As we look ahead at 2017 we see a few new trends emerging along with some previous trends that have gained full momentum. As online retail continues to grow in the US and even faster overseas, we’ve put together a shortlist of things to consider as you prepare your fraud prevention strategies this year.
1. Fraudsters will get more sophisticated
Like any organization or industry, the growth of online fraud has had its trial and errors. To protect themselves online merchants have to be right 100% of the time while fraudsters only have to be right 1% of the time. This cat and mouse game that fraudsters play continually enables them to outwit fraud prevention systems. And as the world’s digital economy grows and online security matures, fraudsters have evolved.
Since the introduction of EMV, online merchants have been under constant pressure to strengthen themselves against fraud and in 2017 the barrier to entry for fraudsters appears to have finally risen. Just a few years ago fraudsters could get away with thousands of dollars of stolen goods with just a stolen credit card. But today’s fraud prevention solutions provide advanced detection and prevention methods, forcing fraudsters to steal credit card numbers, addresses and personally identifying information to bypass merchant defenses.
2. Fraudsters will leverage larger data sets
It’s been more than a decade since AVS or CVV were effective indicators of online fraud. Consider this article from 2004 which already addresses shortcomings with AVS use online. Today certain fraudsters intentionally provide slightly incorrect information to make their AVS or CVV appear more legitimate, like normal buyers.
With the need for greater personal data has come the growing size and scope of online data breaches. Experts predict breaches will continue to get more frequent and more increasingly personal. In particular, hospital and medical information, along with student records, are predicted to be common targets given their treasure trove of personal data.
But the largest available data set may actually be the Internet of Things with devices such as Nest, Amazon Echo and self-driving cars providing fraudsters with live updates on exactly who their victims are and what they’re doing. Of particular concern are internet connected security cameras. Originally intended to detect the theft of packages, they are increasingly being hacked to track packages and help fraudsters. Gaps in security are emerging every week as new devices and new categories of devices come online to communicate with other devices and humans. This allows fraudsters unprecedented access to devices from which to siphon personal data, maximizing their chances of successfully stealing from online merchants.
3. Fraudsters will organize on a larger scale, especially at a state-sponsored level
Major currencies, including the US dollar, are becoming increasingly digital. As retail purchases continue to move online, an increasingly larger percentage of transactions are happening without hard cash. This means cybercriminals will continue to gravitate towards the theft of digital dollars and goods. And while that, in itself, is not breaking news, the rise of cyber attacks on retailers from state sponsored groups is truly disturbing and could cause serious challenges for corporations around the world.
With its seemingly borderless global access, ecommerce provides merchants with growth opportunities from everywhere and often at rates of growth ahead of their brick-and-mortar counterparts. As the race for digital markets intensify, so does this inequality between companies and industries growing exponentially and those simply growing, or worse, not growing at all. Countries with younger populations, high unemployment and strong technical skills, like India and Eastern Europe, can become breeding grounds for large collective groups of sophisticated fraud at unprecedented scale.
4. Law enforcement will continue to fall short
State and federal lawmakers have been slow to pass new laws to aid law enforcement and catch online fraudsters. And while laws exist to prosecute for credit card abuse and fraud, there is no urgency to enforce these laws. Higher profile cyber crimes such as election tampering, the theft of national security information, massive data breaches and child pornography have all but exhausted available law enforcement capabilities.
In many cases, online fraud is committed against online retailers in Western countries from fraudsters living elsewhere. This creates even more challenges as there is a lack of consensus on how to effectively prosecute such cybercriminals across country borders. Thus, merchants selling domestically or internationally will have to stay vigilant against fraudsters as 2017 will not be the year the police steps up to catch online fraudsters.
5. Rules based fraud prevention systems will be widely replaced
In the early days rules based fraud prevention worked well because fraudsters worked independently and had limited means. Large corporations benefitted by putting up static, well-thought out defenses and tweaking their sophisticated rules as fraud activity slowly changed each month. But rules based fraud prevention worked because the data involved was relatively simple, static and less powerful, given limited automation. Fraudsters would attempt purchases with just a name and credit card number, or even just a credit card number. Today’s fraudsters are far more sophisticated and now they seek rules based systems because they know they can beat them and do so on a recurring basis.
However, rules based systems aren’t failing because of fraud alone. In recent years, merchants have discovered their rules based systems are declining legitimate orders from loyal customers that, for non-fraudulent reasons, failed their test. This has resulted in not just a single loss, like that of a chargeback, but a lifetime loss as customers are unlikely to return to merchants who repeatedly decline or delay their orders.
While simplification is often the best strategy, in 2017 “more is more” (not less) for online fraudsters. More data, more collaboration (with other fraudsters and cybercriminals), more technology and more opportunities for theft at an unprecedented scale. However, for merchants we continue to recommend maintaining a sharp focus on your key priorities while we continue to prevent fraud. With Signifyd you’ll always be protected against chargebacks. Guaranteed. And you can count on us to continue to provide updates on these trends and other threats as they emerge throughout the year to keep our merchants informed.