By Sam Ranieri, Founder and Chief Executive Officer, Reach
The global online marketplace promises many lucrative opportunities for retailers seeking expansion beyond their own borders. In the wake of the pandemic, and the resulting shift to online buying, ecommerce sales hit $876 billion in the first quarter of 2021, a jump of 38% year-on-year. But this growth is not without cost. As almost all types of crime have been on a sharp decline over the last 18 months, fraud has skyrocketed by 159%, according to a report from risk management platform, Feedzai. As ecommerce is evolving rapidly amid huge consumer demand, fraud is evolving with it, becoming more sophisticated, and making it much harder to detect.
Just like payment methods, fraud incidences are also localized. There is no ‘one-size-fits-all’ global fraudster, with methods and patterns varying across payment channels, and regional markets. Unfortunately, for many small to medium businesses that are operating across borders, there is simply no capacity to respond to fraud in every locality where they operate.
This has a huge knock-on impact as brands attempt to resolve these fraud attempts by declining transactions. Indeed, international credit card decline rates are twice that of domestic declines, resulting in a significant volume of genuine transactions being cancelled.
Existing anti-fraud systems and rulesets aren’t agile enough to catch emerging fraud instances, leaving businesses exposed to even more financial losses, at a time when they’re under pressure to serve growing customer demand. Retailers are flailing around in futile attempts to stop multiple fraud attacks from all angles, as fraudsters swiftly sneak past them, hidden by new disguises.
A robust yet flexible approach to fraud is essential to react to emerging and ongoing fraud patterns around the world. Identifying how and where fraud attacks are coming from is vital if retailers want to protect their revenues and safeguard customer trust.
Do you really know your customer?
Emerging fraud method #1: Loyal customer, Blanche, always buys the same items from her favorite online store, and always with the same average basket values. Her buying pattern hasn’t changed in years. All of a sudden, she buys several large-ticket items in a flurry of online activity. This is a noticeable change of behavior that should sound alarms for the retailer because it could be an account takeover (ATO) occurring.
Over the last 12 months, ATO incidents have surged, quickly becoming a favored method of fraudsters. ATOs involve a customer’s personal data being stolen, their account being hacked, and purchases being racked up in their name. A rise of 650% in ATOs globally during 2020 illustrates how popular this method has become.
ATO is extremely difficult to detect, because the retailer has no way of proving that it was the verified customer committing the fraud, or an imposter using their verified details. The growth of ecommerce during the pandemic has scrambled previous fraud patterns that anti-fraud systems would use to warn of high-risk transactions, leaving retailers unable to determine what constitutes suspicious activity.
Why commit fraud when bots can do it for you?
Emerging fraud threat #2: Rose runs a niche ecommerce business. For years, her average customer sign-up rate has grown at a small, yet consistent rate. But within a few hours, her web platform experiences a staggering rise in new registrations, with thousands of new customers signing up. Rose is confused because she’s not running any special offers or promotions. What’s causing this surge in new customers? It could be a bot attack.
Bots take customer details (usually acquired via the dark web or data breaches) to infiltrate various entry points into a business. Bots create fake customer accounts, conduct ATO, and use stolen payment data to automate fraud via log-ins, transactions, and even loyalty point redemptions.
As more sales move online, fraudsters have more data sources to attack. Several data breaches have exposed millions of customer records, email addresses, log-in details and card data. This has created thriving illicit marketplaces where stolen details are bought and sold, and then used to create bot attacks.
The way that fraud shifts across regions is illustrated by data showing that, in 2020, Europe emerged as the top originating regional hub for bot attacks, overtaking Asia. This is an example of how retailers need to monitor the source of fraud and how it differs between regions. Once identified, clear, specific actions can be taken which will galvanize the most appropriate and effective response to minimize the fraud attempts.
The mysterious case of the missing delivery
Emerging fraud threat #3: Dorothy’s online business is doing well. With a steady flow of orders being shipped, she’s then alarmed when customers complain that their deliveries haven’t arrived or have disappeared from their doorsteps before they could get their hands on them. Disgruntled customers file transaction disputes for non-delivery, and even though she has proof that the items were dispatched to the customer’s address, the items have vanished. Now Dorothy is facing the financial loss of the item, and the loss from the resulting chargeback – not to mention, the reality of a disgruntled customer.
