A lot of friends and former colleagues in the fraud prevention industry have been reaching out to me lately asking what to expect, from the fraud perspective, during the current coronavirus crisis.
If you’re wondering the same thing, you’re right to be preparing. Fraudsters change their tactics according to the season, customer buying patterns, and available technology.
It’s not nice to think about, but it’s almost inevitable that they’ll be trying to take advantage of a pandemic, its business implications, and the uncertainty and stress it causes.
What Kind of Online Fraud Should You Expect?
COVID-19 and its implications hit different businesses in different ways. Some types of businesses, such as travel-related companies, events planning or ticketing businesses, restaurants and so on, can expect to see a (hopefully very temporary) reduction in volume.
Others, such as delivery services, home entertainment, online shopping, and any service which facilitates efficient remote work, can expect to see a surge in volume.
The kind of fraud you’re likely to see, and the preparations you should make, are slightly different depending on which category you fall into. I’ll take each one separately, and then discuss the risks which are likely to be on the horizon for all of us, regardless of which industry you’re in.
Volume Reduction: Fraud Ahead
If your business is expecting a reduction in the volume of traffic, accounts, transactions etc. that you see, these are the two top trends to watch out for.
1. Higher decline rates and higher loss rates
As the number of good transactions decline, fraud may not drop as fast. So total bad transactions may remain the same, while the total volume declines. This means overall fraud and loss rates will go up.
The opportunity will be to have better visibility on fraud that currently hides in the crowd. Use this time to identify more MOs you were not aware of.
Be careful of tightening your controls. The temptation is there, but lowering thresholds to get a “better loss rate” may result in further hurting your business by getting more false positives and hurting the little business you still have.
2. More dormant accounts
Good customers will be “hibernating” for a little while, and this presents you with a future challenge, when business ramps back up. This will make it hard to tell ATO’d [account takeover] accounts from legit returning users.
You should think now: How will you stay in touch? What can you do now to make it easy for the legitimate users to re-activate in a few months?
The opportunity is to be proactive by getting a secondary email or mobile phone number. Think of ways to get customers to visit your service even if they are not buying anything. Consider what methods can help you re-identify users when they do return. Ultimately, this could be a long-term asset to your team and to the business.
Be proactive – This sounds like a problem for future you, but preparing now can help you bounce back faster when the crisis is behind us.
Surge in Volume: Different Fraud Ahead
If your business is expecting a surge in volume then you also have things to watch out for—but they’re a little different.
1. Rise in account origination fraud
This is a heaven for fraudsters. There is a high volume of new accounts for them to hide in. While the volume rises you should look for ways to identify the legit new users vs. the fraudsters using stolen identities and credit cards. Remember to watch out for accounts set up now that look harmless but are designed to age, in preparation for future fraud.
The opportunity is to give your new customers a taste of your service and possibly get them for life.
Be careful of opening the doors too wide. You should look for ways to identify the real users without applying too much friction.
2. Rise in takeover of dormant accounts
Just as you’ll be seeing a flood of new accounts, in the same way many old accounts are likely to re-activate. Once again this is an opportunity for fraudsters to slip through the cracks. You might be tempted to let everyone in with no friction, or even lower your action threshold.
The opportunity is to think of low-friction ways you can identify your dormant accounts, while keeping fraud out. Use this time to also collect more information about the behavior of less active users. Build your trusted IP, Devices and Addresses database for future use.
Be careful – the surge in good volume may make loss rates look artificially good in the first few months (high volume, low chargebacks), but the picture may reverse quickly as the chargebacks start flowing in.
Some Challenges Are Shared
No matter what kind of industry you’re in, now is the time to be aware that your customers may be exposed to a high volume of phishing attacks. These attacks are more likely to succeed because the users are operating under unusual levels of stress.
Phishing, of course, can cause you problems later on since it’s often simply the first step in a fraud campaign. It also pollutes the broader ecosystem. If you can, it’s best to head it off at the start by prevention at the source.
It’s a good time to remind your customers about how you contact them and apply good anti-phishing practices. This can actually be a positive message for your users – you can explain that you are contacting them in order to protect them and to enable them to protect themselves.
Tell your users (if possible):
- We will never call you
- We will never include a link to our site / login page in an email
- All emails will include your name
- When in doubt, contact us through the information on our website and not using any contact method or phone in an email
- We will never ask you for identifying information like your password
Fraud, Damn Fraud, and Statistics
The center of the true challenge for fraud teams is that we all rely heavily on our statistical models, of one kind or another. This is something every team will be facing, regardless of the industry to which their company belongs.
Statistical models rely on what they know about the past. They assume that, within a margin of error and fluctuation, the present (and the future they’re predicting based on it) is much like the past. Right now, that’s clearly not the case. Traffic has already shifted, and purchase patterns are changing: item size, frequency, and content will change.
How does that impact fraud? Well, for example, IP velocity measures need to adjust to that shifting traffic. Transaction velocity, amounts, time of day—all the parameters fraud teams feed into fraud detection models—are going to be very different to those we’re used to.
But… We’ve trained our models on what we’re used to. They’ll take time to adjust, and the adjustment will require fraud teams to be very proactive about analyzing the live data, performing manual reviews, adjusting thresholds, adding rules, and even shutting down some of the models.
How Fraud Managers Can Mitigate This Risk
You need to watch the system carefully, to make sure you are not declining the wrong people while letting the fraudsters in. This may be a time to go back to the basics of risk management – look for positive identification vs. abnormal behaviour.
Don’t get stampeded into “solving” the problem fast. Re-training the models isn’t something that most teams can do this week. Make sure of your data and your deductions before you incorporate them.
Of course, you’ll need to remember to exclude this part of the data from your future training set so that it doesn’t skew results in more “normal” times. Better yet, use the opportunity to build a crisis model that you can use next time! That could be a true business asset for the future.
I hope this helps, and I hope it helps all of us come out stronger from this challenging time.
Stay safe. Stay healthy. And, sad as it is to say it, watch out for fraud.
Identiq operates an identity-verification network designed to allow retailers and other organizations to validate new online visitors and authenticate ones who have visited before.