Fraudulent payments are 40% more likely to occur in ecommerce than physical stores, according to LexisNexis Risk Solutions’ “True Cost of Fraud Study: Ecommerce and Retail Report.” Published March 27, 2024, the 14th annual study found digital wallets, payment apps, buy-now-pay-later plans, and cryptocurrencies account for one-fifth of all payment fraud.
Based on a survey of 346 risk and fraud executives in the U.S. (272) and Canada (74), the study revealed a 60% increase in attacks in 2023 compared to the previous year, led by fraudulent chargebacks and identity theft. Researchers advised that AI technologies are the best defense against these attacks.
“Advanced real-time transaction verification solutions using artificial intelligence and machine learning are especially crucial as they work in the background to help prevent fraudulent transactions with minimal impact on customers,” researchers wrote, emphasizing that these advanced technologies are the best defense against widescale, automated attempts.
High Cost, High Volume
Researchers noted that fraud is expensive. Fees, fines, and the cost of replacing products make every sale lost to fraud approximately three times more than its original value. These costs will only multiply, they added, as fraudsters continue to exploit weaknesses in back office and payment processing systems.
The report identified the top three attack schemes for all merchants (online and in-store): synthetic identity fraud, payment card fraud, and malicious bot attacks. Researchers also found that card-not-present fraud (25%) outranked all other forms of payment fraud, including counterfeit cards (22%), stolen or lost cards (20%), card ID theft (17%), and fake or doctored card fraud (17%).
Researchers found that the current threat environment makes it especially challenging to separate fraudsters from legitimate customers, especially in digital transactions. Survey respondents cited the use of mobile channels (47%), the rise of synthetic identities (47%), and limited or no real-time transaction tracking tools (46%) as the top three challenges of digital consumer verification.
Frictionless Tools
While 69% of survey respondents have implemented fraud prevention tools in digital channels, most found it difficult to deflect fraudsters without inconveniencing legitimate customers, particularly at the point of purchase. Researchers offered the following recommendations for creating a secure but frictionless experience:
Employ advanced, multi-tiered solutions. Use automated solutions, such as transaction scoring, to eliminate friction among low-risk shoppers. Transaction scoring creates a risk score to approve or deny a transaction and eliminate unnecessary steps in customer verification. When integrated with AI, biometrics, and other behavior-based authentication methods, these fraud prevention tools continuously evaluate customer identity and transaction risk while facilitating internal and external data sharing and collaboration.
Appoint a fraud management administrator. Assign an administrator to take ownership of a company’s fraud management, with responsibility for configuring, monitoring, maintaining, and continuously updating the system. This designated administrator will safeguard the customer journey, from account openings and checkouts to logins, an approach that protects all stakeholders — employees, customers, service providers — from card payment fraud and adjacent threats.
Risk-based, data-driven approach. Prioritize fraud mitigation to thrive in the ecommerce ecosystem. Leverage emerging technologies whenever possible to build a robust posture against fraud and reduce fraud losses, which can elevate conversions and trust.
Human, AI Oversight
As LexisNexis Risk Solutions noted, the growth of ecommerce has created more opportunities for criminals, with surprisingly little effort. A significant number of attacks in 2023 were prompted by human error, according to Verizon’s “Data Breach Investigations Report,” published May 1, 2024.
Chris Novak, senior director of cybersecurity consulting at Verizon Business, observed that 68% of data breaches in 2023 resulted from people making innocent mistakes or falling victim to social engineering attacks. “The persistence of the human element in breaches shows that there is still plenty of room for improvement with regard to cybersecurity training,” he said in a statement.
The Verizon Business data-breach team advised taking a multilayered approach to fraud prevention. “We (and many others) have said it before: Multifactor authentication goes a long way toward mitigating these types of attacks. For that matter, so does not letting your kids use your corporate computer to find ways of making free [gaming] V-Bucks,” they wrote. “As with anything else security-related, the most effective controls are typically the ones that leverage the human element along with technical resources.”
LexisNexis Risk Solutions proposed more than personal attributes — name, address, date of birth — to identify customers in the digital world. Merchants must also assess device risk, transaction risk, and online and mobile behaviors. AI-powered tools can do all of this and more, researchers stated, calling the approach the “new norm in fraud management.”