Tis the Season of…Good Customers and Cybergrinches

E-commerce Holiday Trends: Navigating Customers and Cybergrinches

By Max Wolke, Head of Strategy at Fraugster.

This Christmas global supply chain shortages are pushing customers to secure their goods earlier than ever. This has led to a reported 78% of merchants and online retailers kicking off their promotions in early October. This is the e-commerce equivalent of hearing Christmas songs in the supermarket shortly after the end of summer.

But does the data back up our sense that Christmas is arriving earlier? And what trends can online retailers, payment companies, and fraud prevention vendors expect based on historical data? (The ghost of Christmas past). 

Fraugster’s historical data shows a 60% increase versus baseline transaction volume from late October to mid-November 2020. But consumers still wait for Black Friday deals to really open their wallets. In 2020 we observed a fivefold increase in transaction volume on Black Friday across our main verticals (consumer electronics, fashion, home fitness and sportswear, gaming, entertainment, media, and eGift cards). Cyber Monday was still up 183% versus baseline, but we can infer that most planned consumer spending had taken place in the preceding 72 hours.

Source: Fraugster Datalake (2020 Busy Season Data across all Merchants and Payment Companies).

Baseline = 100.

Interestingly, an overall increase in transaction volume over the Black Friday weekend also drove an increase in the overall proportion of good transactions. In other words, the overwhelming proportion of online shoppers are good folk out to fill their family’s stockings, not fraudsters out to fill their own pockets.

Source: Fraugster Datalake (fraud pressure or fraud rate out of tagged transactions by calendar week, 2020).

Although this looks like good news for merchants and payment companies, we need to remember that fewer bad transactions amongst a significantly higher total number of transactions doesn’t mean that fraudsters have settled into a warm armchair with a mince pie. In fact, many of them will be searching for weaknesses in the system whilst merchants are stretched managing peak volumes.

The key to capitalizing on the busiest period of the year is to balance your fraud rate with your acceptance rate, to ensure you are cashing in without exposing yourself to unacceptable levels of risk.

Don’t Insult Your Customers During The Festive Period

Blocking good customers trying to do their Christmas shopping can also be referred to as the Customer Insult Rate, and for good reason. It feels like a personal affront when our checkout process is broken off because a blunt and inaccurate rules engine has decided our purchase attempt is high risk, even when it is not.

A common example is someone attempting to purchase a family gift from their partner’s iPad using a joint bank account, late in the evening. A fraud engine spots a mismatch between the buyer’s name, bank account names, device ID, and the atypical time of purchase and blocks the transaction. Not only does frustration ensue, but over 60% of declined customers will leave to buy their item elsewhere and never return to your online store.

The biggest risk for merchants during the busy season is that they may not even be aware of these False Positives occurring. One of the ways in which you can rectify this is by checking to see the process by which your fraud prevention solution collects and analyzes the data provided.

The best practice would be to use a process known as data enrichment, where your risk engine takes the basic transactional information (Such as email and shipping address) and enriches them to reveal thousands of other interconnected data points that build a richer picture of the transaction attempt:

• The velocity of purchases made with a selected payment method (Credit Card, BNPL etc)
• The length of time between purchase attempts, (high frequency, repeat attempts at regular intervals could signal a bot attack or coordinated fraud ring)
• The device from which the purchase is being attempted, and if this device belongs to the buyer attempting the purchase
• The IP address, either if it is a high-risk IP or if the customer is IP hopping (which can be indicative of fraudulent behavior).

Once your online fraud solution has this information, it can make a much more accurate determination on the legitimacy of the purchase, minimizing the chances of a good transaction being rejected by mistake.

Keep out the Cybergrinches

Incoming Pressure is the percentage of attempted transactions that turn out to be fraudulent, and it is a critical metric to keep an eye on during the busy season. Why? Because a rise in incoming pressure is the best indicator for a weakness in your fraud protection. Once a fraudulent transaction proves successful, the fraudster promotes their breach to their network, creating a wave of incoming fraud attacks. If this happens, a merchant will need to decline more transactions before they can isolate the problem. More declines means lost revenue, at a time of year where merchants need to be cashing in. But the bigger mid-term concern is that fraud will have entered your system, remain undetected in the short run and multiply in the weeks following the busy season breach.

A particular vector of attack we have observed throughout 2021, and which we expect to feature this Christmas is in-store, curbside and, packstation pickups.These delivery options have become a consumer preference for customers who are unable to receive deliveries at home. But they are also a boon to fraudsters who have found a delivery loophole where they could make purchases with stolen financial information or identities and then have the items shipped to anonymous locations that do not require a personal shipping address.

Unfortunately for many merchants, it is relatively easy for fraudsters to circumvent rules engines that do not track packstation or locker IDs. So, instead of removing this delivery option from the checkout, merchants and payment companies still have time to include this data point to reduce the risk of this fraud use case.

Secure Your Holiday Plans Now

In summary, the key this festive season is to have the right insights and visibility in order to catch the first threat before it is successful – and halt the potential wave of fraud that could follow. This can be done through an approach called linking analysis and real-time data enrichment. It is recommended to identify harder to spot patterns that increase transaction risk by overlaying velocity attributes like: Email address, Customer name, Payment source, Shipping address, Customer ID, Device ID, IP address and similar transactions as a proxy for fraud risk.

The good news is that there is still time for your business to build the tactics into your holiday risk management plan to combat these new threats. Don’t let fraudsters ruin what is set to be the biggest online busy season of all time.