Ecommerce Fraud Trends to look out for in 2021

There’s no denying that COVID-19 has had a huge impact on retail this year and is expected to continue to do so throughout 2021. Retailers who once only had brick and mortar stores have been adjusting their sales channels as fast as possible and perfecting their customers' ecommerce experience.

According to the Forter’s Fraud Attack Index during the first months of national lockdown, new customer online accounts increased fivefold, hitting a peak of 30% of all online transactions. This then stabilised to 10-15% of all online transactions, which is still double the rate it was pre-Covid.

However, while the world has been adhering to lockdown and social distancing measures, working from home and generally slowing down to cope with the pandemic, fraudsters haven’t been. 

COVID-19 has certainly been an opportunity for criminals to take advantage of the new online retail environment as well as changing online consumer spending habits.

Ecommerce Fraud Trends Statistics

According to Sift’s COVID-19 and E-Commerce Fraud Tracker payment fraud spiked at the beginning of the pandemic and continues to do so at extremely high levels, particularly among the financial, travel and events industries. In 2019 alone, before the pandemic struck, fraud was costing the global economy £3.89 trillion whilst in the UK, this amounts to approximately £130 billion each year.

Fraudsters are also targeting mobile payments, potentially due to the change in the way people are making payments whilst out and social distancing, therefore, merchants should be aware that fraud can happen at any time and anywhere and should make it a priority to be protected.

The Forter report, mentioned earlier, also found that Buy Online, Pick-up In Store (BOPIS) fraud rose by 55%, money services saw 65% more fraud attacks and there was an increase in identity manipulation, where fraudsters use stolen PII (Personal Data) to conduct attacks, by 123%.

Fraudsters are using phishing emails and scam websites more than ever before to trap their victims. Figures from Barracuda show that phishing emails spiked 600 percent during a four-week period between the end of February and the last week of March 2020. Brand-impersonation attacks accounted for 34 percent of those emails.

Meantime, scam websites (which essentially look realistic to a consumer)  are increasingly becoming a problem. According to Info Security, U.K. authorities recently asked internet service providers to remove almost 300 fraudulent websites attempting to take advantage of people since lockdown in March. 

Ecommerce Fraud Trends in 2021

1. ​Voice commerce

More and more retailers are turning to voice commerce to better serve their customers who now expect the convenience and speed of asking ‘Alexa’ or ‘Siri’ to complete purchases for them using their voice. However, with this new technology comes the risk of fraud. It’s in its infancy, meaning voice-enabled shopping is ripe for fraud and other security vulnerabilities. One particular example is when Amazon sent recordings made by its Alexa voice-activated assistant to the wrong user, therefore retailers should err on the side of caution when using voice commerce.

2. Omnichannel shopping

Consumers are increasingly engaging with retailers through multiple channels including social media, by phone and in store, using multiple payment methods and devices. This presents a number of challenges to retailers, including: increased exposure to risk and greater complexity around fraud management. The types of omni-channel fraud include;

• Card-not-present (CNP) fraud.

• Cross-border or cross-channel fraud.

• Click-and-collect fraud.

• Card-testing fraud.

• Return fraud.

• Mobile payment fraud.

Businesses looking to use an omnichannel approach should look into ways they can protect customer data,  accounts, and sensitive financial data, on top of protecting their physical and digital assets.

3. Dynamic pricing

Dynamic pricing is a strategy in which product prices continuously adjust, sometimes in a matter of minutes, in response to real-time supply and demand. While this might be effective for retailers, the flip side is there are tech-savvy consumers out there and it’s quite easy for them to log in from different IP addresses. These consumers may be able to take advantage of companies whose prices vary depending on the location of the buyer.

4. Mobile commerce

According to figures, mobile fraud attempts more than doubled from 2018 to 2019. Fraudsters see m-commerce as a lucrative opportunity, because many retailers haven't adapted their fraud prevention practices for the smaller screen and they aren’t keeping up with the ways that cybercriminals work. Types of mobile commerce fraud could include:

• True Fraud: This occurs when stolen credit and/or debit card details are used successfully to complete a transaction.

• Account Takeover Fraud: This occurs when a fraudster gains access to a customers online account and masquerades as a customer.

• Chargeback Fraud: This occurs when a customer completes a transaction but then intentionally utilizes the dispute process in order to get their money back whilst retaining the goods.

5. Open banking

The new-found freedom afforded by open banking has come at a cost. With added convenience comes complacency. Only now are companies beginning to step up and secure their online spaces as consumers have been made aware of threats such as phishing, which not only threaten their bank account, but financial providers.

6. Buy now pay later

More and more consumers are starting to shift their preferences away from credit cards, particularly among GenZ and opting to pay for goods using Buy Now, Pay Later (BNPL) solutions offered by companies like Afterpay, Klarna, and SplitIt. But with them does come a risk of fraud. For example, fraudsters are using stolen debit and credit card details to create accounts and complete unauthorised purchases. The simplicity and increasing adoption of these payments can leave merchants exposed and vulnerable to fraud losses, therefore, it’s crucial for merchants to follow best practices and keep themselves one step ahead of criminals.

7. Wearables

Although wearables, such as smartwatches, streamline the checkout process and also create new customer experiences, the risk of fraud is high. They hold a tremendous amount of sensitive personal and financial information on them which is then passed from device-to-device, device-to-cloud and wrist-to-wrist, putting consumer privacy and security—as well as business data—at risk.

