Why Is Reliable Fraud Prevention So Complicated?
We hear about it in the news all the time: fraud attempts are on the rise against e-commerce merchants, financial institutions, and even insurers and government agencies. When it’s your card number that’s been stolen or your business taking a loss, you may feel frustrated and wonder why stopping fraud is so difficult. Many people outside the fraud-prevention business and the most-targeted industries think that stopping fraud is mostly a matter of spotting lone thieves’ attempts to buy items with stolen cards. But online fraud is a big, organized business that takes many forms. Here are a few reasons why fighting fraud is an all-out digital war.
Fraud attempts happen all the time
Some of the most recent data on online fraud comes from the 2017 LexisNexis True Cost of Fraud Study, an annual report on survey data from nearly 2,000 fraud and risk executives with small, mid-size, and large companies in retail, e-commerce, banking, and finance. One of the most stunning findings is that as many as 43% of e-commerce orders during peak months are attempted fraud.
In other frequently targeted industries, as many as 31% of transaction attempts may be fraudulent. That’s a tremendous amount of fraud to scan for, detect, and prevent. Merchants must accomplish all that within a window of a few seconds or minutes, to prevent antagonizing good customers who don’t want to wait for their orders to be approved. And merchants must screen out fraud without accidentally canceling valid orders because these “false declines” cost retailers more than actual fraud does—and they often cause those good customers to stop shopping with those merchants.
Innovation opens new fraud pathways
Anything that makes things easier for consumers often creates opportunity for fraudsters, too. The rise of online shopping, mobile shopping, digital gift cards, and buy-online-return-instore policies among multi-channel retailers have all opened pathways that fraudsters exploit. This doesn’t mean innovation is necessarily detrimental, but it does mean that innovation should always include fraud-reduction planning and practices.
Another way that innovation has made fraud easier is the rise of bots, which can be used to automate many digital tasks, including fraud. From 2015 to 2016, botnet fraud rose by 47% in the digital space overall, and by 87% in luxury-goods online retail. The 2017 LexisNexis survey found that botnet fraud continued to rise during 2016. By programming bots to do their bidding, fraudsters can test stolen card numbers to see which ones work, make purchases, and even hijack consumers’ accounts, rapidly and on a large scale.
Fraud is a big, complex business
The sheer scope and complexity of fraudsters’ operations can make it difficult for consumers, merchants, and banks to spot fraud, even for people who are security-savvy. A case that illustrates the complexity and challenges involved includes a fraud-prevention expert whose driver license number was compromised in a recent consumer-data breach.
A thief used the number to craft a fake license with the victim’s name but the fraudster’s picture. Armed with this official-looking document and the victim’s other data, the thief opened a cable television account at his address under the victim’s name. Surprisingly, the thief paid the cable bill—but only because he was playing a longer fraud game than free television.
The fraudster took a copy of the cable bill and his fake ID to the victim’s bank, where he changed the address and other contact information on all his victim’s accounts. Now this fraudster, who looked legitimate to the unsuspecting teller, had control over all his victim’s bank accounts, except for password-protected online access. The thief ordered paper checks on the victim’s account and used them all over town. The bank’s fraud screeners flagged the unusual spending pattern, but when they called the victim to verify the check transactions, they reached the thief, because he had changed the account contact information.
Finally, the thief took the scam too far, by going back to the bank and asking to withdraw funds without a bank card. The bank manager, who knew what the victim looked like and who was suspicious of the fraudster’s signatures, realized the updated contact information was bad and searched through old emails to find a valid way to reach the victim. The scam was stopped after losses of a few thousand dollars. But, as the victim pointed out, he was almost certainly not the only target – that fraudster alone could have had multiple victims at once, and he was likely operating as part of a wider criminal network.
This case shows that fraud prevention requires dedicated resources, trained personnel, multiple layers of protection, and strong relationships between clients and customers. Just as Neighborhood Night Out events in US cities each year build connections between neighbors and local law enforcement to reduce property crime, fraud prevention requires awareness, cooperation, vigilance, and proactive strategies to protect consumers and the businesses that serve them. Fraud isn’t going away, so we need to be smart about stopping it.
Rafael Lourenco is Executive Vice President at ClearSale, a Card-Not-Present fraud prevention operation that protects e-commerce merchants against chargebacks. The company’s flagship product, Total Guaranteed Protection, is an end-to-end outsourced fraud detection solution for online retailers. Follow on twitter at @ClearSaleUS or visit https://clear.sale/.