Since the pandemic struck, the fraud wave is on the rise. In the UK, for instance, consumers lost more than £2.3bn in a year from 2020 to 2021. It was a surge of 33% in fraud cases reported to the national anti-fraud center, Action Fraud. For comparison, these numbers grew 8% YoY on average before the pandemic — so the pace increased 4 times in one year, due to fraudsters exploring vulnerabilities in growing eCommerce and remote work environments.
The situation is as dire across the pond. In 2021, the Insurance Information Institute or iii reported a 45% growth of fraud complaints above 2019 (4.8 million as compared to 3.3 million), with losses totaling up to $720bn, according to the FTC report for 2020. Identity theft in some form affected as much as 45% of Americans in 2020, and the scams are not going to relent any time soon.
The situation is largely the same worldwide, and while many regulators across the globe try to issue efficient frameworks to fight fraud, more than 95% of fraud cases remain unresolved.
It might seem that online merchants are left on their own and wage a losing battle against fraud. As a matter of fact, nobody can help a company that does not want to help itself — but forewarned means forearmed, and every merchant should think about establishing reliable anti-fraud protection for their business as soon as they can afford it.
Thus said, the most effective way of defending from fraud is detecting it early with reliable risk management and fraud prevention tools. There are lots of such solutions on the market and it’s up to you to choose the one that fits your business goals and fraud prevention objectives best.
This article covers the most common types of Card Not Present or CNP fraud that an online business might face. It also shows some ways to mitigate them, available when working with Covery — an end-to-end risk mitigation and fraud prevention platform. If you can relate to some (or all) of these situations, it definitely is time for you to think of investing in an anti-fraud system.
5 most common frauds that can damage your business
While there are all kinds of fraudulent schemes out there, most of them fall under one of 5 categories:
- Identity theft
- CNP fraud
- Friendly fraud
- Affiliate fraud
- Account takeover
Let’s cover them in more detail.
Synthetic identity theft
Fraudsters use various methods to obtain the personal details of your customers. Email phishing, voice vishing over the phone, smishing with fraudulent links in SMS, or simply buying databases stolen from booking agencies — all of these and a ton of other methods can be used to gain customer personal details.
Later on, scammers combine real data (like phone numbers, addresses and Social Security Numbers) with fake details (names, specifically created email addresses, etc.) to forge identities. These fakes are then used to abuse bonus programs, in chargeback attacks and in other fraud types. Identity theft scope is continuously on the rise since the pandemic outbreak and there are no reasons to believe it will not grow further.
CNP fraud
Naturally, you know why Card Not Present fraud is so devastating. From using stolen cards for purchases to starting fraudulent chargebacks, various types of CNP fraud plagued online merchants for years. Skimming devices at ATMs, gas pumps and other POS terminals provide fraudsters with credit card numbers they then use to defraud online merchants.
Card testing and triangulation fraud are among popular CNP fraud use cases. Scammers might make lots of small orders in quick succession with various credit cards to test which details work, and which are blocked already. They can also perform a triangulation, where they set up a fake store with various goods sold at huge discounts. Customers order those goods and fraudsters buy them at your store.
As a result, the victim receives the goods ordered and pays only a part of the price — but fraudsters get the credit card details entered at their fake sites. This allows them to later order expensive items at your store using those details, basically robbing both you and your customers. To add insult to injury, defrauded clients will charge you back and fraudsters will go unpunished.
Friendly fraud
Often dubbed as “family” fraud, this scheme involves either using a child’s card associated with a parent’s wallet or simply conspiring with a friend or family member to state that the products ordered were never received, were of subpar quality, or did not match the description. As it is an intentional fraud and banks mostly believe their customers, it can be quite complicated to overcome.
Affiliate fraud
Yet another well-known fraud scheme, where affiliate networks send irrelevant traffic to get commissions, while visitors don’t actually convert into customers. The schemes used are multiple and require quite a wide range of tools to prevent them.
Account takeover
This fraud is closely tied to identity theft and involves fraudsters taking over customers’ accounts to perform unauthorized purchases. A particular type of this fraud, known as Buy Online Pick up In-Store or BOPIS gained traction in 2021 due to the lack of basic customer identification procedures in brick-and-mortar shops. Deploying timely and efficient countermeasures is vital for overcoming ATO in general and BOPIS in particular.
How to overcome these threats then? The optimal answer is by implementing comprehensive risk mitigation, transaction monitoring, and fraud prevention strategy. The core part of such a process would be to select the most appropriate anti-fraud system for the job. Here is how Covery solves the problems listed above.