8. APMs

Alternative payment methods (APMs), such as e-wallets and digital wallets are becoming more and more popular as a way for consumers to make transactions. Part of this is down to the rise in mobile commerce, as already mentioned above. However, APMs can be taken advantage of by fraudsters that have the credit card information of their victims.

Fraudsters can insert the card details into their own mobile wallet even if their names don’t match. Despite measures taken by Apple and the like to make integration more secure, fraud may still go undetected. As a merchant, you want to be able to offer a wide array of payment options at your online checkout but it’s vital that you invest in anti-fraud protection or fraud screening services in order to improve customer service and keep consumers safe.

Other Ecommerce fraud trends to look out for in 2021:

It is crucial to understand the way fraudsters work online in order to deceive users and corporations:

1. Business e-mail compromise

This type of scam is aimed at businesses who make wire transfer payments. The fraud starts by seeking out legitimate business e-mail accounts and compromising them through social engineering or special software that allows intrusion, with the goal to make illegal money transfers.

2. Data breach

This is where information is usually stolen or copied from a database.

3. E-mail account compromise

This is aimed at the general public as well as professional people. Criminals use the compromised email account to transfer costs to a fraudulent location.

4. Malware/scareware

This is software that is developed to break into computers and computer systems in order to damage or disable them.

5. Phishing/spoofing

This involves criminals forging emails in a way that makes them appear almost exactly the same as legitimate business emails.

6. Card Testing Fraud

This is a type of ecommerce fraud, which is sadly, one of the risks of doing business online. It often involves malicious actors attempting to authorise or make small payments from numerous stolen card details, to determine whether the information they have obtained is valid. Often these attacks are automated and will result in hundreds (or thousands) of declined payments on your account. These attempts may attract a fee from your acquiring bank.

7. Chargeback fraud

Where a customer orders something from your store using their own credit card, and then requests a chargeback from the issuing bank after receiving the goods or item that they have purchased.

8. Ransomware

This is a type of malware which aims to disable valuable data or systems. Once the victim discovers they cannot gain access to the data, they receive a demand from the criminal to pay a ransom to regain access.

Protecting Your Business Against Ecommerce Fraud

So, how can ecommerce retailers spot fraudsters and protect their businesses? Below are some examples of suspicious behaviors which can indicate potential fraud:

• The shipping address and billing address differ

• Several cards used from the same IP address

• Multiple small orders within a short time frame

• Unusually large orders

• Multiple orders to the same address with different cards

• Unexpected international orders

• Noticing multiple failed login attempts

• Logins from new devices

These are all potential warning signs of fraud and also highlight how difficult it is to fight fraud. Denying legitimate transactions can cost as much to your business as accepting a fraudulent transaction. Therefore, it’s vital you Invest in the right resources to investigate the red flags before it’s too late.

1. Perform A Security Audit

There’s no denying that it is a huge challenge for companies to know how to safeguard against online fraud. Carrying out a security audit is perhaps the first step to determine where the weak points exist. Once you identify and fix those vulnerable points, it’s less likely for cybercriminals to carry out online fraud, e.g. malware that demands a ransom paid to restore file access.

2. Monitor your account

Ecommerce payment providers like Opayo usually provide a portal through which you can monitor your ecommerce payments activity in real time. Common fraud prevention checks include address and postcode verification (AVS), card security code (CV2) and IP address checks, alongside two-factor authentication from 3D Secure. Keep an eye on activity, and take action to block fraudulent actors. Use fraud screening information to help determine if a transaction is legitimate or fraudulent before you dispatch your goods, and set up rules / conditions on your account for added protection.

3. Implement a Company-Wide Password Policy

If you implement a company-wide password policy this will put you on the right track to protecting your business from online fraud

• Set strong passwords that are long enough and do not use words found in the dictionary

• Make sure employees don’t share passwords with colleagues or use the same passwords across multiple sites.

• Enable two-factor authentication which requires password users to have knowledge of the correct string of characters or possess a temporary access code before they can gain access.

4. Understand the Signs of Online Payment Fraud

Payment fraud does not always consist of large transactions; it could be several smaller payments or repeat attempts made over time. In order to spot strange transactions, it is worth investing in machine learning software that learns the characteristics of normal account activity and alerts you when things aren’t quite right. This will save you time and money in the long run.

5. Educate Employees About Online Fraud

Company leaders should encourage their employees to understand online fraud and make it a top priority. This starts with training all employees to know what might constitute online fraud. Some fraud attempts take advantage of people, claiming they can win free things or get complimentary access to expensive software if they provide some information first. Some fraudsters claim to be from particular businesses urging people to give details to stay compliant with certain organizations.

6. Do Not Rush

Some companies rush to meet the needs of their customers without checking to see if a request is fraudulent which could then have a devastating impact on their business. Businesses should ensure they evaluate any online requests, especially if there is exceptional urgency.

Conclusion

Looking ahead to 2021, there’s never been more of a need for ecommerce businesses to invest in technology to prevent fraud attacks taking place. Especially in light of the COVID-19 pandemic.

New software is constantly being developed with the main purpose being to protect and fight against ecommerce fraud. Here at Opayo we can help you to take the necessary precautions to protect against it for your business. Whether you're accepting payments over the phone, online or in person - we've got a range of solutions to fit your needs. Contact us to find out more.