Scammers leave clues as fraud shifts online
While advanced payment technology has made it harder for fraudsters to pass off someone else’s credit or debit card as their own in stores, the rise of e-commerce has created a virtual playground for disreputable characters.
According to new research from Visa, card-not-present fraud, where transactions are conducted over the phone or online, now represents 78 per cent of total card fraud in Australia.
But even though Visa found that Aussie shoppers could be doing more to protect their personal and financial information – only one in four consumers uses a unique password for each account and just one in three uses a unique PIN for each card – it often falls on online businesses to detect fraud and pay the associated costs.
US-based digital commerce company, Stripe, today released a report revealing that on average, every $1 of fraudulent orders costs an online store an additional $2.62 and a mobile store $3.34.
But it’s not as easy as simply blocking seemingly sketchy transactions. As Stripe noted, fraud rates are still within a small percentage of overall shopping, and businesses should be cautious about refusing legitimate transactions.
So how can retailers differentiate good payments from bad ones? Stripe recently analysed several years’ worth of global fraud data and identified patterns by country, time-of-day and other behaviours, with the aim of helping businesses create specific strategies to combat fraud.
Fraud highest on Christmas Day
According to Stripe’s data, purchases from consumers in card-issuing countries, such as Argentina, Brazil, India, Malaysia, Mexico, and Turkey, are particularly fraudulent, although US, Canadian, and French cards are also susceptible.
In addition, fraud rates increase during the holidays and summer back-to-school season, but with some unusual characteristics. For example, fraud rates do not rise notably on heavy shopping days like Black Friday, but rather on days like Christmas, when most people aren’t shopping, but scammers continue to operate.
Stripe also found that while online traffic tends to peak during each country’s workday hours and plummet at night, fraud rates show the reversed pattern. This perhaps reflects the fact that fraudsters operate remotely around the world, conducting their activities during hours when regular customers are asleep.
Once a card is compromised, it tends to be used for multiple fraudulent transactions, which are often made in rapid order. In fact, consecutive charges happen ten times more quickly with fraudsters than actual cardholders.
Since delivery to the cardholder’s home or office remains a challenge with card-not-present fraud, scammers tend to target services, which don’t require delivery, rather than products. Most appealing services are performed immediately – before the charge has any chance of being detected and invalidated.
While payment processors are continuously feeding such findings into machine-learning models to improve anti-fraud software, new card technology promises to offer additional protections.
Visa last week released its ‘Future of Security Roadmap’, outlining its plan to combat fraud, including the growing problem of card-not-present fraud.
Its initiatives include the introduction of new standards for biometric identification, such as fingerprint and face recognition on mobile devices, and tokenisation, a process that would prevent consumer payment details from being compromised during a data breach.
Given the fact that 72 per cent of Australians would cease using companies if their financial and sensitive information, including card details, banks accounts or passwords were compromised (according to a recent survey by Gemalto), the future of security can’t come soon enough.
This story first appeared in issue 2170 of Inside Retail Weekly. To subscribe, click here.