The fake refund, also known as return fraud, is being used by fraudsters with alarming success, particularly in the wake of the pandemic.
Return fraud typically involves someone stealing an item from a delivery address porch or doorway to request a falsified return. It can also take the form of a seemingly genuine customer ordering an item, and then falsely claiming that the item was stolen from their address. Most of the time, the retailer will refund the purchase with no questions asked, meaning the ‘fraudulent customer’ keeps both the product and the money from the refund.
An offshoot of this type of fraud that has also emerged recently is Fraud-as-a-Service (FaaS). This involves fraudsters persuading genuine customers to commit fraud by ordering items online, and filing a refund claim in exchange for a percentage of the money returned. Fraudsters and their customer accomplices will often exploit loopholes in a retailer’s T&Cs to achieve this.
Evolving fraud requires localized defenses
When businesses are trying to expand cross-border, their approach to fraud needs to be localized in the same way they would localize payment methods for each market.
Retailers may want to be ultra-cautious and tighten up their anti-fraud rules to block more fraudulent transactions. But this only serves to lock out genuine transactions, which could have been accepted if only a localized fraud approach was used. Around $146 billion in card-not-present (CNP) purchases are declined each year, but over half (52%) of these are genuine. If managed well, there is a huge upside in acquiring these otherwise declined orders.
Some regional markets are erroneously viewed with suspicion by retailers due to poor authorization levels. But tools are available that can help businesses analyze data in real-time, and verify genuine transactions by examining customer device locations, IP addresses, and log-ins from unfamiliar devices. Using this approach, retailers get a clear overview of who their customers are, and whether they’re legitimate or not. With that clarity, retailers can boost acceptance rates without compromising security.
Businesses can get the right balance of strong security and increased acceptance rates cross-border by working with the right Merchant of Record (MOR) provider that has deep local market experience and insight to ensure a seamless customer payment journey.
The MOR model offers unbeatable business benefits
There are other revenue-boosting benefits to working with an MOR provider. Whereas many payment providers promise the ability to process transactions ‘cross-border’, in reality, this leads to higher processing fees, higher decline rates, and more false positives that hurt acceptance rates. With the right MOR provider, the retailer can process transactions ‘in-country’ rather than ‘cross-border’.
For smaller businesses that can’t afford to establish physical operations in each market, the MOR model enables access to advanced, dynamic fraud controls strong enough to stop fraud in its tracks, with the flexibility and agility to head off new and emergent threats. This approach leads to more transactions being accepted, more fraud attacks being choked at the source, and a huge boost to the retailer’s checkout conversion rates.
Through the MOR provider, retailers are assured of compliance with each local regulator’s fraud mandates and protocols, along with an in-depth understanding of local consumer and fraud purchase patterns. Fraud models, data sets, and analytics are continually updated so as to keep a step ahead of the perpetrators of fraud.
This dynamic and intuitive approach to fraud, combined with the cost-effectiveness of processing in-country, not only protects the retailer, but is a springboard into even bigger revenues from an expanded global customer base.
Ultimately, MOR providers ease the many burdens that businesses face when growing globally, including taking on any potential liability from transactions, and ensuring compliance with local regulations. With this carefully crafted balance of strong fraud defenses and a smooth customer payment experience, the MOR model is the biggest springboard a retailer could have to extend their reach to new global markets.
Founded in Alberta, Canada in 2016, Reach is the premier partner for ambitious, forward-thinking online brands that want to connect with consumers around the world, expand their business, and increase global sales. Reach’s “in-country” solution takes advantage of its 20+ local acquirers, 80 payment methods, and 100+ currencies to deliver the local experience consumers expect.
Bringing consistency to cross-border currency conversions with its guaranteed FX solution, Reach has relationships with banks worldwide to enable local credit card processing, offers consumers alternative payment methods where they are accustomed to using them, and provides best-in-class fraud detection and prevention services.