Guest Blog Contributor: Riskified is the leading eCommerce fraud-prevention company for some of the world’s largest brands, from airlines to luxury fashion houses to gift card marketplaces. Authorize.Net and Riskified have partnered to bring merchants best in class fraud solution to help them manage risk, expand into new markets and increase revenue. Learn more about Riskified.
In 2018 eCommerce evolved in some directions we expected… and others we didn’t. The holiday season rewrote the record books again – Black Friday sales in the US were up 23.6%. It looks like holiday season volume as a whole rose 20%.
Given ever-changing consumer demands for faster, more convenient retail experiences, being able to facilitate different payment methods should be a vital part of any merchant’s strategy. As retailers innovate, so too do fraudsters, so finding the right payment and fraud prevention solution becomes crucial. To do that, merchants need to understand which retail and fraud trends will emerge this year.
So what does 2019 have in store? Here are four trends omni-channel retailers and online merchants should keep an eye on to help strategize and to protect their bottom line.
1. More consumers will turn to alternative payment methods
Consumers are increasingly demanding fast, easy, and safe ways to shop and pay. Not coincidentally, this shift is happening as millennials surpass baby boomers in population size; according to a 2017 survey, US millennials are 41% more likely to shop via mobile apps than baby boomers, and they expect a seamless mobile payment experience.
Forward-thinking retailers who cater to millennials – such as Lululemon, Footlocker and Forever21 – are already giving shoppers the ability to complete their purchase using mobile payment apps. It’s important that merchants find a payment provider or gateway that integrates easily with their systems - such as Authorize.Net - that would support a variety of payment options.
Meanwhile, offering new payment options requires merchants to update their fraud review practices – fraudsters often test newly launched payment and shopping flows in the hopes of uncovering vulnerabilities and loopholes. By analyzing mobile-specific data, and taking into account shopping preferences and fraud patterns unique to mCommerce, retailers can ensure good customers enjoy a streamlined shopping experience while bad actors are blocked.
Accepting payment from apps such as Venmo and Zelle is another good way to capture more market share and drive loyalty among younger shoppers. These P2P payment methods are becoming the go-to for mobile-first consumers (an estimated 40.4% of smartphones in the US will have a P2P app installed in 2019).
2. More automation for a better omni-channel shopping experience
Both eCommerce retailers and their customers stand to benefit from increased use of automation. Many merchants today are setting up flows to automatically delist products that are out of stock (and alert marketing to stop promoting these products on social media). We’re also not far from an age where fully automated fulfillment and shipping centers will be the norm for online retailers. Merchants will benefit from drastically reduced operational costs, while consumers will get faster delivery, and no ‘item not in stock’ messages.
The downside is that automated flows, when done wrong, can impede the customer experience and expose merchants to new fraud threats. For example, automating the BOPIS (buy online / pickup in-store) process often means shoppers need only a digital token or code to collect their goods. Requiring an ID when consumers pick up their goods could lead to long queues and can sour the shopping experience. So, merchants need to be especially careful when reviewing these orders for fraud – otherwise it’s just too easy for fraudsters to use stolen cards for click and collect purchase. They should be treated like orders for digital goods such as gift cards – specifically, with an emphasis on data points like IP address and device fingerprints, while ignoring the shipping address.
3. Merchants will get better acquainted with referral abuse
Taking advantage of promos is not a new concept. Even back when merchants were offering coupons in newspapers, people were forging them, or going dumpster diving for extra copies. But eCommerce promotions, while a valuable tool for online merchants, are particularly vulnerable to all sorts of abuse.
One of the most common methods is referral abuse. As the name suggests, these scams target promotions that reward customers for referring their friends. One MO is to create fake shopper accounts, and refer these nonexistent people, in exchange for store credit. And if the terms and conditions require the referred customer to purchase something, these phony accounts can place orders, and then cancel or return them.
Why do we expect to see more such attacks in 2019? Well, coupons aren’t going anywhere (and merchants certainly shouldn’t stop offering them), but techniques for abusing them are getting more sophisticated. For example, some coupon codes can be hacked by using bots – an operation quite similar to the credential stuffing mentioned below.
4. More ATO attacks. A lot more.
From 2015 to 2016, losses from account takeover (ATO) attacks rose 61%. In 2017 they shot up another 122%. Riskified’s analysis has shown that 2018 saw a comparable increase in ATO losses to the year prior.
But when we predict that 2019 will see ATO attacks become even more widespread, it’s more than simple extrapolation. To explain why, here’s a quick refresher of how ATO attacks happen:
1. Bad actors steal legitimate users’ login credentials, usually either through a data breach, or phishing attack.
2. The data thief uses a bot to verify the credentials and check which eCommerce stores they work for. This is called credential stuffing.
3. The thief either sells the credentials to a second fraudster on the dark web, or uses them themselves to commit an ATO.
In 2018, we saw plenty of high-profile data breaches, including data from Facebook and Uber accounts. There won’t be a shortage of compromised credentials for fraudsters to use in 2019. And then there are the disturbing trends in bot use. The rate of automated credential stuffing is rising on a monthly basis, and these attacks are also becoming harder to detect, as fraudsters embrace ‘Low & Slow’ stuffing methods.
As opposed to brute force attacks, which simply try to test as many credentials as quickly as possible, Low & Slow sacrifices speed to make these attempts appear more human-like and harder to detect. In 2019, merchants will have their work cut out for them protecting customer accounts.
Here’s to a safe and profitable 2019! Find out how Riskified can help you achieve your fraud management goals.