With new fraud approaches materialising on almost a daily basis, businesses scramble to adapt and put countermeasures in place. But as soon as one attack vector is blocked, the bad actors switch to another.
Patching the problems in this way is not effective. A reactive approach can compromise UX by adding friction to the user journey and may not address underlying issues.
Before digging into this problem, let’s look at the five most prevalent fraud vectors as identified by the 2021 MRC fraud survey – and what makes them a challenging issue.
Friendly fraud
Fraudsters and scammers are usually portrayed as highly organised and sophisticated, but increased numbers of customers are crossing the line and initiating fraudulent chargebacks. It’s easy for those same customers to then change addresses and cards and repeat the process – not a recurrent activity that merchants want to experience.
This is further facilitated by the reliance on third parties for the final mile of the delivery or fulfilment process, which takes matters out of a merchant’s hands. The same applies to disputes, with decisions generally going in the customers’ favour.
Card testing
Obtaining card credentials has become easier than ever, resulting in an increase in card testing fraud. The micro-transactions that bad actors use to test a card’s validity may not be quickly picked up by the legitimate cardholder, allowing the fraudster to build up a successful payment history with the card, paving the way for larger transactions. Again, disputes will usually be resolved in the customer’s favour.
Even soft declines can be beneficial to a fraudster if they return enough information about why a decline happened and what information is missing. For the merchant, the opposite is true – too many declines could raise the merchant’s risk level, which in turn can result in increased fees.
Phishing, pharming, and whaling
The pandemic forced more and more people to conduct their business online, many of whom were new to the world of online transactions and the associated threats. As well as phishing attacks, there has been a huge increase in pharming scams and whaling scams, some of which are very convincing indeed – to the extent that even seasoned users have been getting caught out.
This is not surprising when you consider that many businesses still rely on SMS OTPs for authentication – the very same channel that the scammers are using.
The resulting reputational damage becomes an issue here – if a business’ name is used in a scam, 45% of people will lose trust in that company.
Identity theft and ATO
Fraudsters are quick to make use of any valid credentials that they can get to steal identities or take over accounts, whether from phishing or data leaks on the dark web, or from trojans and malware. The estimated cost of Account Takeover (ATO) fraud for 2020 alone was around USD 26 billion. So, it’s no surprise that the industry conversation has switched from raising awareness to asking why it’s still an issue.
A key reason is that accounts are frequently secured by authentication methods that aren’t very secure at all. A reliance on passwords is all too common, and where second-factor authentication is used, it usually depends on equally insecure methods such as SMS OTPs.
Discount and promo abuse
Both customers and professional fraudsters are recurrently taking advantage of weak authentication that allows them to create multiple accounts to get repeated access to offers and promos, or to create a network of accounts to exploit referral schemes respectively.
Loyalty schemes are also affected by ATO. With the value of accumulated and unspent points estimated to be in the hundreds of billions of dollars, bad actors have not been slow to see the huge financial potential for fraud in this area.
From reactive to proactive
Fraud is probably the world’s biggest unreduced cost centre. And, with the constant evolution of the digital technologies landscape and the continuous adaptation on a fraudsters’ part, a reliance on outdated anti-fraud technologies such as SMS OTPs and backlists isn’t going to change things.Treating the symptoms isn’t the way to find a cure.
Instead, a digital-first approach based on technologies including device fingerprinting and behavioural biometrics allows businesses to establish that a customer really is who they claim to be from the outset, stepping up authentication only when needed – reducing friction and improving UX – and helping move fraud prevention from a cost centre to a value-added function.
Businesses should look to mature and evolve towards a positive identification approach. Every business has its own pathway to that maturity, adopting the strategies and technologies that it requires to progress – and its own rate of pace.
Clearly, the specifics will vary depending on the business, but with fraud accelerating, it’s not only vital that businesses don’t get left behind, but that they take the right steps to pull ahead of the curve.
Callsign’s e-book maps out the journey for businesses along their Maturity Pathways. Download it here.
This editorial is part of The Fraud Prevention in Ecommerce Report 2021/2022, the ultimate source of knowledge that delves into the evolutionary trail of the payments fraud ecosystem, revealing the most effective security methods for businesses to win the battle against bad actors.
About Amir Nooriala
A knowledgeable and engaging panellist, moderator, and speaker, Amir Nooriala is Callsign’s Chief Commercial Officer. His broad expertise across financial services, identity, and fintech is rooted in his extensive experience – including working as CSO and COO at OakNorth and Ops and Tech MD at BGC, as well as key roles at Barclays Investment Bank, Accenture, and Cisco. Beyond Callsign, Amir is a champion for social mobility in the UK, being a long-serving trustee of the charity Making the Leap and the UK Social Mobility Awards (UKSOMOs).
About Callsign
Callsign has a simple vision: we want to make digital identification seamless and secure. Our unique positive identification approach balances high security and user experience, allowing customers to interact online safely, with minimal friction, while ensuring that bad actors are blocked to protect customers’ identities and business interests.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now