When retail historians compile the definitive chronicle of this era, they will recall something remarkable: as merchants across the nation responded to the COVID-19 outbreak by shifting more operations online, two years’ worth of e-Commerce growth got crammed into two weeks.
Unfortunately, the rate of e-Commerce fraud also grew at a rapid pace.
How to explain that paradox? I would point to a couple of reasons. First, as social distancing measures meant to slow the contagion’s growth were put into place, new vulnerabilities were also introduced into the system. Second, as the economy shut down, the widespread financial strain left tens of millions of unemployed people suddenly stuck at home and vulnerable to fraudulent work-from-home schemes that were on the rise even before the pandemic.
All this comes against a backdrop of a breathtaking shift that’s under way, with consumers abandoning traditional brick-and-mortar stores to do their shopping almost entirely online. These new online shoppers have quickly turned into repeat e-Commerce buyers, leading to explosive growth for most sectors since late February. But, as merchants improvised to meet the needs of the moment, they also confronted new potential for fraud-related revenue leakage.
Let’s take a closer look how this is playing out and what technology — specifically artificial intelligence powered by data — can do to help merchants mitigate the growing fraud risks they increasingly face.
- Curbside Pickup/BOPIS Fraud
More retailers are rolling out curbside pickup with BOPIS orders (buy online, pick up in-store) to limit contact as a social distancing measure. The move also has a long-term benefit, as BOPIS is seen as a must-have tactic to remain competitive in the Amazon age. Yet these orders also need to be reviewed quickly to make good on the promise of speedy fulfillment. That accelerated fulfillment process makes identity verification challenging, even during normal times. It’s particularly difficult for merchants to identify bad actors if pickup orders come without delivery addresses, which might otherwise trigger an alarm if it turns out to be different from the cardholder billing address. Bottom line: Expect fraudsters to follow the trend and look to exploit BOPIS pickups where merchants may not require more than minimal proof of purchase.
- Touchless Delivery Abuse Risk
Touchless delivery is another protective measure to mitigate the risk of COVID-19 exposure. In order to protect the health and safety of their employees, both FedEx and UPS no longer require a signature on deliveries. DHL offers a contactless delivery option. However, without a signature as proof of delivery, bad actors may seek to exploit the emergency situation and file phony item-not-received (INR) claims. To be sure, porch theft exists and was already a major problem before the coronavirus. In fact, about 36% of 2,000 U.S. shoppers surveyed last year reported having a package stolen at least once, while 56% said they knew somebody who had a package stolen. And with the health emergency forcing touchless deliveries, it’s easier for someone to fraudulently claim they didn’t receive their order. In a recent consumer sentiment survey conducted for Signifyd by Survata, 8.1% of respondents admitted filing a claim saying an item never arrived even though it had. Another 6% said when they are not satisfied with an item they’ve purchased online, they keep the product and ask their credit card company to void the charge. With increasing financial pressure due to mounting unemployment, small and large businesses should expect the frequency of such questionable behaviors to increase.
- Triangulation Fraud
With nearly 15% national unemployment and people desperate to find ways to make money while sheltering in place at home, fraudsters have an opportunity to dupe the unsuspecting into working as accomplices. These work-from-home “mules,” as they are known, can place orders using stolen credit cards supplied by a fraudster and reship the ill-gotten goods to the fraud ring in return for products or payment. Or they can be one of many who go to local stores to pick up an order curbside, allowing fraudsters to scale a BOPIS scheme. Or, more elaborately, they can play a role in triangulation fraud in which a fraud ring works with the “mule” to open a bogus online store. The mule serves as the seller and accepts orders for the products the fraud ring has listed. The mule then forwards the order to the fraudster, who uses a stolen credit card to purchase the item from a legitimate retailer and have it shipped to the customer who ordered the item. The merchant that processes the fraudster’s order gets left holding the bag when the real cardholder realizes someone used their card number. With so many moving parts, the retailer has no idea something is amiss until it’s too late.
AI And Early Fraud Detection
It’s all the harder for merchants to get ahead of this problem if they don’t have the proper security measures in place. But many companies may still be relying on manual order flow and fraud review processes. Even during normal times, that would be problematic. But with employees now working remotely, order review agents may not be set up to view order data and shopper’s personally identifiable information.
This new calculus of considerations makes it clear that without cutting-edge technology by their side, retailers will bear the brunt as fraudsters gear up their activities.
This is where AI systems can help identify data patterns to combat these new fraud attempts. Even though e-Commerce may be the bright spot in the economy today, merchants are not necessarily set up to flag anomalies when it comes to analyzing the relationships among shipping addresses, credit cards, IP addresses and other signals that help identify legitimate customers and fraudsters. Their networks would contain information only from consumers who’ve shopped with them before, so they’re often one step behind when it comes to identifying fraudulent patterns.
Fraud detection involves a process where sophisticated systems can sift through massive amounts of data and spot the difference between good and bad transactions. While the system may not immediately know who the fraudsters are, AI can review an order against hundreds of billions of dollars’ worth of transactions across multiple industries and verticals, revealing good transactions and separating them from the bad.
For example, while a merchant may not recognize a new user with a questionable past, any historical data tied to someone’s device, IP or their shipping address is going to show up when machine learning systems look more deeply into existing connections, turning raw data into something meaningful to extract insights about customer behavior.
If there’s something amiss, the learning machine is going to pick that up. The more data that a merchant can access, the more confidence their system has about flagging anomalous behavior. I have no doubt that attacks against retail will accelerate. But while fraudsters will try every trick in their book to exploit the COVID-19 emergency by attempting to blend in with legitimate customers, their patterns are consistent over time and AI systems will sniff them out. When AI is properly deployed, they can run, but they can’t hide.
Swami Vaithi is VP of Decision Science at Signifyd, which provides an end-to-end Commerce Protection Platform to maximize conversion, automate customer experience and eliminate fraud and customer abuse for retailers.