Retailers both online and off have noted an increase in chargebacks since the U.S. moved to microchip cards back in October. None of them are happy about it.
The good news about the chargeback spike some brick-and-mortar merchants have noted is that it’s something in the nature of “teething trouble” - a temporary glitch that will settle down as more retailers upgrade to (and get official sign-off on) EMV technology. The new tech will both shift liability away from the merchants again and make face-to-face fraud more difficult.
The bad news is for online retailers. There’s no comparative liability shift available for them (unless their fraud prevention provider offers a full chargeback guarantee, which can serve a similar purpose) and as fraud gets harder in the physical world, more and more will move to the virtual one. All of this is supported by what has developed into a highly sophisticated online criminal ecosystem. You could think of it as “cybercrime as a service.”
This trend has already started. The Global Fraud Attack Index™ found that online fraud attempts increased an astonishing 215% in 2015. During the crucial final quarter when fraud rates usually dip (because there are so many genuine orders being placed for the holidays, without a balancing increase in the number of fraudulent ones) in 2015 it actually rose 11%.
Not only are more fraudsters moving to CNP as the channel of less resistance (compared to card present, now protected by EMV) and fast growth (a new survey found that for the first time consumers are saying they bought more online than off), they’re also benefitting from the technology of automation, as applied to committing fraud.
If you think about the way that marketing automation technologies have streamlined, personalized and speeded up communication with customers, there’s something similar going on in the fraudster environment. It’s never been easier for fraudsters to start working online - and working effectively. They’ve been quick to realize the benefits: the Global Fraud Attack Index™ found that 83% of U.S. fraud attacks in 2015 used botnets.
There’s a wealth of stolen data online, easily available to fraudsters on criminal marketplaces and forums. A total of more than 169 million records were exposed in 2015, and nearly 12.6 million fresh records have been exposed since the beginning of the year.
Fraudsters can now automate much of the process of testing cards and looking for weaknesses in an online store. And they can automate the necessary steps to hide their identity, too. Once they’ve found a weakness - they’re in, and it’s hard for many merchants to spot them. It’s easy to see how this leads to the rise in fraud that so many online merchants, across a huge range of industries, are experiencing.
When you start thinking about all the opportunities available to the criminals, and the fact that many merchants still rely on legacy fraud mechanisms which are slow to update and adapt, it stops being surprising that fraud is rising.
There is a silver lining in this cloud, however. Just as automation is making life easier and more efficient for fraudsters, so it can transform an online retailer’s fraud prevention efforts by blocking fraud, improving consumer experience for genuine customers, and increasing sales.
From fraud prevention being a source of delays, confusion and frustration, real-time, fully automated fraud prevention can become invisible to customers, able to approve more orders, and hard for fraudsters to trick since it’s continually updated and sensitive and responsive to shifts in good and bad buying patterns and techniques.
The fraudsters have already upgraded to making the most of automation. It’s time that online retailers did too.
Michael Reitblat is CEO of Forter.
