No Rest for the Wicked:
Cybercriminals don’t take holidays
January 13, 2021
This week we dive into a commentary by Andrea Montero (Director of Product Management at Forter) on the ways fraudsters have taken note of the changes in consumers’ behavior and how they exploit the newfound vulnerabilities they have found in the boom of online shopping since the COVID-19 pandemic started.
Merchants Should be Prepared for the Holidays
The four items Andrea mentions in her list are accepting new users, offering same-day delivery and pickup, preventing account takeover, and identifying returns abuse.
Accepting New Users
As we have stated in previous blog posts on the topic, many online retailers lose customers because many systems have a hard time telling whether a new customer is indeed genuine, therefore giving way to something called a “false decline”, this is in part due to a lack of data and limited visibility into customer identities.
Wrongly declining new users gives way to them turning to other shops or systems, resulting in the loss of a new customer. According to Andrea, “[retailers] need to ensure their system has access to a larger external network of identity data so that it can distinguish between new legitimate users and fraudsters.”
Same-day Delivery and Pickup
In this day and age there is nothing more attractive to a prospective new customer than offering them same-day delivery or BOPIS (buy online, pickup in store) especially during the holidays, which historically are the times people make last-hour purchases the most. According to Andrea, stores that offered convenient services like BOPIS saw their sales rise 49% on average over 2019, while stores that didn’t offer these options saw about a 28% rise.
Achieving this is not possible with systems that rely on manual reviews, as they are too slow to offer such a service, therefore an automated fraud-prevention solution is imperative.
Preventing Account Takeover
Online shopping is an amazing and convenient way to do business; but it does come with its own set of problems. Account takeovers (ATO for short) are a big part of the issue. Fraudsters target customers’ accounts through phishing attacks and the dark Web marketplaces, where they are able to purchase the information of several accounts and completely take them over.
Unfortunately for retailers, once the information of a customer is vulnerated, they no longer feel safe making use of their services, therefore a fraud-prevention solution that can block ATO attacks that can detect when an account has been compromised is a must. According to Andrea, hopefully the solution will be swift, as once an account has been taken over, 40% of the fraudulent activities will happen within 24 hours.
Identifying Returns Abuse
Flexible return options are expected of merchants, customers are very attracted to those businesses that make it easy to return a product after purchase, especially when buying gifts. However, there are those who abuse return policies, “the holidays bring out policy abusers and fraudsters. In 2020, fraudulent holiday returns to U.S. merchants totaled about $10.2 billion.”
Legacy fraud prevention can help with basic returns abuse, however, it can be blind to fraudsters who buy online and return in-store. Not only does a solution need to focus on ecommerce channels, but also physical in-store fraud. If retailers want to be covered, they need to seek a solution that enforces their return policy across all purchases.
In conclusion, merchants need to familiarize themselves with the systems they use and their limitations. Even if fraudsters don’t take days off, merchants can actively look for solutions that will help prevent loss of revenue and business as a result of cybercrime.