There are a lot of reasons to be vigilant between now and the year 2020. Online payment fraud will continue to be a threat. And gift card scams will still cause some headaches. For example, card-not-present (CNP) transactions accounted for 60% to 70% of all card fraud in many developed countries. This was based on a 2016 report from Juniper Research. And that's only one jaw-dropping statistic.
We looked at Juniper's findings and compared them Worldpay's 2016 report on ecommerce fraud. It painted a great picture when we aggregated both data. That's why decided make it available for you in this post. Here, you'll learn about the different causations in online payment fraud. You'll also learn about the affects in merchant losses. There's a lot to learn about the state of fraud in 2020.
We Have the Data
And we compiled it all into breathtaking (and informative) ebooks and guides. Feel free to check it out.Let me see.
Lil’ Anecdote on Both Reports
Juniper Research’s report delves into the market of ecommerce fraud, methods for overcoming challenges, and a vendor assessment. Worldpay’s report provides both quantitative and qualitative research from ecommerce merchants regarding payment fraud.
I. Current State of Online Fraud
Merchants in the United States are overwhelmingly targeted by fraudsters. In September 2014, the US experienced 52% of total attack volume. The United Kingdom, China, and the Netherlands only experienced 9%, 8%, and 6% of attack volume, respectively.
Airlines were the most affected ecommerce merchants of fraudulent transactions. Nearly half (49%) of fraudulent transactions came from airline merchants. Money transfer companies were in second place. But money transfer companies received 17% of fraudulent transactions.
General and clothing retailers received 16% of fraudulent transactions when you put them together. And electronic merchants such as Best Buy received 14% of ecommerce payment fraud.
II. Potential Causes for Growing Online Fraud
Payment fraud affects both CP and CNP merchants. But it’s astoundingly more prevalent in CNP transactions. Revenue losss-to-Disputes for CP merchants are 3 bps. Howver, CNP merchants losses had exceeded 38 bps.
What’s behind the astounding CNP payment fraud rate? Juniper points to five main driving forces: ecommerce growth, increasing money flows, use of mobile payments, frequent data breaches, and the post-EMV CNP fraud influx.
The aforementioned driving forces make sense for growing rates of true fraud. But that has little relevance when it comes to the types of fraud responsible for over 70% of fraud losses. Research from LexisNexis (and some of our internal data) continuously shows that the misuse of chargeback rights is the leading cause of fraud losses. This is true while fraud committed by identity thieves and other criminals account of less than 30% of the merchant's overall fraud losses.
That 70%> statistic brings up a good question. Why are consumers misusing their chargeback rights more frequently? And why does it result in increasing rates of online fraud? This rise is contributed by chargeback fraud and friendly fraud. Several of its factors include the (increasing) ease of disputing a charge. There's also the fear of falling victim to fraud. And there's an increased consumer awareness of their chargeback rights. Also, that awareness may have resulted in cardholders misusing their rights. Another factor that's worth noting is the increasing difficulty for merchants to identify, aggregate, and submit compelling chargeback responses.
Ease of Initiating a Dispute
Cardholders must contact their issuer in order to dispute a transaction. Before online banking, this would involve calling, mailing, or faxing your issuer. But those channels were time-consuming and arduous for cardholders. They would only dispute if they were fairly certain that the transaction was fraudulent.
Now, online banking has transformed how cardholders access their bank statements and account activities. Credit card statements are no longer only a monthly occurrence. Cardholders can view their purchase history in real-time and know when pending charge hits their account.
A cardholder's purchase history will be displayed in their issuer's online portal. Every line contains a merchant descriptor. And issuers like Capital One include relevant information that regard to a specific transaction. All of this information can be viewed and disputed with a click of a button. It makes you wonder, how easy is it to commit chargeback fraud?
A cardholder clicks on “File a Dispute”, answers a couple of questions, and that's it. The issuer will then review the dispute to determine if a chargeback is warranted.
