraud—in the same ways that software providers work to make their platforms available to more users throughout a business, fraudsters have taken the mystery out of how they steal. Anyone with motive and internet access can become a cybercriminal, and with very little ramp time.
The Merchant Risk Council’s most recent Global Payments & Fraud report identified phishing/pharming, identity theft, and first-party misuse as the most prevalent types of fraud attacks, affecting almost four in ten merchants globally.
Priorities have shifted for consumers and merchants, manifesting in widespread layoffs and decreased budgets. As usual, fraudsters took (and continue to take) advantage of the disruption, pushing fraudulent transaction values up across a number of industries, from fintech to digital goods & services and marketplaces. Often, these transactions are unauthorised CNP purchases—unless the activity is taking place on a user-to-user platform or website. We saw a 62% increase in fraudulent transaction values on professional marketplaces, along with increases of 80% on dating sites, 52% on ecommerce marketplaces, and 18% on social marketplaces. Marketplace payment fraud regularly looks like card testing, where the perpetrators test stolen payment data over a short period of time using small transaction amounts.
It wasn’t much better for digital goods & services providers, who were hit by a 27% uptick in payment fraud, with a 64% spike for B2C merchants. According to consumers who have been victims of payment fraud, 88% of the attacks they experienced resulted in unauthorised purchases.
It’s more ‘what’ than ‘who’—the global Fraud Economy is a complex network of cybercriminals fuelled by evolving tools and tactics, and all roads lead to payment fraud. Upticks in account takeover (ATO), have played a role in rising payment fraud: in 2022, 44% of reported ATO victims were defrauded up to five times. During that same period, Sift network data revealed a startling 131% increase in attempted ATO attacks. When account abuse, spam, and scams knock out security barriers on the path to profits, they make it easier for fraudsters to access sensitive, actionable data that eventually becomes a payout.
When attacks do succeed, the damage to both merchants and consumers is immediate and long-lasting. Businesses struggle to consistently identify and monitor risk, while also creating repeatable, effective fraud prevention tactics. Applying automation throughout fraud ops, along with access to complete, accurate customer data and risk signals is the critical difference between a business that falls flat behind fraud and one that grows and succeeds in spite of it.
Although traditional credit cards still dominate consumer payments, the increasing adoption of cryptocurrency, digital wallets, and mobile payments will continue creating new opportunities for fraudsters to cash out. In fact, digital and mobile wallet transactions made up 49% of total ecommerce volumes in 2021.
Recently, Sift Trust & Safety Architect Brittany Allen pointed to a new focus for fraudsters: ‘The BNPL space, in particular, is a snowballing concern for merchants who offer point-of-sale loan options’, she said. ‘We’re mainly seeing nefarious actors exploit BNPL by either hacking into existing BNPL accounts, or creating BNPL profiles using stolen identities that will later be held liable for fraud. Once they gain access to a BNPL provider account, they can infiltrate other merchants that offer BNPL purchases, increasing the stakes.’
Payment fraud costs ecommerce merchants between 3-4% of their total annual revenue, and right now, merchants are facing a totally unique combination of challenges. Between pandemic-era market fallout, slimmer teams, fewer resources, smaller budgets, and the ongoing talk of a recession, control over fraud operations—and more specifically, fraud losses—has never mattered more. Staying ahead of the game means setting unbeatably accurate thresholds; automating fraud detection, authentication, and reviews; measuring and preventing false positives; dynamically applying friction across the customer journey; and finally, leveraging robust, diverse signals and datasets to inform decisioning.
Risk regularly changes scope. But when businesses put all of their energy towards plugging revenue leaks and reducing costs, rather than building scalable fraud prevention strategies that contribute to growth, they’re only fighting half the battle. Fraud teams need customisable tools to automate their strategies, with intuitive, reliable ways to make real-time adjustments to processes and operations. They need to be able to be proactive and stay agile enough to choose an offensive or defensive position against fraud. This means having the technical, operational, and strategic support in place to be both proactive and reactive about risk mitigation.
Fraud evolves and grows more sophisticated and accessible regardless of how, or how well, businesses implement trust and safety. Ongoing economic uncertainty means that merchants are having to do more with less. With executive leaders focused on widening the gap between spend and ROI, frontline fraud fighters need a solution that reveals the broad scope of their fraud problem while providing precise, actionable insights that help them stop more fraud without cutting into revenue. Businesses should prioritise protecting their revenue and customers, but not at the expense of either. Instead, focus on applying automation across fraud operations wherever possible in order to increase efficiency and reduce time spent on manual review. This is particularly important if your company has experienced significant budget cuts, layoffs, reorgs, or customer churn.
About Jane Lee
Jane Lee is a Trust and Safety Architect at Sift who specialises in malicious websites, spam, misinformation, account fraud, content abuse, chargebacks, and payments risk. Prior to joining Sift, she was at Facebook and Square and spent some time as a private investigator. She is passionate about designing and operationalising systems for the detection and enforcement of fraud at scale.
Trust and safety teams should also leverage automation and dynamic friction to streamline the customer journey, in addition to real-time machine learning to stay proactive. This will increase order acceptance rates while reducing false positives for trusted users, and allow merchants to apply additional layers of protection only when truly necessary.
About Sift
Sift is the leader in Digital Trust & Safety, empowering digital disruptors to Fortune 500 companies to unlock new revenue without risk. Sift dynamically prevents fraud and abuse through industry-leading technology and expertise, an unrivalled global data network of 70 billion events per month, and a commitment to long-term customer partnerships. Global brands such as DoorDash, Twitter, and Wayfair rely on Sift to gain a competitive advantage in their markets. Visit us at sift.com, and follow us on LinkedIn.
https://www.instagram.com/get_sift/
https://www.linkedin.com/company/getsift/
https://twitter.com/GetSift
https://www.facebook.com/GetSift/
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now