How significant is the gap between perception and reality when it comes to understanding the impact and response to ransomware attacks
Global fraud report: tendencies and needs when the danger multiplies
Based on an extensive round of surveys conducted between November and December 2021, Cybersource published a comprehensive report in the middle of last year that explores the latest developments in the area of fraud prevention and electronic payments, identifying the main forms of fraud faced by ecommerce and the most appropriate protection measures.
T
he “Global Fraud Report 2022”1, produced in collaboration with the developer Verifi and the Merchant Risk Council (MRC), aims to provide an overview of the prevailing forms of fraud, the resources that companies and businesses make available to combat fraud, and questions such as the extent of companies’ liability and whether enough is being done to minimize the damage caused by these criminal activities. Let’s review the most relevant issues and questions raised by the report.
The survey sample includes a very diverse mix of large, medium and small companies from Africa, Asia, the Americas and Europe. By sector, they are divided into physical goods and retail (60%), digital assets and entertainment (6%), tourism and travel (9%) and other products and services (25%). This set serves as a vehicle for structured research on five questions.
-
What effect is fraud having on merchant businesses?
Globally, fraud costs increased for the second year in a row, with upticks of about half a point in a year across all markers: lost revenue, orders rejected as fraudulent, chargebacks and disputes.
However, the investment earmarked for fighting fraud has barely moved. On average, this item accounted for 10% of total spending in 2021, with no increase in 2022. North America is above average, albeit because it invested only 5% in 2021, matching the 10% of the rest of the territories in 2022. Even so, the respondents are supportive of the improvements in the guidelines on payment services, which make it mandatory to implement strong authentication systems, and this will require a progressively greater financial effort. It is also noted that the medium-term objective is to increase the use of automated fraud detection tools to replace the use of manual order checks, which in the end require a great deal of effort for a very low detection rate.
-
What types of fraud attacks are they experiencing?
The most common would be:
- Phishing and pharming (35%), a type of phishing that directs people to fraudulent web pages that imitate authentic pages.
- Card testing (34%), small purchases made by hackers using stolen credit card numbers before making a larger transaction to check if it works, which is often carried out through multiple transactions with different merchants to avoid suspicion.
- Identity theft (33%).
- First-party misuse (32%). This is an umbrella term for fraud carried out by an account holder who claims not to have made a transaction in order to claim a refund, exchange or some other benefit. It is also known as ‘friendly fraud’ because it isn’t perpetrated by a professional criminal.
- Account takeover (27%), the well-known ATO.
On average, each retailer suffers 3 attacks per year. In particular, respondents report a significant increase in misuse by third parties, with customers hiding behind technical glitches and confusion to “cheat” the merchant.
In this regard, the most pressing challenges to be addressed, according to replies to this point, would be as follows: identifying and responding to emerging fraud attacks, keeping up with regulations or changes in payment system standards, knowing how to quickly adapt business models due to post-COVID-19 changes, effectively using data to manage fraud, updating fraud risk models (scoring, etc.), and expanding into new sales channels.
-
What kind of strategies are companies following to prevent and manage fraud?
At this point, the study notes a trend whereby companies are prioritizing the fight against fraud over improving the customer experience, an aspect that was highlighted in previous reports.
On average, each company uses 4 fraud detection tools, mainly identity and credit card verification services (such as CVV or CVN codes), multi-factor authentication formulas or, less commonly, analyses of the customer’s order history.
The next two blocks of the report focus on electronic payments: what payments methods are used, how merchants are optimizing the services and processes available to them, the different forms of management, the new payment platforms, as well as their capacity for absorption in a world that is adopting digitalization in a very uneven way.
-
What practices and partners are used for accepting e-commerce payments?
Most e-commerce managers are adopting more modern payment methods to improve the customer experience, reach new segments and minimize the risk of fraud. In fact, 9 out of 10 say they proactively encourage their customers to use the payment methods they consider most appropriate. The four methods preferred by respondents are: digital wallets, direct debit transfers, traditional cards and mobile apps such as PayPal mobile or Amazon one-click.
There is growth in third-party payments (i.e. PayPal), BNPL (buy now, pay later) payments, digital wallets and mobile app payments.
To support these omnichannel methods, merchants are using multiple payment processors and acquiring banks to maximize flexibility, geographic coverage and authorizations. By using multiple providers, merchants can ensure continuous uptime and increased transaction security.
The adoption of new payment methods results in a lower risk of fraud, a higher conversion rate and faster availability of funds.
Another trend that doesn’t seem to be reaching its peak is the support merchants seek in third-party marketplaces (Amazon, AliBaba, etc.) to sell their products and position themselves. Therefore, 8 out of 10 include them in their strategy to strengthen customer loyalty, favor competition, improve the user experience, not depend on company location or bet on e-commerce without the need to assume the costs of developing a website.
-
How are merchants optimizing processes and platforms?
Retailers are looking for new ways to improve the customer experience and make payments easier, and they are experimenting with a variety of innovative approaches. These include in-store pickup, online ordering with in-person payment, and the use of technologies such as artificial intelligence chatbots. These bots are able to assist consumers at critical moments while shopping to avoid abandonment due to technical difficulties or offer suggestions based on items they have previously searched for or purchased. They can also share product updates to prompt customers to continue buying the same brand. However, these technologies have yet to be widely adopted, with Asia and Latin America being the territories most likely to further develop them.
In terms of payment optimization, an average of 2 to 3 different approaches or techniques are used:
- Intelligent routing. Intelligent routing. Used to increase payment authorization performance, it is a technique that involves the use of advanced algorithms to choose the best payment processor or acquirer for a specific transaction. Instead of using a predetermined processor or acquirer, intelligent routing analyzes factors such as approval rate, interest rate, geography and transaction history to determine the best provider for each operation.
- Machine learning. Applied to e-commerce purchases, a machine learning system can help optimize sales by analyzing historical transaction data to detect patterns and trends. These patterns can include everything from the time of day transactions are conducted to the type of device used to make the payment. With this information, the system can automatically adapt its processes to improve the success rate of payments and also reduce the risk of fraud.
- Automated Retries. This is a process triggered by a failed or unsuccessful initial payment. The automated system will try the payment again using different parameters or information, such as a new card or a new payment processor.
Tokenization, understood as the encryption of card data by means of unique codes or tokens, is spreading at a good pace in e-commerce. This is highly motivated by the security and risk reduction it entails. In any case, just over 50% of companies worldwide are using these procedures in the management of payments, which leaves plenty of room for growth.
The “Global Fraud Report” shows that e-commerce is facing a challenging future, with a willingness to understand the benefits of applying innovative technologies, but with fraudsters simultaneously multiplying their attack tactics. Investments in fighting online crime are modest compared to the losses they cause. Any industry that facilitates electronic payments is at risk, which is why the guard should not be let down.
1 Global Fraud Report 2022 | Cybersource. 2022