It’s never been easier for cardholders to dispute a charge. As a result, it’s likely that they'll dispute via online banking for its convenience. After all, why waste time faxing a dispute, where you can perfectly dispute online with no friction whatsoever?
Consumer Fear of Falling Victim to True Fraud
It’s not just merchants who understand that fraud is a growing threat. In 2014, identity theft was the number one concern expressed in the Consumer Sentinel Network. This is a Federal Trade Commission database that analyzes consumer complaints. Among cases that related to identity theft, 17% represented situations where thieves tried to use stolen personal data to commit credit card fraud.
It gets worse. Consumers in the United States had very little faith in the issuers’ ability to protect their information. A 2014 survey from Pew Research Center revealed that just 9% of Americans were “very confident” that their credit card issuer would keep their data secure. At the same time, 29% of respondents said they were “somewhat confident”.
This clearly shows that consumers are fearful of credit card fraud. That motivates them to act swiftly in order to report any transactions that seem mildly suspicious. As a result, it creates more instances of disputes for transactions that were actually authorized by the cardholder in the first place!
Increased Awareness of Chargeback Rights
It can be argued that the rise ecommerce fraud would not have happened without chargeback rights. Chargeback rights provide cardholders with the necessary foundation of trust and faith onto the issuer. This assures cardholders that they can use their cards without fear of liability. These rights were first guaranteed by federal law aimed at protecting consumers. And it has now extended to each major credit card company.
Again, before the digital age, a cardholder would have to sift through hundreds of pages of terms and agreements documents to learn about the scope of these rights. Nowadays, card networks developed their own zero liability guarantees. It's used as product differentiators in advertising and marketing messages that are targeted to consumers. They are now more aware of their rights when they make a purchase with their credit card.
We recently surveyed customers who actively participated in a returns process. It turns out the majority of respondents knew what it meant to dispute a charge on their credit card. And roughly 21% of respondents were unsure if they had ever disputed a charge.This may be because these response were unaware of their chargeback rights.
Merchants are at a disadvantage when it comes to customer disputes. This alone could contribute to the rise of successful chargeback fraud and friendly fraud.
III. Types of Fraud Ecommerce Experiences
The Juniper Research study outlined different attack methods that were used to target ecommerce. All but one of these methods were potential causes of true fraud. But losses from true fraud represented 29% of total merchant losses.
Methods Resulting in True Fraud
You'll find the most popular ecommerce attack methods below. We ranked them in order of prevalence. And clean fraud takes first place:
- Clean Fraud – Clean fraud is when the fraudster managed to steal every piece of data in order to complete a purchase. This helps bypass some of the merchant's preventative solutions.
- Account Takeover – A fraudster gains access to a cardholder’s funds by adding their information to the account. Or the fraudster may have changed information like the address and email.
- Identity Fraud – This is the fraudulent acquisition and use of sensitive personal information to conduct numerous crimes. One of those include payment fraud.
- Affiliate Fraud – This is the fraudulent use of a company’s lead or referral programs to make a profit.
- Reshipping – A fraudster uses an unknowing participant (or “mule”) to package and reship merchandise. This was all purchased with stolen credit cards.
There are many sub-methods used within each attack method. Some examples that Juniper provided were botnets, phishing, whaling, pharming, and triangulation. These are the most commonly used methods of apprehension.
Methods Resulting in Chargeback Fraud or Friendly Fraud
Juniper says that the root of the cause for over 70% of fraud losses was friendly fraud. That may be correct. But it’s only half of the story. It's actually the misuse of chargeback rights that was responsible for the majority of losses in fraud. Friendly fraud and chargeback fraud are basically its beneficiaries.
Both types of fraud result in the merchant receiving a chargeback. The cardholder may deny making the purchase or receiving the order. But the goods or services were actually received by authorization.
