The combination of physical safety and convenience that digital wallets offer means they are here to stay, and merchants who want to compete need to offer digital wallet payment options.
Contactless payments have been around for years, but their adoption by consumers skyrocketed in 2020. Worldwide, contactless payment use grew by 90% in 2020, per Salesforce survey data, and 64% of millennials used digital wallets between November 2020 and January 2021. Much of this digital wallet growth happened online, as consumers looked for easy ways to make purchases on their phones and desktops without constantly keying in their credit card numbers. As some parts of the world return to in-person shopping, Mastercard expects contactless digital payments to remain popular at point of sale terminals, as well.
But any application that is used to store payment information will attract fraudsters, and that includes digital wallets. Merchants need to know the risks and how to protect their revenue while delivering the level of experience that good customers want.
Account takeover fraud was already increasing before the pandemic, fueled by data breaches that exposed users’ login credentials, and the trend remained strong through 2020. In Japan, for example, mobile payment app fraud was the country’s most urgent personal cybersecurity issue, as criminals hacked into user accounts to take fraudulent purchases with Docomo Koiza, PayPay and other mobile payment apps.
In the U.S., identity fraud-related losses reached $56 billion in 2020, with phishing scams driving most of that amount, according to Javelin Strategy & Research. Digital wallet fraud “spiked” during this time, as fraudsters exploited app vulnerabilities and consumers who were new to using digital payment technology.
That trend is ongoing. In March 2021, the U.S. Army’s major cybercrime unit issued an alert about the risk of QR code fraud targeting victims’ mobile wallets and connected financial accounts. When an unsuspecting user scans a phishing code instead of a legitimate merchant code on social media or at a checkout display, thieves can hijack their digital wallets to transfer money or buy goods for resale.
The 2020 “surge in fraud and chargebacks” was driven by these types of account takeover fraud as well as a rise in friendly fraud. The friendly fraud spike may have been driven by individuals who justified their behavior by citing personal financial worries, or those who realized how easy it can be to file false chargebacks and made it a habit.
As more customers claimed their orders never arrived or their packages were stolen, 40% of merchants saw more friendly fraud in 2020. At the same time, one study reported that chargebacks from digital wallets are harder to successfully challenge than credit card chargebacks, in part because digital wallet authentication processes make banks feel more confident in siding with customers.
Whatever form it takes, digital wallet fraud leaves merchants vulnerable to chargeback fees as well as the loss of goods and related costs such as shipping and handling, inventory management, marketing and failed fraud protection. How can merchants offer the digital wallet convenience that their customers expect and approve as many good orders as possible, without raising their risk of expensive chargebacks and other fraud-related losses?
The first step is to have a fraud protection program that operates independently from and on top of your digital wallet payment gateway. Why do this instead of relying on the gateway’s built-in fraud protection? For one thing, more layers of protection are better. For another, when you control your store’s fraud screening, you can adapt it to your fraud strategy as it evolves, to suit your store’s unique risk profile and changes in the tactics fraudsters use.
Next, review your fraud screening program to make sure that it isn’t automatically rejecting orders that are flagged as fraud risks. In our work, we find that most merchants reject many more good orders than they do fraud attempts. These false declines can cost merchants more in lost sales and lost customers than fraud losses do. For example, A March 2020 Sapio Research consumer survey commissioned by ClearSale found that on average, 39% of consumers in five countries would never buy again from a store that rejected their order.
Manually reviewing all flagged orders is the most effective way to reduce false declines while stopping fraud. Whether your manual review team is in-house, outsourced, or a combination of the two, it should be able to evaluate suspicious orders quickly, based on known customer behavioral data, purchase history, chargeback history and other key data. Then, the team should feed its decision data into your fraud-screening AI engine, so the algorithm can get better at differentiating between fraud and good orders.
Another important step is to put end-to-end order tracking tools in place for your store, so that you and your customers can see where each package is in transit, the expected delivery date and time, and proof—ideally in the form of a photo snapped by the delivery driver—that the item arrived. This can reduce the risk of friendly fraud item-not-delivered claims. It can also improve the experience for good customers who want to make sure they’re home when their orders arrive.
Finally, it’s a good idea to track fraud attempts, completed fraud and chargebacks by channel and by payment method. This information will help you plan fraud control that’s tailored to your unique situation. For example, you may find that only a small group of customers are responsible for most of your store’s chargebacks, or that one particular digital wallet app makes it especially hard to challenge chargebacks and win.
With a process to avoid false declines as well as fraud, real-time order tracking and delivery confirmation, and metrics that help you pinpoint your store’s fraud pain points, your store can enjoy the benefits of digital wallet acceptance—more conversions, happier customers and more repeat business—without increasing your risk of fraud losses.
