Most consumers don’t think about ecommerce fraud.
Until they become victims.
Eric Christensen, Chief Payments Officer/Vice President of Product at Digital River, told PYMNTS that for financial institutions (FIs) and merchants serving these consumers, the growth in eCommerce has opened up more opportunities for online fraud.
While the ratio hasn’t changed much (measured as the fraud to transaction ratio), the money lost to the bad actors is significant. Ecommerce losses from online payment fraud exceeded $20 billion globally in 2021, up 14% from the previous year.
And we’re seeing a shift in who’s trying to funnel the money.
As Christensen said, “It’s not necessarily the fraud conglomerates that are trying new things. It’s the individuals trying to figure out what they can and can’t get away with as they move to new e-commerce systems.”
One thing is certain: the fraudsters do not go on holiday.
And they’re turning their sights to some of the newer, wildly popular payment methods.
Christensen said that as more consumers become comfortable with the rise of super apps and digital wallets, it will open up more opportunities for the fraudsters to attack.
“We’re looking at how the fraudsters start attacking the sale now and pay space later,” he said. After all, it is the fastest growing payments that receive the most attention from criminals.
For the companies that have been attacked, waiting and reacting is never a good strategy.
Especially with the seasonality inherent in ecommerce, “the last thing you want to do during your busiest times is mess around with new fraud technologies,” Christensen says.
Retailers, merchants and businesses of all kinds, he said, need to find the “low” points in their seasonal spread — and use that time to adjust rules so they’re comfortable with their fraud protections when the company picks up.
Regardless of when the adjustments are made, Christensen said, businesses need to be aware of the balance between friction and the customer experience.
“Of course you could stop all the fraud, if you wanted to, by making the experience so horrendous that customers don’t come back,” Christensen said, somewhat ironically.
The better What you need to do, he said, is to build a holistic, multi-layered fraud approach — one that uses the rules-based guardrails of legacy systems and uses big data to uncover anomalies inherent in the transactions, and at the consumer level.
Read more: One-size-fits-all solutions can’t keep up with rising payment fraud
Christensen said data related to how devices are used, how consumers behave and how data is entered online could help companies create new, flexible rules that optimize fraud-fighting efforts.
That data, he said, could be as detailed as knowing whether consumers transact via iPhones or laptops, and even the geographic location where the devices are used.
The ways consumers type their information — directly into fields or “cut and paste” — can “tell” whether consumers are real or not.
Big data and machine learning can work together to collect information to help fraud systems make decisions without human intervention.
Rule optimization, Christensen said, can help get most orders through and reduce false positives — leading to a happy and satisfied customer population.
As the EU has rolled out two-factor authentication, the results have been mixed.
We are now in a better place than we had seen before the new regulations and multifactor authentication were first introduced a few years ago.
“It’s been a bumpy road,” Christensen said. There was not enough interaction between traders and regulators about what the rules and their impact would be. “We, as an industry, continue to look at new ways to improve engagement with the trading community.”
Christensen believes card brands and card processors have implemented the new rules inconsistently. The traders were kept in a waiting phase until everything was ready about the various parties ‘hit’ a trade.
“There was very little time on the part of the traders to ensure this would be a seamless experience,” said Christensen, who added, “so you continued to see delays in enforcement. It takes a lot of effort to get everyone on a queue, to get a payment transaction all the way through the system.”
See also: As regulators investigate BNPL practices, data privacy and localization rules come into play
“I think two-factor authentication is the right step for us as an industry. I think we need to do it more in the US and also keep moving forward.”
Looking ahead, fraudsters are not going to rest on their laurels. The question remains how long it will be before the fraudsters find more effective ways to bypass two-factor authentication.
As Christensen told PYMNTS, “we’ll always have to keep innovating because the fraudsters will keep innovating too.”