Let's clear things up. Friendly fraud is when an order may have been placed by a family member. And that person is authorized to use the credit card. There's another scenario of friendly fraud that can take place. For instance, the cardholder failed to recognize the merchant descriptor or simply forget about the purchase. It's important to remember that friendly fraud does not involve intentional misuse of chargeback rights. It's more of a misunderstanding of said rights.
Chargeback fraud is a whole other scenario. Here, the cardholder willingly (and intentionally) takes advantage of their right to dispute a transaction. He or she wants to retain the goods or services and get their money back. Chargeback fraud is essentially online shoplifting.
Need to Handle Chargeback Fraud?
We did a Q&A with a lawyer from Pasha Law PC. And he provided great advice (and caution) for merchants who are considering to prosecute chargeback fraudsters. Read more.
What About Friendly Fraud?
We have you covered. There are five ways to detect friendly fraud. It's easy to use and it'll protect your revenue from the most mundane chargebacks. Read more.
IV. Actual Costs Associated with Fraud
Ecommerce lost nearly $7 billion to chargebacks in 2016. That's expected to balloon to $31 billion by the year 2020. That's what Nilson Report predicts.
But merchants are losing much more than the transaction amount. They’re also losing money from shipping and the insurance costs associated to the fraudulent transaction. It doesn’t stop there. Merchants surrender more revenue to in order to invest in fraud-prevention solutions. There's also cost in manual reviews, false positives and chargebacks.
Cost of Fraud Prevention Solutions
Fraud losses aren’t increasing due to a lack of fraud prevention. LexisNexis’ True Cost of Fraud 2016 study showed fraud losses are increasing, despite companies investing more in fraud prevention. Ecommerce merchants lost an average of 1.39% of revenue to fraud in 2015. Only about $115,000 was spent annually on fraud mitigation.
Cost of Manual Reviews
Juniper found that manual reviews are still widely used by ecommerce merchants. But that doesn't stop hundreds of thousands of dollars being spent annually on fraud prevention solutions. Large merchants manually reviewed around 7% of all orders. And small merchants reviewed around 42% of all orders. Overall, the average manual review rate showed 27% and 2.3% of those orders being rejected.
Cost of False Positives
False positives are a huge contributing factor in fraud losses. It's even larger than true fraud losses itself. False positives, or legitimate transactions that are declined, run rampant in ecommerce. Financial institutions authorize over 96% of card present transactions, while less than 80% of card not present transactions are authorized.
In 2014, $118 billion in revenue was lost to false positives. Around $9 billion was lost to actual payment card fraud. Furthermore, the false positive decline rate is over 3 times the rate of existing card fraud.
Cost of Chargebacks
Payment processors and acquirers tack on chargeback fees. This results in more losses than the initial transaction amount for the merchant. The acquirer will settle the funds collected less their processing fees, network fees, and interchange fees. Individual chargeback fees range from $5 to $30 per chargeback. However, merchants can incur fees in upwards of $500 if disputes escalate to arbitration.
But merchants aren't just responsible for chargeback fees. They’re also losing the hours spent on crafting chargeback responses. Let's not forget the additional hours of communicating with their payment processors and/or acquirers about the disputed purchase. How much revenue is your time worth? Come to think of it, what opportunity costs are you incurring by not spending your time elsewhere?
V. How Merchants Approach Fraud
Worldpay’s study revealed a general consensus among merchants. Basically, the more data they have, the better. Data points like Device ID are essential because they’re rich sources of insights. And it's collected without creating friction in the customer experience.
More data translates into better transaction risk assessment. And external data sources are even more valuable. Unfortunately, these external data sources such as device and behavioral information are not readily available within a business.
Data: An Aspirational Fraud Combatant
However, merchant’s also admitted the plethora of data available isn’t being fed into their fraud system. But they feel that there is always more data that could be used to fight fraud. And that goes for any business that deploys real-time risk assessment.
