When a group of risk and payment professionals gathers on the eve of November, you’re going to get conversation about one thing:
Bracing the enterprise for the considerable wave of online fraud that comes with the considerable wave of online holiday orders. Signifyd’s FLOW Digital Risk Connect was no exception — though that’s not to say the virtual event was a session of complaining and woe-is-me.
Instead, the afternoon, featuring Tophatter Director, Trust, Safety & Support Charlie Spencer and Blue Nile Fraud Prevention Manager Conor Corkrum in conversation with Signifyd’s Head of Customer Success Tim Potvin and Signifyd’s Head of Risk Operations Ping Li, was a collaborative strategy session.
View the entire FLOW Digital Risk Connect program
The overarching theme revolved around the way fraud is changing — rapidly. It was ever so: Fraudsters and risk professionals are in a constant arms race. Risk professionals innovate, building better AI models and creating more powerful detection strategies. Criminal fraud rings innovate in-kind, coming up with tools of their own or ingenious new and expanded ways to attack retailers.
Fraudsters are upping their game to keep up with protection strategies
“Fraud has gotten more sophisticated over the years because cybersecurity has gotten better,” Blue Nile’s Corkrum said. “These people are having to be more sophisticated. They’re having to up their game, because their avenues are being shut off. There is still going to be fraud, because people have a lot of ingenuity, but I’m optimistic.”
Listening to the assembled experts, four new or expanded threats emerged as the holiday favorites among fraudsters for holiday 2020.
- Synthetic identities: This scheme is a risk professional’s nightmare because the fraudster literally creates a new “person” from thin air. Well, she or he creates the identity from a stolen social security number and bits of other identifiers, stolen and made up. There is no individual victim and few ways to quickly determine it’s happening.
- Professional-grade friendly fraud: Sounds like a misnomer, but it turns out professional fraud rings are moving into misdeeds once the province of rogue customers who would claim, for instance, that a delivered package never arrived.
- Professional return fraud rings: Professional criminals are moving into another scam that was primarily the speciality of amateurs who would, for instance, return slightly used items. The pros have created agencies (complete with websites and marketing campaigns) that will help consumers commit return fraud by filing returns that don’t require the product to be sent back or by otherwise obtaining refunds while allowing the customer to keep the product. They also return knockoffs of expensive items or ship back for instant refunds, a box of rocks or empty envelopes.
- Account takeover: OK, this one is a bit of a chestnut, but risk professionals say they are seeing more what they call ATO as run-of-the-mill stolen credential fraud becomes harder to pull off. Like synthetic identity, ATO can be difficult to detect quickly, but the fact that an actual victimized cardholder is a help.
Signifyd’s Li pointed out that all of these schemes are being powered in the pandemic era by an increase in cybercrime. Cybercriminals are feasting, in fact, on a new wave of online shoppers who moved to ecommerce as the only alternative for buying and have stuck with it because of its convenience and safety, relative to shopping in stores. Add to that, the big increase in time people are spending on unsecured or poorly secured networks and it’s a recipe for ill-gotten gains.
COVID is giving fraud rings the information they need to accelerate crime
“I think COVID actually has a serious impact on the fraud landscape,” Li said, citing the analyses of cybersecurity experts. “They have warned us that there are many more phishing attacks against online users. Many businesses have had to go online. And there are many new users who are not used to doing online shopping. They don’t have much online security experience.”
And, of course, this holiday season is likely to be like no other given the expected surge in holiday orders that will come on top of an existing surge of pandemic-driven orders, which has propelled ecommerce into the future, volume-wise.
“We’re actually living in 2025,” Potvin said. “We’re actually living our 2025 projections right now.”
But, as we said, the session wasn’t about fretting, but instead about strategizing. The single biggest piece of advice from a number of speakers was: Be prepared. True, the holiday season will start early in this strangest of years. For those with work to do, there is no time like the present.
“It will come earlier,” Li said of the holiday surge in orders. “In previous years, we’d see it the week of Thanksgiving. You could see the volume ramping up. Then you’d get a big peak. But now we’re already seeing it.”
Potvin suggested merchants be extra vigilant for friendly fraud in the form of false item-not-received (INR) claims — claims by consumers that a package that they ordered never arrived when it fact it did. Signifyd recently polled consumers and found that more than a third had falsely told their credit card companies that a package had never arrived, even though it had.
Signifyd’s transaction data tells a similar story with false INR claims rising 92% year-over-year through October.
“With COVID-19 some people’s moral compass is off,” Potvin said. “It’s painful. A lot of people are out of work. A lot of people who are working aren’t working as much as they used to. With that came the conundrum of people accepting goods and then saying they never received it.”
Corkrum suggested retailers ship quickly, which, he said, reduces the likelihood that a package will go missing. Corkrum added that retailers would be wise to build good relationships with shippers, such as FedEx and UPS. When shippers work closely with retailers they will often alert merchants to signs of trouble with particular orders based on past experience.
Retailers can protect themselves with smart strategy and tools
Potvin said some retailers could consider “designated delivery” — or the practice of delivering orders to a neighborhood shop, such as Walgreens, for instance, where the receiving customer would show an ID to pick up the package.
For his part, Tophatter’s Spencer said his team has identified tell-tale account takeover signs and is amping up its vigilance. And both risk professionals said they were relying on Signifyd’s Commerce Protection Platform to protect their revenue and scale up operations for the holiday.
The machine-learning platform identifies fraudulent orders and protects retailers from illegitimate item-not-received claims, while providing a financial guarantee for those rare instances when approved and shipped orders turn out to be bad orders.
Offloading the need for manual review and the stress of making those yes or no decisions on a rapidly increasing number of orders frees up ecommerce teams to make sure customers are receiving an ideal shopping experience and that their holiday orders are shipped in a timely fashion.
Those things are obviously important 365 days a year. But come holiday time, with its tradition and emotional impact, they are all the more important.
Join Signifyd’s FLOW community to network and strategize with fellow ecommerce leaders.