Identifying and Addressing the Latest Ecommerce Fraud Trends
In 2022, ecommerce retailers can expect to see many of the same fraud issues that that have been plagued the sector in recent years, including card-not-present (CNP) fraud and account takeovers driven by the sheer volume of credentials that have been exposed through data breaches. However, new trends are emerging as fraudsters turn their attention to different types of fraud and additional groups of consumer victims.
Increasing Loyalty Program Fraud
The pandemic kept many of us at home for months, but as borders open up and vaccines roll out, many travelers and shoppers may be in for unpleasant surprises. The loyalty points many of us rack up and use to book flights and hotels or to make purchases with retailers have become an attractive target for fraudsters.
A lot of loyalty points have been sitting unused since March 2020. In many cases, consumers did not bother to check their balances because they were not traveling or planning any trips. Now, some loyalty program members are logging back in to discover that thieves have been helping themselves to those loyalty points to book travel, to make purchases, or to resell the points to other fraudsters on the dark web.
Part of the reason points are so attractive to criminals is because they are not always secured or monitored as closely as credit and bank accounts are. This needs to change. As one credit expert explained, points are “another form of currency.” However, loyalty point losses typically are not covered in the same way that credit-card fraud losses are if the consumer reports them in a timely way. If a retailer chooses not to replace the stolen points, it can sour the customer’s opinion of that store.
Retailers can step up their loyalty program security in 2022 to prevent damage to customer relationships. One way is to screen purchases made with loyalty points for fraud in the same way other purchases are screened. If a loyalty point order raises flags because of a mismatch between known customer behavior and the current transaction, manual review can determine if the order is coming from the loyalty accountholder or a scammer who has broken in or bought the points on the dark web.
Exploiting Social Media Commerce
One pandemic habit that seems to be sticking is social media commerce, which was valued at more than $27 billion in the United States in 2020. That value is forecast to exceed $604 billion worldwide in 2027. Ease of implementation and high ROI make social media commerce an appealing channel for many retailers. However, those same characteristics make social media commerce an attractive channel for fraudsters, too. That means retailers and brands need to keep a sharp eye out for several kinds of risk.
Impostor accounts impersonate brands and drive social media users to phishing websites to log in or make purchases. With the stolen credentials, they can go on a fraudulent shopping spree, resell the data on the dark web or launch account takeover (ATO) attacks. Some imposters are bold enough to sell counterfeit goods by directing social media users to fraudulent websites.
ATO attacks are a risk even for customers who are not phishing victims, because more than half of people reuse passwords across multiple sites. That means a data breach at another company might expose passwords that victims also used on social and shopping sites, and criminal gangs use botnets to credential-stuff sites until they find matches. Then, they impersonate social media users to buy goods for resale and use loyalty points, often without raising suspicion with the merchant.
Retailers should invest in brand monitoring to quickly spot social media commerce impersonators, report them to the relevant social media platforms and web hosts, and warn customers about fakes. As with loyalty fraud, social media commerce fraud prevention also requires screening of all orders, even if they look like they are coming from good customers. In social mediacommerce, it is critical to avoid false positives, because it is so easy for rejected customers to immediately make a public announcement about a bad experience. In ClearSale’s 2021 State of Consumer Attitudes, Fraud & CX survey, 34% of shoppers said they would post a negative social media comment about a retailer after a declined order and 40% said they would not shop with that retailer again.
Targeting Gen Z Consumers
Generation Z is coming into its consumer power at a precarious moment. These teenagers and young adults are digital natives, but their extensive digital experiences make them uniquely vulnerable to credential theft and account takeover fraud. A 2021 survey found that among all generations from Z through Baby Boomers, Gen Z consumers are the most likely to be locked out of a hijacked account and to have unauthorized credit card or bank charges. They are also more likely than older adults to fall for phishing scams.
At the same time, they are more likely to have a bad customer experience while shopping online. In the ClearSale survey, 48% of adults aged 18 to 24 reported experiencing at least one decline online in 2020, with 48% saying that was more than they experienced in 2019. Nearly half (44%) of shoppers in the 18-24 age group will post a negative social comment after a decline, and the same percentage will never return to that retailer. The solution for brands selling to this demographic is to tailor fraud-control rules to the behavior of these young consumers, and to manually review suspicious orders to avoid declining Gen Z shoppers by mistake, because they are more likely than average to respond with negative comments and abandonment.
Whatever forms fraud takes in 2022, online retailers and other retailers should get ready now. By reviewing rates of completed fraud, prevented fraud, false declines and approved orders across all channels, retailers can identify and close gaps in fraud protection. By tailoring the fraud program to each channel’s risk profile and to customers’ behavior—and by reviewing flagged orders instead of automatically rejecting them—retailers can better protect their businesses and bottom lines.
Reprinted with permission from Risk Management Magazine. Copyright Risk and Insurance Management Society, Inc. All rights reserved.
Written by Rafael Lourenco, 2022