Worldpay found that 58% of respondents know there’s lots of useful customer information within their business that’s not being used to fight fraud. In addition, respondents felt strongly that they could do more to prevent fraud. Some of which includes creating fraud feedback loops to make their data readily available. One of the respondents in Worldpay’s survey said, “[Often] the information is all there, and I could have told you it would result in a chargeback, but we did not have the data points.”
There are some specific approaches that merchants plan to use now or in the future. Social media is a valuable external source for customer information. And machine learning could put data into some good use to prevent fraud.
Over half of respondents (52%) in Worldpay’s survey indicated they would like to make better use of social media data. Almost 60% of respondents already use social media for fraud review processes.
However, its inclusion is often limited to the manual review process. Social media is viewed as time-consuming and largely subjective. But those who perform manual reviews typically make assessments to validate an identity. Some factors include photos, conversations, and posts.
Another way merchants are using social media data is through social logins. The majority of merchants ( 56%) reported that they would place greater trust in a customer who used social logins. But that's only if the profile is valid. That's difficult to prove without robust, automated means to determine profile validity.
Worldpay concluded that usage of social media data in fraud mitigation is still informal. But it can still be useful. Especially when merchants have formalized, consistent, and time-efficient processes to harness it.
Merchants largely agree that automating data analysis is useful for uncovering underlying trends that indicate fraudulent behavior. Machine learning can seek out customers who ‘unusually’ behave with a merchant. This technology can provide suspicion scores, rules and visual anomalies. This can been done, which makes it a great fraud prevention solution.
But be warned. Machine learning is meant to indicate the likelihood of fraud. Merchants understand this. But awareness does not equal to favorable causation. Yet merchants find considerable value in what’s uncovered. One respondent from Worldpay said, “We get things popping up in big data that no one would have thought to ask.”
However, there is a significant cost-benefit challenge for small- and medium-sized merchants who seek machine learning for fraud prevention. “If your business experiences $1,000 in fraud losses each year and it would cost $3,000 per year to purchase fraud detection software,” writes Armando Roggio of Practical Ecommerce. “It might make more financial sense to suffer the fraud losses and move on.”
VI. Fraud in 2020
What does the future hold for online payment fraud? We already know that ecommerce is expected to lose $31 billion to chargebacks by 2020. As such, 93% of fraud and payment experts say they're planning ahead to invest in new technologies. That's based on the results from Worldpay’s survey.
On the Business Level
A lot of respondents seem to be looking into the future. But 63% of respondents felt completely in control of how fraud might impact their business in the future. They know that ecommerce companies are deploying better fraud detection solutions. However, fraudsters are cooking up ways to bypass those safeguards.
Businesses understand the need for a portfolio of techniques to identify fraud. Items like Device ID are increasingly being paired with other aspects of user identity and the online journey. One respondent in Worldpay’s survey said, “The future will be much more data-driven. The decision has to be a yes or no and move on.”
However, the strides towards collecting large volumes of data and increasing automation does not mean an end to manual reviews. There is still an importance placed on manual reviews for high-risk transactions, where human interpretive and analytical skills are paramount. Worldpay concluded that effective fraud prevention strategies use machine learning not only to automatically approve or decline legitimate or illegitimate transactions. But to also focus human resources on only high-priority cases.
Fraud’s Macro View
The Juniper Research study provided a more macro look at fraud in the future. Every party impacted by fraud understands the need for a collaborative approach to handling ecommerce fraud.
Unfortunately, existing legislation does not foster a collaborative approach. Instead, each party is trying to pass the fraud liability to a different party downstream. Merchants, issuers, acquirers, processors, and service providers need to take a shared approach and commitment to combat fraud. This need crosses enterprises and industries altogether.
The rising tide of ecommerce sales is also lifting the ships of fraudsters. Your company needs to be prepared from the very moment you start the transaction process. And we’re here to help. Feel free to contact us, so that we'll have a thorough talk about your needs. We're ready for the future. And we want to make sure that you're ready, too.