What merchants should do to address evolving fraud

As the COVID-19 pandemic continues to run its course, fraudsters have closely observed behaviors of consumers and merchants to try to take advantage of the new environment.

Rahul explores how moving beyond a one-solution-for-all approach is needed to address sophisticated fraud and why creating a trustworthy ecosystem with partners can reduce friction for risk management. 

Lots of changes in customer behaviour have occurred recently, with companies also enabling new fraud prevention capabilities. But what can you tell us about fraudsters’ adaptability in this environment?

While the behaviour of consumers and merchants has significantly changed and gone more digital over this past year, the COVID-19 pandemic has also prompted fraudsters to refine their activities. As fraudsters typically specialise in particular areas of fraud, such as synthetic ID strategies or payment card fraud, they are now diversifying their tactics by committing a wide array of fraud, targeting new and emerging opportunities. Fraudsters are keen observers of market dynamics. They know that work-from-home and online shopping have increased substantially over 2020, so they have modified their strategies accordingly. They are also trying to exploit mechanisms intended to support people in need, such as trying to capitalise on the quick and under-secured distribution of stimulus money.

Crime-as-a-service has also been on the rise. Fraudsters are ramping up their recruitment efforts, attacking in teams to bring in new ideas and strategies and maximise opportunities around the world. They are using existing technologies, including encrypted and private chat, to stealthily boost their ranks and coordinate their efforts. Now, instead of one fraudster trying to be good at a whole bunch of things, groups of fraudsters are combining their respective capabilities to commit larger scale attacks. One person might specialise in stealing PII, while someone else might be very specialised in hacking and getting credentials, phishing emails, and so on. Once they have PII, they are able to attack at scale by leveraging the capabilities of the full team. Ultimately, the combination of the crime-as-a-service ecosystem with the unprecedented amount of data that fraudsters can try to access has upped the ante.

What are the biggest challenges facing merchants today?

One-size-does-not-fit-all

We have spent a great deal of time conducting interviews and feedback sessions with merchants to understand what matters to them most and found a few common trends that stood out. The first is that a one-size-fits-all approach does not work effectively. Merchants are all different from one another: they are different sizes, are located in different countries throughout the world, and operate within a multitude of industries. Additionally, as merchants pass through different stages of growth, their appetite for managing fraud and risk changes. Merchants in high growth phases may choose to take on more risk at the expense of not slowing down user experience and growth, while others may be risk averse and take a more conservative approach. 

Fraud fighting is a balancing act

Fighting fraud goes beyond reducing fraud to also wanting to ensure a frictionless buying experience for your customers. Manually reviewing every transaction is one way to try to prevent fraud, but it creates significant friction for customers. Merchants must find their ideal balance of friction and seamless customer experiences. 

We cannot assume every customer is a fraudster when they shop with one of our merchants, so we have to be extremely effective at detecting suspicious behaviour and fraud attempts. Merchants are trying to balance good customer experiences with stopping fraud, but manually reviewing every transaction would require too much operational overhead and time. They engage fraud protection partners like us to help them get the balance right. Because of the explosion of digital capabilities, vendors, and startups that provide these services, it is very hard to know who can actually deliver results and who cannot. Ultimately, merchants need a trusted ecosystem which can see things at scale across a network of merchants and marketplaces globally.

What new types of fraud do you currently see emerging?

There is always a flavour of the moment when it comes to fraud, as it comes in many different forms, and it is always evolving. Often it is very simple, like a traditional spoofing or phishing attack. However, more recently and as a result of the impact of the pandemic, we are seeing many fraudsters make random or impersonating official P2P requests to see if they can solicit funds from unsuspecting users.

Additionally, issues with billing and shipping mismatches are also increasing. Many people are no longer physically going to stores and are having items shipped to them instead. Fraudsters are buying items with stolen payment methods and shipping goods to their own location, resulting in a shipping address that is different than the billing address of the stolen credit card. They are also buying online and picking up in store, posing as the individual that purchased the item online and collecting the merchandise. 

What are the best practices to spot new fraud patterns and signs? What is your advice to merchants to stay ahead of fraudsters and prevent scams? 

My advice on best practices for fraud prevention centers on three main points:

First, stay informed. Take advantage of fraud prevention platforms with built-in automated performance and modeling capabilities that provide recommendations on how to stop fraud.

Second, learn from others. Gain an understanding of how other similar merchants have been exploited and scammed, and how they protected themselves.

Third, treat vendors as partners. Fraud prevention solution vendors are not just providers of a dashboard — they are partners with a wealth of information accumulated from working with hundreds of thousands of customers and can best support you in a true partnership. That information and your relationship with the vendor is translated into tailored practices to help you fight fraud. Further, work with partners who leverage machine learning and artificial intelligence, which play key roles in fraud prevention, customer support, and meeting regulatory and compliance requirements. Machine learning and AI provide superior detection of fraud patterns, enabling your fraud team to explore those patterns in-depth and learn from them. Machine learning models are able to adapt to changes in fraudsters’ behaviours as their tactics continue to evolve. They also make automation possible, reducing the need for manual review.

About Rahul Pangam

Rahul Pangam is the VP, Trust Solution and Simility at PayPal. He’s an industry veteran, who is dedicated to empowering fraud fighters with the most adaptable, scalable, and accurate fraud analytics platform.

About PayPal

Our mission at PayPal is to democratise financial services to ensure that everyone, regardless of background or economic standing, has access to affordable, convenient, and secure products and services to take control of their financial lives.

Fueled by a fundamental belief that access to financial services creates opportunity, we work across our brands to give people the financial tools they need to connect and transact in new and powerful ways – and ultimately, to join and thrive in the global economy.

For more information, visit us at https://www.paypal.com/us/enterprise/manage-risk