When there was a global pandemic, more people stayed at home. That meant that online business grew a lot, especially in banking and retail, education, streaming services, pharmacy sales, telemedicine, and other areas.
The UN Conference on Trade and Development said that by 2020, e-commerce would make up 19% of all retail sales worldwide. In the US alone, e-commerce sales grew by $105 billion, close to a 40% increase in Q1 2021.
Online fraud, such as cybercrime and scams, has grown at the same rate as the Internet. And as fraud has become more common, it has also become smarter. In Q3 and Q4 of 2020, 76 percent of all attacks were sophisticated retailers. These attacks are slower, but they are harder to spot because they try to act like people. And as fraud has changed, businesses say they have become less able to stop it.
Fraud will continue to get bigger and smarter at the same rate or faster than online business growth. The world’s governments are rushing to make the changes to cyber laws that are needed to hold fraudsters accountable, but the best thing to do is to stop fraud from happening in the first place.
What is fraud?
Fraud is when someone lies or misrepresents the truth to give up something of value or a legal right. Online fraud includes financial fraud and identity theft that happens through digital channels like websites or mobile apps. Usually, the person who does it hides information or gives out wrong information to trick the victim into giving up information, products, or money.
Both businesses and customers are hurt by online fraud. Businesses lose money and have to pass those costs on to customers. They also have to take precautions to ensure that every possible transaction is legal. That can make it hard for customers to prove they are not cheating the system.
How many different kinds of online fraud are there?
Cybercriminals are smart and come up with many different ways to scam people and businesses. When ways to find and stop fraud change to slow down or stop the schemes they use, they change their methods to get around the new detection method.
Cybercriminals can change and adapt when their methods are found and taken into account. This makes it hard for traditional fraud detection methods to find telltale signs of fraud.
People can commit fraud in two main ways: doing things by hand or using machines. Manual attempts are made by people who use the Internet to hack into systems or get the information they can use to pose as real users. Automated attempts are made by programming bots or emulators to access and use systems and information more quickly and on a larger scale.
Simple, repetitive tasks can be done quickly and on a large scale by bots or automated scripts. Emulators are programs that let desktop computers act like mobile devices. They are used on their own most of the time, but they can also be used together.
Here are some of these methods:
Account takeover (ATO)
Account takeover (ATO) uses real accounts and the credit card information and loyalty points stored (or stolen) in those accounts. A fraudster gets access to the account, makes purchases, uses or resells the goods, asks for refunds, or hits a merchant with chargebacks. Business e-mail compromise (BED), a type of ATO in which someone hacks into a business’s email account and sends money without permission, was still the most expensive type of fraud in 2020, costing $1.8 billion.
Fraud on new accounts
Attacks on new accounts, called “new account fraud” or “account creation attacks,” involve setting up new accounts with stolen credit card information and using coupons, loyalty points, and referral programs. They can then ask for refunds, and merchants are always responsible for chargebacks.
Checkout fraud
Checkout fraud also called “guest checkout fraud,” uses stolen credit card information and the “Guest Checkout” option on websites for customers who don’t want to sign up for an account. This lets thieves use stolen credit card information without going through identity verification checks. They often use bots to test stolen card numbers on a website automatically. Then, they manually use the same card information on different sites (sometimes weeks later) with discount codes to look like real customers. This is also called “card-not-present” fraud or “CNP fraud.”
What can I do to reduce the risk of online fraud in my business?
As new fraud trends come up, it’s important to look at your fraud data to figure out what’s happening and how to stop it.
The best way to figure out how big ATO, new account fraud, and other types of fraud are is to watch what each fraudster does. Look at their movements and actions for strange, non-human patterns. Look at everything, like how they type, scroll, move the mouse, use touch screens, hold the device, and put pressure on the screen.
This behavioural data adds to the data you already collect, which means you have to review it by hand less often.
Reduce Manual Reviews with Tools
Most fraud detection is done automatically, but human reviewers look at flagged sessions to see if there was fraud or a false positive. This slows down work and delays orders, especially if reviewers are looking at many sessions at once.
By using a fraud detection tool, you can see the behavior patterns that set off alarms. Fewer orders are flagged for manual review when automatic detection is more reliable. This lets reviewers focus on tougher cases.
Monitor Behavior to Detect Fraud Earlier
Fraud is hard to do. Payment fraud is harder to deal with than new trends like ATO because when payment fraud happens, the payer gets a chargeback and doesn’t lose any money. For more complex fraud, you need to know more about your data.
Fraud can be caught sooner by keeping an eye on user behavior data for the whole session. This catches fraud as soon as it happens, and the data collected helps improve fraud detection and lower the number of cases that succeed or need to be looked at.
Early detection cuts down on incidents and friction.
By shortening the time bots have to do credential stuffing, fraudsters are forced to explore and make money from an account by hand. This makes fraud attacks happen less often and have less of an effect. By looking at each user’s full journey, you can catch fraud early and reduce the number of times it happens on your site.
Also, accurate, timely detection and fewer false positives make it easier for real customers to get what they want and keep them moving quickly. It makes the user experience much better by cutting down on security events like CAPTCHA.