As consumers increasingly turn to online shopping for essential and non-essential goods while at home, fraudsters have adapted their technique to use more sophisticated tactics against consumers, banks and merchants.
The situation is tenuous. A recent study from Forter shows fraud attacks increased by 19 percent, globally, from 2018 to 2019 across the online-retail landscape, ranging from return abuse and shipping fraud to account takeovers, identity manipulation and other emerging threats. Observers expect that figure to increase in 2020 based on the last few months alone. Banks and retailers have already reported increases in phishing attacks, and the perception that fraud-prevention teams are not working at full capacity due to the pandemic, makes these organizations particularly vulnerable.
E-commerce merchants, now more than ever, need to be aware of current fraud trends, and should be having conversations with their partners and service providers to establish strategies to mitigate and prevent losses. Sellers should continuously take stock in the various fraud attacks being launched against them; they should understand which retail segments are more susceptible than others; and they should know from where that fraud is originating. This information, while continually evolving, will allow merchants to determine the areas of their fraud defenses most in need of bolstering.
Surging fraud methods
As the COVID-19 pandemic continues to affect commerce across the globe, fraudsters are using phishing emails and scam websites to bait victims, often referred to as “social engineering” fraud.
Fraudsters have used phishing emails for decades to obtain vital personal information from consumers to perform bank-account takeovers. Such emails have skyrocketed during the pandemic. Barracuda Networks, a security vendor, recently revealed phishing emails spiked 600 percent during a four-week period between the end of February and the last week of March. Brand-impersonation attacks accounted for 34 percent of those phishing emails.
At the same time, scam websites are increasingly becoming a problem. U.K. authorities recently asked internet service providers in the region to remove almost 300 fraudulent websites attempting to take advantage of consumers since the country went into lockdown on March 23.
Which sectors are affected the most?
During the last several weeks of the pandemic, certain retail sectors have been more susceptible to fraud than others.
With stay-at-home orders forcing consumers to limit physical store visits, food-delivery services and grocers are seeing an influx in overall demand and online orders. Forter, which supplies fraud-prevention technology to online merchants, says new accounts now represent 15 percent to 25 percent of all customer volume. Forter notes the increase of new online buyers creates an expectations gap, which traditionally results in increased service-chargeback rates.
Home entertainment options are increasingly in the crosshairs of scammers as well. Streaming platforms such as Netflix and Disney+ have seen an influx of new subscribers the past several weeks. Video game sales during that period, meanwhile, have reached heights usually reserved for the holiday season. Unfortunately, such trends also mean an uptick in payments-related fraud as consumers upgrade their entertainment options. At dLocal, for example, we’ve seen fraud increase 119 percent with gaming and streaming-entertainment companies.
Criminals also are turning to the website domain industry to perpetuate fraud. Fraudsters are buying new domains with catchy names related to products like face masks and hand sanitizer, and then creating fake websites to sell products that don’t exist. Such fraud has increased a whopping 340 percent in the last three months, according to dLocal data.
Which countries are affected the most?
Emerging markets like Mexico, India and Brazil have emerged as fertile geographies for fraud growth. Their susceptibility is owed to a variety of factors, such as a wide social disparity and loose anti-fraud laws.
Online fraud in Mexico has ballooned an astounding 263 percent during the last three months, according to dLocal data. The country faces a host of challenges in combatting fraud. For example, banks and merchants lack online tools to verify personal information, such as email or the physical addresses of consumers. Bank data is being compromised. Bank data is being compromised. dLocal recently found many fraud cases associated with multiple Bank Identification Numbers (BINs) suggesting that client data from certain banks or financial institutions has been compromised.
India also is experiencing its share of fraudulent activity during the pandemic. Based on dLocal’s data, we quantified a fraud increase of 111 percent over the last three months. And local authorities have reported an increase in scams related to free mobile-minutes recharges and fake cures for COVID-19. One scam even involved the fraudulent sale of India’s famed “Statue of Unity” in which the proceeds were said to go toward pandemic aid.
Brazil, meanwhile, is consistently ranked as one of the top countries for cyber threats, and identification and database leaks are a frequent occurrence. However, dLocal figures show just an 11 percent fraud increase the last three months.
What tools should merchants prioritize right now?
Merchants should take an inventory of what they need to combat these issues going forward. And it all starts with having a robust fraud-protection system in place that can easily be updated to handle new threats.
The cornerstones of robust fraud protection include, but are not limited to, machine learning capabilities, powerful early-alert systems, limit control and chargeback protection. The role of data is paramount in making these systems run successfully, enabling merchants to better identify and prevent fraudulent activity.
While the world is entering a period where lockdowns are beginning to ease, fraudsters will continue to use the pandemic to perpetuate criminal activity. E-commerce merchants should be focusing on their fraud defenses now and monitoring every single customer interaction for fraud. Merchants should also be speaking with their service providers to ensure they are protected. Because the threat isn’t going to go away; in fact, like any virus, fraud will mutate and evolve, underscoring the need for vigilance both today and over time.