Shopping peak seasons can provide enormous revenue boosts to online retailers, but not without certain risks. In anticipation of higher shopper velocities and lucrative sales, businesses often loosen their risk and fraud restrictions, paving a smoother path towards sales at the expense of making it easier for fraudsters to blend in with genuine shoppers.
To reduce friction during online transactions, business owners often put comparatively lax security in place, such as reducing recommended 3D Secure and authentication thresholds required of shoppers, so as to increase conversion rates with effortless one-click payment options and similar features. This makes peak seasons prime time for fraudsters to attack. This is of particular concern considering fraud is already on the rise, with 36 per cent of retailers reporting that fraud attempts have increased in their organisation within the past 12 months.
It’s therefore critical during these times for retailers to find the right balance between converting trusted shoppers whilst blocking fraud as sales volumes increase.
“Merchants should have good risk management practices and tools in place,” says Priyanka Gargav, head of commercial SEA & Hong Kong, Adyen. “These can be internal or leveraging external risk service providers. Good fraud management should be multi-layered and consist of both proactive (i.e. risk engine, machine learning, authentication) and reactive (i.e. anomaly monitoring, chargeback management) elements.”
An important first step in reducing the threat of fraud is to understand the various strategies fraudsters are using to circumvent retailers’ security efforts. This involves a certain level of education and awareness within the business, although operators should not see fraud mitigation as simply a business cost but rather a process that will have a positive impact on the overall conversion rate as a whole.
Fraudsters have a range of strategies available to them to take advantage of retailers’ need to provide genuine shoppers with the conveniences they expect. Here are some examples:
This involves a direct abuse of a merchant’s refund/returns policy, where fraudsters falsely claim not to have received an item or to have returned a good and ask for a refund – a trick known as “double dipping”.
Similar abuses can happen when cardholders pretend not to have made a transaction on their credit card, or that a family member (especially a child) has made an unauthorised transaction – taking advantage of expectations that a retailer should issue a refund according to policy.
Other more sophisticated strategies arise from the publication of genuine credit card details on the dark web, where fraudsters can then test out their validity on a retailer’s website until getting an approved transaction using stolen credentials.
Enumeration/brute force attacks
This tech-heavy strategy sees fraudsters using automated scripts to overwhelm a retailer’s website with high-velocity attempts over a short period of time until they manage to obtain a set of valid card credentials. These attacks are often targeted at retailers with a card tokenisation step, a process of replacing sensitive data with non-sensitive data.
In the face of the varying strategies used by fraudsters to penetrate retailer defences, businesses must find a balance between converting genuine customers and blocking thieves. This should involve constant communication between departments, with the fraud team adjusting risk settings according to current marketing campaigns, taking into account expected increases in transaction velocity and sales. It should also involve ensuring that performance metrics and KPIs are aligned.
“The KPI of a fraud team should not be just reducing fraud at all cost,” explains Gargav, “and should be aligned to increase a business’s net payment revenue. The same considerations should apply even if retailers are using third-party service providers.”
Ultimately, risk management needs to be tailored to each retailer’s unique challenges in order to find the proper balance between a frictionless experience for genuine customers and the prevention of fraud. A unified payment platform such as Adyen’s can provide visibility into customer behaviour across channels as well as a wealth of data insights that can more effectively target fraud.
“Adyen’s fraud management system RevenueProtect is multilayered and allows retailers to pull different levers and introduce additional layers of protection for transactions with different risk levels,” says Gargav. “It considers the overall conversion rates of retailers rather than just fraud and chargeback rates, while our machine learning optimises overall payments conversion rather than just reducing fraud in silos.”
For more key insights from Adyen, check the following links to download region-specific peak season reports: