The point of transaction is no longer the only place where merchants are vulnerable to fraud. As e-commerce offerings continue to grow and become more popular, so do the methods by which fraudsters learn to exploit.
New fraud trends indicate that fraudsters are growing more clever and looking to other areas of the shopping journey for their payoff. In Forter’s Fifth Annual Fraud Attack Index, we noted that there was a growing trend of Account Takeovers (ATOs), policy abuse, return abuse, and loyalty/point program abuse. Retailers are simply not protected at the early stages of their customers’ journeys to prevent fraudulent actions from occurring prior to the point of checkout.
Growing Fraud Trends
Over the last year, numerous high profile data breaches occurred (think Equifax, Uber, Google+ and Under Armour), and these attacks show no signs of abating. As a result, hundreds of thousands of individuals’ private information was surreptitiously released into the ether, at risk for fraudster foul play. And indeed, fraudsters rejoiced. There was a 31% increase in ATOs YOY as of Q3 2017. While the data breaches did not cause this rise in ATOs, they certainly contributed to the ease with which fraudsters are able to harvest data for later use.
The Urgent Risk of ATO
Why should retailers be concerned with the rise in ATOs? These types of fraud attacks are representative of a deterioration in the ability to protect customer data and the security of your overall site. ATO attacks occur when bad actors are able to gain access to legitimate customers’ private information and then leverage these accounts for further actions (specifically unsanctioned purchases). This type of fraudulent attack is a growing trend as fraudsters have discovered that there is far more value in leveraging a user’s account than there is in simple transactional fraud.
As such, retailers need to ensure that their customers will be amply protected. In most cases, retailers aim to ensure that customers are protected at the point of transaction. However, with the growing rise of ATO, retailers will need to turn to a more robust fraud & account takeover prevention solution, one that protects beyond just customer checkout.
If retailers are not prepared to cover ATOs and to protect their customers’ accounts with an account takeover prevention solution, they run the risk of destroying consumer trust in their business. Almost one-fifth (19%) of respondents in a KPMG survey said they would not shop again with a retailer if their personal information was hacked. Of those who would return, 51% would wait between three and 12 months before shopping with that retailer again. Those lost sales can be difficult to recoup and the damage to your brand reputation could be irreparable, essentially eroding customer confidence. Retailers must be cognizant that the lifetime value of their customers is vital to their long-term success.
Trends indicate that fraudsters are growing more sophisticated and are constantly able to adapt their fraud techniques. Policy abuse increased during the later quarters of 2017 by 93%. Forter alone saw more than 200K policy abusers in 2017. Policy abuse is the method ascribed to individuals cheating merchants through the use of discounts and coupon codes. This can take the form of the over-use of refer-a-friend reward programs, or in something as simple as creating multiple accounts to leverage discounts multiple times.
Return abuse also spiked in Q4 of 2017, increasing by 119%. This practice has become so widely abused by shoppers that some retailers, including L.L.Bean, Nordstrom, and even marketplace giant Amazon, have changed their return policies in order to combat this method of fraud.
As these new fraud trends indicate, the customer journey includes so much more than just the point of transaction and checkout. From the moment a customer logs onto a website, to redeeming loyalty points or entering a coupon code, their shopping journey is rich and simultaneously vulnerable to new methods of exploitation. Retailers, recognizing the growing need to stem these types of fraudulent attacks, will need to partner with a fraud prevention provider that can automatically, accurately, and seamlessly provide them with a solution to all of their fraud pain points… beyond just the point of transaction.