Like almost every aspect of life, the world of online fraud can be viewed through the lens of “before COVID-19” and “after COVID-19.”
The stunning and abrupt changes that the global pandemic brought to eCommerce in general dramatically affected fraud trends. In 2021, we are not only seeing more fraud, but we are seeing more new variants of fraud.
Fraudsters, remember, are entrepreneurs. And like any entrepreneurial operation, fraud rings adjust to market conditions and new opportunities. During the pandemic, many brick and mortar stores closed, at least temporarily. Even when stores were open, consumers became skittish about strolling the aisle with others.
Instead, they turned in large numbers and with greater frequency to online shopping. Every day, some like to say, became like a day during the height of the holiday season. Data from Signfiyd’s Commerce Network, in fact, showed the number of shoppers new to ecommerce 2020 increased by 32.4% over 2019.
All these new shoppers with new habits and unfamiliar identity profiles, along with the increase in orders (ecommerce sales were up 49% year-over-year on Signifyd’s network), created the ideal circumstances for fraudsters. Fraudsters like to strike when risk teams are overburdened and ecommerce operations in general are stressed.
Add to that, the large number of consumers and workers confined to their homes. More online time and more online activities, expanded the opportunities for fraudsters to harvest personal data and account information that they could spin into fraud opportunities.
Concurrently, as online sales became a bigger part of the revenue pie for many retailers, merchants took a more serious look at how they managed risk and fraud. A substantial number turned to forward-thinking, automated solutions, such as Signifyd.
Fraudsters work at staying a step ahead of fraud protection
As fraud protection improved, fraudsters (and some unscrupulous consumers) moved on to new areas of attack — claiming orders that did arrive never arrived, or falsely reporting that items were damaged when received, or engaging in return fraud.
First, in terms of increased fraud: Fraud attacks are up 260% in July compared to pre-pandemic levels, according to Signifyd’s Fraud Pressure Index. The index represents the rise and fall of very high risk — and presumably fraudulent — orders over time and across industry verticals.
To gauge the expansion of fraudsters’ targets, we analyze the changes in non-payment fraud that results in chargebacks. Signifyd’s Consumer Abuse Index shows that non-payment fraud attacks, such as false item-not-received claims, are double this summer compared to the early days of the pandemic.
The Consumer Abuse Index tracks the number of chargebacks that Signifyd contests and wins. The index assumes winnable chargebacks are highly likely to be true consumer abuse.
Online fraud is continually changing. That was true before COVID-19 and will be true when COVID-19 is mercifully a distant memory. But the pandemic accelerated the change and inspired creativity among fraudsters.
The biggest fraud trends of 2021
As we emerge from the pandemic and retailers focus on the 2021 holiday season, here are some of the specific trends that Signifyd is seeing in online fraud:
An increased deployment of bots: Fraud rings are relying more on automation to commit rapid-fire fraud. This fraud takes several forms.
- Credential stuffing: This practice allows fraud rings to take over accounts in bulk. Since consumers often use the same passwords across multiple sites, bots can use stolen credentials (often purchased on the Dark Web) to attempt sign ons at thousands of sites in a very short time. Fraudsters then make purchases on the accounts they successfully take over.
- Card testing: Fraud rings have upgraded from testing the validity of stolen cards by making small under-the-radar purchases to build up a history. Today rings are rapidly testing cards by adding new credit cards in large numbers to accounts in good standing. A merchant will typically verify the card with a $0 charge authorization to see if the payment processors and banks involved approve the card. If the card goes through, the fraudster knows they can use this card to make an actual purchase of some valuable products. The fraudster then resells the items.
- Synthetic Accounts: Fraud rings rely on stolen credentials often purchased on the Dark Web and automation to rapidly assemble a multitude of fake accounts simultaneously. These patched together personas look like real customers online and the sheer volume makes them hard for fraud and risk teams to track.
- Fraud fusillade: Once fraud rings know they have viable credit accounts in hand, they turn to bots to place a flurry of fraudulent orders at hundreds or thousands of ecommerce sites across the web. The dizzying speed of the transactions means fraudsters can get away with their theft before risk managers have a chance to detect and understand the extent of what’s happening.
A trend toward attacking earlier in the online payment process: Fraudsters know that the pre-checkout portion of the payment path is less fortified than the checkout process itself. In general, retailers don’t want to turn away shoppers before they’ve had a chance to become customers, so areas such as account creation, account login and updating accounts with additional payment forms are often softer targets than the checkout process itself. Merchants erect fewer barriers in the early payment stages to avoid early friction.
More creative forms of mule fraud: With so many people working from home during the pandemic, fraud rings upped their mule fraud game — recruiting often unsuspecting accomplices to order and/or receive fraudulent goods and forward them to the fraud rings for resale. Rings have now created fake companies that “hire” work-from-home workers to facilitate fraud. The companies come complete with job interviews, training videos, employee handbooks and the like. What the fake companies often don’t come with is a paycheck for the work the mule does.
Policy abuse and return fraud: As retailers have shored up their online fraud protection and as fraudsters have become more innovative, fraud rings have expanded more noticeably into policy abuse, sometimes called friendly fraud. Typical scams in this area include ordering and receiving a product, but reporting that the product never arrived. The idea is to get both the product and a refund for it. As we mentioned, Signifyd’s Consumer Abuse Index is up 100% this summer over April 2020. A growing area of concern for online retailers is return fraud. Fraud rings will purchase high-value items, for instance, and seek a return while sending back a knockoff, a second, damaged version or even something of no value that weighs approximately what the new product weighed. To give you a sense of the scale of the problem, the National Retail Federation and Appriss Retail reported that about About 18% of online retail sales were returned in 2020 and 7.5% of those returns were fraudulent.
Technological innovation gives merchants the upper hand
Clearly, the challenges around fraud are not getting any easier for online merchants, though fortunately the technology for helping put a stop to fraud schemes is. Besides, keeping up with some of the best practices for preventing fraud and abuse, such as return fraud, retailers should look for identity-centric solutions.
Such solutions rely on machine learning and big data to identify patterns of behavior that indicate an order is fraudulent or abusive. The most forward-looking solutions offer a financial guarantee, making retailers whole for approved orders and non-payments-fraud chargebacks that result from malicious transactions.
Online fraud will continue to evolve as fraudsters continue to seize opportunity where it arises. The best defense is to depend on a system that is also constantly evolving.