One consequence of the novel coronavirus pandemic came as no surprise once lockdowns were put in place — a rise in e-commerce. As we approach the height of the 2020 holiday shopping season, most analysts expect a spike in e-commerce transactions. Along with that spike comes the risk of increased fraudulent transactions. Unfortunately, increased online fraudulent holiday transactions are not a new phenomenon. Last year the staff at Payments Next reported, “When it comes to online fraud, US Thanksgiving was a turkey for online sellers as online fraud jumped 29% compared to 2018 according to research from fraud prevention firm iovation. The company estimates 15% of total holiday long weekend online sales were potentially fraudulent.”[1] That’s billions of dollars’ worth of transactions affecting both retailers and consumers. As the Payments Next staff notes, “That’s not a happy trend for retailers and other online sellers.” The staff at ClearSale notes that, for some retailers, increased fraud is a matter of negligence. “The holiday season is make-or-break time for e-commerce retailers,” the staff writes. “Unfortunately, the holiday season also attracts savvy fraudsters who anticipate that many merchants will be so busy they let their typical fraud prevention strategies slip a little. All the more reason why merchants need to up their fraud protection game during the holidays to avoid any unwelcome surprises.”[2]

Types of online fraud

The ClearSale staff observes, “High sales volumes, tight shipping timeframes, and the lure of easily resalable goods entice fraudsters during the holidays.” They go to describe some common attack modes:

• Account takeovers. Account takeovers are cases “in which criminals hack into customers’ accounts to make purchases for themselves.”
• Mobile user data attacks: Mobile user data attacks “focus on customers’ mobile devices (a channel that can account for more than half of holiday e-commerce orders).”

Rafael Lourenco, Executive Vice President and Partner at ClearSale, discusses a third type of common fraud:[3]

• Changing package delivery addresses.[3] “Fraudsters take over a customer account, place an order for shipping and then call customer service or the carrier to ask that the package be sent to a different address than the one used in the order. This tactic allows thieves to make an order with good information that doesn’t raise flags and then get the stolen goods sent to them instead.”

The ClearSale staff goes on to observe that fulfillment models which have flourished during the pandemic are also targets for fraudsters. They report, “Popular new trends in e-commerce sales — such as Buy Online Pick-up In Store (BOPIS) and same-day/next-day shipping — may make it more convenient for customers to shop for and send their gift orders. But these trends also present new opportunities for perpetrators of fraud. For example, many merchants who offer BOPIS sales do not require a physical ID or credit card to pick up the order — meaning it can be nearly impossible for the merchant to validate the identity of the customer. Same-day and next-day shipping are similarly problematic.” Journalist John Stewart reports, “While convenient for legitimate customers, BOPIS has proven to be ‘the channel of choice’ for fraudsters, particularly when it comes to electronics products.”[4]

UK Finance, an association representing trade and finance institutions in the UK, expects to see “a spike in online scams targeting people looking for attractive deals on Christmas gifts.”[5] The association notes, “More people are at risk of being cheated this year … Fraudsters have seen opportunities in new lockdown restrictions, and are targeting online marketplaces and auction websites to cheat consumers looking for deals on items such as clothing, bicycles, and games consoles. … The scammers could attempt to trick people into paying for items that are of poor quality or simply do not exist. … Cybercriminals may also use the guise of online deals to collect personal information, such as payment card details, which is later used to conduct fraud.”

Mitigating the risk of fraud

It has been said, “There are two types of ecommerce businesses: Those that have been hit by fraud and those that will be hit by fraud.” Lourenco notes, “The cost of fraud for ecommerce merchants was already up 7% over last year before the holiday season began. Typically, fraudsters take advantage of major online shopping events like Black Friday and last-minute shopping deadlines to foil rushed order screenings and request expedited shipping without raising flags.” He goes on to note that the way retailers can prevent shipping fraud involving changes of the delivery addresses after an order has been placed is “to reprocess those orders with the new shipping information. This is the only way to properly screen them for fraud. You can also consult with your carrier and ensure that they won’t reroute packages without your approval.” He notes, “Pickup fraud has increased by 55% since the start of the pandemic, according to a report from Forter. Safety rules for minimizing contact and wearing masks during pickups can make it difficult or impossible for frontline employees to detect the impersonation.” The way to decrease pickup fraud, he notes, is to “to require a photo ID for pickup [and] make sure customers know about your policy before they place their orders.”

The staff at Kount notes, “In this new environment, businesses will need to address some clear concerns: Reduce fraud-related chargebacks from payments and friendly fraud; secure and control inventory; roll out and protect new channels; prevent account takeovers; [and] reduce friction. As always, creative criminals respond to improved security with new tactics, exploiting vulnerable aspects of the relationship between brands and customers. In fraud, there’s always something new creeping over the horizon, and businesses will need to take quick and comprehensive action to protect and preserve their holiday revenues.”[6] They go on to note, “AI is the secret weapon for fighting holiday fraud. … Next-generation artificial intelligence provides prevention and detection tools to allow a more nuanced, risk-based approach to fraud. As fraud grows in quantity and sophistication, stopping it means staying ahead of new schemes – not just reacting to known types of fraud. That’s where AI shines. … AI uses existing data to pinpoint fraud — friendly, foreign, desktop, or mobile — even when the type of attack is new on the scene. The richness and size of that data network is the fuel that drives effective AI solutions.”

Concluding thoughts

Historically, the holidays have been fraudsters prime time to operate. Lourenco concludes, “This year’s holidays will be different, with unprecedented levels of shopping, expected shipping delays and new fraud attempts. Retailers who prepare now for new holiday ecommerce challenges — from shipping delays to customer anxiety about deliveries to bolder fraud attempts — will be better positioned to generate revenue, build customer loyalty and fight fraud this holiday season.” Retailers need to be more vigilant, not less, and consumers need to keep track of their account activity to help prevent fraud as well.

Footnotes
[1] Staff, “15% of US online holiday sales potentially fraudulent,” Payments Next, December 2019.
[2] Staff, “Why E-Commerce Fraud Protection Is Different During the Holidays,” ClearSale, 16 July 2019.
[3] Rafael Lourenco, “Handling Holiday Ecommerce Fulfillment Issues,” Multichannel Merchant, 27 October 2020.
[4] John Stewart, “E-Commerce Will Flourish This Holiday Season, But Watch Out for Fraud, ACI Warns,” Digital Transactions, 15 October 2020.
[5] Dev Kundaliya, “Fraudsters are targeting Christmas shoppers,” Computing, 16 November 2020.
[6] Staff, “Keys to Prepare for 2020 Holiday eCommerce & Fraud,” Kount, 2020.