One of the most critical considerations merchants need to make this holiday season is fraud prevention strategies. Unfortunately, retailers often make that decision until the last minute. Why? With an array of new and sophisticated types of fraud, it can be challenging to know what to prepare for.
According to new data, the most common fraud tactics that retailers encounter are return fraud (21%), fake account creation (18%), account takeover (16%), gift card fraud (14%), and synthetic identity fraud (14%). To help ecommerce merchants prepare for these types of attacks this holiday season, let’s look at fraudsters’ tactics and their impact.
The looming danger of return abuse
Return fraud has been a typical modus operandi for bad actors for years, and unfortunately, the rise in online shopping has made it even easier to commit. In fact, out of the $428 billion of merchandise returned last year, roughly $25.3 billion were fraudulent. With 25% of annual exchanges taking place between Thanksgiving and New Year’s Day, short-staffed teams don’t have the resources to evaluate if each exchange is legitimate, making it easier for a fake return to go undetected.
The time and money spent on processing, restocking merchandise, and evaluating a legitimate versus fraudulent exchange directly impacts merchants’ sales, gross margins, and profitability. Since return abuse is difficult to differentiate from a legitimate transaction, merchants often must compromise, relaxing their standards for identifying fake exchanges to enable a seamless customer experience.
The hidden damage of fake accounts
When you consider how easy it is to create an online account as retailers prioritize customer acquisition, it is no surprise that bad actors seize this opportunity.
Like any other business, fraudsters are after a return on investment (ROI), and fake accounts are an easy entry point to more lucrative fraud schemes. Threat actors, for example, commonly create new accounts in bulk and use each one to get a “new account” or “refer a friend” discount code. Once they’ve secured the code, it’s simple to resell it on a fraud marketplace or use the discount to purchase items that they then resell at full price, which ultimately leads to higher ROI.
Consumer impact of ATO attacks
The demand for solutions that serve the digital-first economy—from mobile ordering to one-click checkouts—created new opportunities for fraudsters to wreak havoc. Bad actors increasingly leverage data exposed from past breaches to conduct account takeover (ATO) attacks, evidenced by the 307% increase in ATOs between Q2 2019 and Q2 2021.
While ATOs pose a massive financial risk to -commerce merchants, they also have an unrecognized negative impact on customer loyalty. Nearly three in four (74%) consumers say they would stop engaging with a site or app and select another if their account was hacked. The reality is that consumers assume that the purchases they’re making on sites are secure. But, in the case of ATO attacks, this expectation is often shattered. That has a detrimental effect on businesses’ reputation with long-term and new customers.
The rise in e-gift card abuse
With a 114% year-over-year increase in digital gift certificate sales, bad actors know they can steal large amounts of gift certificates without being noticed. By capitalizing on the speed of delivery of digital gift cards, fraudsters can commit various crimes—from testing stolen credit card information to buying gift certificates en masse for reselling online.
Though many retailers are trying to catch this type of fraud proactively by monitoring high-volume transactions, the lack of information required to purchase e-gift cards makes it virtually impossible to track this kind of fraud. Since they’re not shipped to a physical address, bad actors have little risk of revealing their locations. As a result, once they’ve resold the vouchers for cash, it becomes almost impossible to trace the transaction back to the original source.
The fraud economy’s effect on synthetic fraud
Over the last few years, the increase in retail credit cards has created a new type of abuse retailers should be aware of synthetic fraud. Synthetic fraud is a complex form of identity theft in which a threat actor combines stolen personal data with fake information to create a fake identity.
This vector has grown so fast over the past few years because of the fraud economy, a self-supported ecosystem that paves the way for repeated attacks. While a data breach on its own may not be enough to execute an attack, the fraud economy allows them to pool together the bits of information they need to create a synthetic account.
This type of fraud is one of the most challenging forms of abuse to catch because bad actors take their time to build up a legitimate credit profile. In many cases, they’ll take years to build up a good credit score. Then, when ready, they’ll make large fraudulent charges and abandon the identity, which leaves the merchant stuck paying the price.
How to prepare for the holiday season surge
It’s challenging to defend against this array of attacks. Protecting your business begins with planning as soon as possible. Planning starts with evolving beyond legacy approaches and adopting a digital trust and safety strategy that dynamically addresses fraud while creating a seamless experience for legitimate customers.
By implementing a comprehensive approach and technologies like machine learning, retailers can better defend against large-scale fraud this holiday season. Ingesting thousands of different signals beyond purchase data—such as return history, different shipping addresses and account logins from new devices—machine learning algorithms can quickly adapt to detect suspicious activity in real-time without human intervention. This allows merchants to detect suspicious activity proactively and stop fraudsters in their tracks before they destroy the holiday sales cheer.
Sift is a fraud-prevention technology supplier.