As electronic commerce grows — by 15% in 2018 – fraud grows too, because that’s where the money is, as Willie Sutton explained years ago in why he robbed banks.
Forter, which develops an evolving array of sophisticated fraud-prevention tools, found in its bi-annual report that fraud attacks varied by industry, by merchant, merchandise and customers. E-commerce growth has been accompanied by growth in online fraud in new areas, like food delivery.
Forter uses machine learning, enhanced by human expertise and continuous research as it processes more than $100 billion in transactions a year for more than 150 clients worldwide. It uses attack data from all of its company’s clients to fight fraud which shifts with the times.
For example, fraud in one category — Apparel & Accessories — was up 47%, as fraudsters order items that are easy to resell on their own sites, said Michael Reitblat, CEO and co-founder of Forter.
“Apparel remains popular with fraudsters because it is easy to resell, and attempts to buy in bulk are not suspicious as is the case in many other industries. Good customers often buy apparel or accessories for groups or teams, or purchase items in more than one color or material. Legitimate buyers are frequently willing to make purchases from third party sites, making reselling much easier. The result is that fraudsters in this industry can feel confident of a good ROI.”
Professional shoppers who are gaming the system will buy a lot of items during promo times at a heavy discount, and then try to sell them on eBay, he added.
“Everything they don’t sell for profit they return,” he added. “They use the retailers as inventory, warehouses they don’t pay for, and they make a profit on the retailers’ backs.”
Technology can help identify fraudsters, but apparently retailing tech is similar to retail banking tech — purpose-built over the years in silos.
“If you consider the big omni-channel retailers, they weren’t built in a day,” Reitblat said.” It is actually not easy at all for them to link e-commerce on one platform and their stores on multiple other platforms. A lot of big retailers are going through digital transformation process which is very complicated.”
In the meantime, some use Forter to develop a comprehensive view of customers across their e-commerce and physical sites.
“They use us. It’s easier for them to use us to connect with all their systems than to connect internally,” he explained. “When you walk into a store, you provide different information from what you provide online. They may be lagging in adopting the technology to keep the progressive policies that are good for customers.”
Comprehensive systems can also spot customers who order online and return merchandise to a store to uncover returns abusers. With separate systems for online and physical stores, e-commerce customer might look highly profitable while the stores find a lot of returned products.
Companies walk a tight line in the way they work with customers over issues such as return policies, and Reitblat said most still have a ways to go in using data to create a comprehensive view of their customers.
Some retailers have see a sharp decline in returns abuse but at the risk of insulting good customers.
He said there was a retailer backlash to return abuse about a year ago.
“They would block someone who does it a couple time with no regard for the individual’s buying patterns. Some firms have ended free returns and others will cut off a buyer who returns more than three times a year.
It’s one thing to buy a standard product, like a smartphone or book, over the internet. But when firms wanted to get into shoes and clothing buyers often balked because they couldn’t feel the fabrics, or see the exact tone of a color or check the fit online.
Zappos solved the problem by making returns free. Customers could order multiple colors and sizes and send back what they don’t want.
Other areas of fraud are also increasing — consumer electronics fraud attacks were up 73% in 2018 compared to 2017.
Forter looks at some anomalies, like a 29% decrease in air travel fraud attacks, and speculates that criminals may be holding vast quantities of stolen data for future use. Data breaches lead to fraud which can be tied back to specific attacks, Reitblat said.
“It’s common for a very big breach to take several years for people to start using it,” he said. “When eBay and LinkedIn were breached it took three to four years. We have seen little use from Equifax or from the Starwood Marriott breach — these two are possibly the worst breaches that have ever happened in retail identity space, Starwoods has all your accounts, email, password and information about your stays.”
The fraud news isn’t all bad. The good news for individuals, if not for merchants, is that some buyers are profiting from widespread customer fraud.
“Policy Abuse (when individuals cheat merchants through the use of coupons and discount codes) has increased a whopping 170% since Q4 2017,” the report said.
A new category is food and beverage. Overly familiar with the relentless barrage of TV commercials for Grub Hub?
“Attacks against online food and beverage businesses (including restaurants, delivery services and merchants in this industry) have shown an increase in fraud for the second year in a row. 2017 saw an increase of 60%, and comparing the Q4 2017 numbers to Q4 2018 shows an increase of 79%.”
And while Willie Sutton was after cash, some of the food and beverage fraud is for personal consumption.
“There are numerous examples of fraudsters stealing for their own direct benefit rather than for monetization, especially with re-sellable items like high-end alcohol.”
However, those bottles of single-malt Scotch or vintage wines that fraudsters ordered could be an enjoyable side benefit of a larger strategy.
“In general, the popularity of this industry with criminals is due to its use as a payment testing zone — fraudsters testing out cards or wallets to see if they can get away with the purchase. Once successful, they know it is worth trying for a higher ticket order elsewhere.”
Reitblat said that fraud has increased as “more and more companies are starting to follow what Starbucks has done, mobile payments, order ahead, pay with an app in the store.”
Forter sees growth in fraud rings.
“Fraudsters are able to leverage the skills and expertise of individual fraudsters and form highly specialized fraud rings that are difficult to identify and stop. Forter has seen that the returning individual offender rate has decreased in response to the rise of fraud rings, which have grown by 26% this year.”
Law enforcement activity to fight fraud ranges from minimal to nonexistent.
It’s tough because this type of crime falls between cracks of enforcement agencies, said Reitblat. You could have a cardholder/fraudster in Vietnam using a credit card belonging to someone who lives in Philadelphia to steal from a merchant in New York whose e-commerce site is located in Virginia.
“Where do you report it? Each will defer to another agency because it’s not sexy. The FBI or Treasury will not go after criminals stealing $10 to $30 at a time. We don’t even have a counterpart to talk to in the US; in Europe it is little more effective.”
If law enforcement would get involved, they could probably find enough data to deal with fraud effectively, he added.
“As online commerce grows, online fraud grows with it. Detection is not enough, you have to do something with the information.”