Preventing fraud using Covery
As end-to-end risk mitigation and anti-fraud platform, Covery can deal with any type of fraud. Here are some real-life examples of how various Covery features help combat fraud.
Fighting identity fraud
Covery uses Trustchain — a global database of customer ID reputation with more than 500 million records as of January 2022. Each customer has an IBAN, email address, SEPA number, phone number and more identifiers. Trustchain stores 12 such IDs for every account within the members of the Covery community.
This way, whenever any identifiers are recognized as a part of fraudulent activity, all the Covery member companies are informed automatically. Thus, should a fraudster use any details previously associated with fraudulent schemes — you will be alerted at once. Paired with automated KYC mechanisms, this helps identify fraudsters on the fly and reduce their numbers by up to 80% in some cases.
Fighting CNP fraud
Covery uses a combination of a supervised Machine Learning algorithm and a rule-based risk logic engine. This allows precise risk scoring for every account and any transaction, enabling you to spot risky activities on the go and decline fraudulent transactions. In addition, Covery comes with 15 pre-configured business scenarios for 23 industries and a convenient risk logic editor, enabling you to construct rules and scenarios fit for specific business needs, like automatically enacting additional 3DS 2.0 checks for risky transactions.
This ensures you can spot, identify, and mitigate any CNP fraud scheme — and ensure it never happens again.
Fighting friendly fraud
Fraudulent chargebacks are a constant menace for online merchants. Covery is integrated with Ethoca and VMPI chargeback prevention platforms, enabling merchants to immediately react to chargeback inquiries and resolve them directly with the issuing bank or the customer. This way, your merchant chargeback ratio with a payment service provider is not affected, which lowers the risk of being put into a redemption program as a high-risk merchant and having to suffer the consequences.
One merchant had his chargeback ratio growing due to fraudulent actions of his competitor, who bought all the stock on several positions of products and then launched friendly fraud schemes to forcefully refund these payments. This resulted in the merchant’s chargeback ratio nearing 3%, which would result in account closure by Visa and Mastercard.
Covery helped identify the pattern of this attack and the beneficiary of the scheme. After implementing additional risk logic engine rules and device fingerprinting checks, the attack stopped entirely and the customer was able to lower their chargeback ratio to 0,9%. Becoming a low-risk merchant, he formed new business partnerships with banks and nearly doubled his turnover.
Fighting affiliate fraud
Covery employs device fingerprinting technology, which automatically collects all publicly available fingerprints (like hardware and software IDs, geotags, IP address, OS and browser version, screen resolution, etc.) of every device during every session. This way, merchants can track normal usage patterns and identify abnormal behavior at once.
For example, one of our customers was continuously defrauded by its affiliate network. Analyzing their traffic through device fingerprinting allowed them to identify several geographical hexagons from where a multitude of accounts with similar or matching details logged in. This helped deduct that fraudsters use portable transmitters to emulate real devices connecting through a mobile carrier. Once rules against such activity were implemented, the attack stopped and never happened again, not even over VPN and using other auxiliary tools.
Fighting account takeover
One of Covery’s features is a so-called “profile update” monitoring, which allows our customers to track client activity within their profiles. For example, a client that has always logged in from the US suddenly logs in from Makao. While it might be a legitimate customer on a trip, this can also be an account takeover in progress. Should the customer proceed to make an order and use the usual means of payment to the usual address, or simply update their profile details — all is fine.
But should the user try to immediately change the password and transfer money to another card — clearly, the account was hacked. By combining device fingerprinting with behavioral analysis and Trustchain, Covery can precisely inform when an account takeover is in progress, and block this attempt. This enables merchants to contact customers via other channels like over the phone, inform them of the account takeover attempt and assist them in regaining access to their accounts.
Conclusions
If you are an online business accepting transactions from your customers, you run the risk of facing fraudsters. The sooner you are able to protect your operations from fraud and scams — the better. Should you postpone this decision — you might end up in Visa/Mastercard redemption program, have your payment processing fees significantly increased, and be forced to pay up to a $50,000 fine to be allowed to be dismissed from the program. The alternative is full merchant account closure with Visa/Mastercard, essentially meaning bankruptcy.
Naturally, nobody wants such an outcome. Thus, you need to use some kind of anti-fraud solution if you face a surge in chargebacks, customers complain en masse about losing access to their accounts, you pay affiliate commissions that don’t result in customer growth, or face any other situation described above.