This year’s holiday season is set to be the most important retail period in living memory. With UK retail spending during the 2019 peak season exceeding £75.8bn, the stakes this year couldn’t be higher. Not only do retailers need to adjust their strategies to recoup in-store losses due to COVID-19, but they also need to stay ahead of the competition, and establish momentum for the year to come.
To remain competitive, retailers have been pushing the boundaries of customer experience, and rapidly launching new omnichannel options to ensure customers get what they want, when and where they want it, with the minimum of friction in the process. Add to that aggressive promotions and loyalty rewards aimed at attracting and retaining new customers and it is clear that we are gearing up for an intense holiday season.
However, retailers need to ensure that revenue growth is not accompanied by an increase in unforseen costs. The environment created by the rapid deployment of all new services and offers – against a background of huge disruption and economic stress caused by the pandemic – is the perfect climate for fraud.
The lack of data on new users makes it difficult for many online retailers to distinguish legitimate customers from fraudsters. They are running the dual risk of both approving more fraudsters, while either declining legitimate customers or adding more friction to their journey, which creates a terrible experience. To avoid the pitfalls and make the most of this critical holiday season, retailers need robust plans in place to assess and mitigate the fraud risks associated with their new services, promotions and customers.
Our recent Fraud Attack Index analysed the major retail fraud trends, identifying three potential areas of risk and what online retailers could do to mitigate them while still maximizing revenue.
1. Account Takeover attacks are in the ascendancy
Disruption often equals opportunity for cyber criminals. COVID-19 has led to a big spike in large-scale corporate cyber breaches (as well as data and credentials theft via methods such as social engineering and phishing scams). Armed with stolen customer data, fraudsters are now using it to infiltrate customer accounts and preparing to launch Account Takeover (ATO) attacks. In the period before they launch the attacks – timed to coincide with retail’s busiest period when transaction volumes make detection less likely – fraudsters ‘age’ the account, building its reputation with the merchant and making it more difficult for rules-based systems or manual review teams to distinguish hacked accounts from legitimate ones.
ATO attacks risk destroying customer trust at a time when it is desperately needed. Customers whose accounts are hacked are highly likely to terminate their relationship with that retailer, causing an absolute loss of customer lifetime value.
Recommendation: Defence against sophisticated ATO attacks requires visibility and dynamic insight into what “good” customer behaviour looks like, gleaned from a global network of behavioural data and applied to transactions in real-time. Additionally, retailers need insight into all interactions customers have with their platform to identify the suspicious behaviour that indicates account infiltration before transactions take place; if you’re only stopping fraud at the point of transaction, it’s already too late.
2. Returns and delivery fraud on the rise
Even before the frenzy of peak season begins, the Forter Attack Index found that Buy Online, Pickup In-Store (BOPIS – commonly referred to as curbside pick-up or Click and Collect) fraud had leapt by 55%. BOPIS fraudsters use genuine customer billing and personal details and request to collect the item in-store, then assume the victim’s identity and collect the item.
In an effort to prioritise a frictionless customer experience by offering more flexible collection services, merchants are now less likely to challenge a customer’s identity at in-store pick up, and in doing so are unintentionally enabling fraudsters in their efforts. The same is true of Buy Online, Return in-Store (BORIS) fraud; merchants don’t want to insult genuine customers by implying they might be committing fraud, but in their reticence, they pave the way for unscrupulous individuals who are aiming to do just that.
Delivery fraud is another area where retailers need to prepare for increasing abuse. Many have started to offer free delivery if customers pick up part of an order in-store. However, customers are abusing this omnichannel approach to gain free delivery for larger, higher value items, such as home appliances. They purchase a small, low value item for in-store pick-up and apply the free delivery to the larger item, with no intention of visiting the store to collect the low value item, leaving the merchant out of pocket.
Recommendation: Gain deep insight into customers’ digital identity and behaviour through fraud prevention solutions that leverage big data and machine learning. Merchants can protect themselves from fraudsters by adding extra security steps – such as the requirement to present ID at an in-store pick-up – in circumstances where behaviour appears suspicious. Meanwhile, where behaviour analysis indicates a genuine customer, merchants can roll out more flexible, low-friction customer service options that build loyalty without increasing fraud risk.
3. Prepare for prevalence of policy and promo abuse
This holiday season customers will be feeling the pinch as job insecurity and the looming threat of recession have them watching their finances. At the same time, retailers will be offering aggressive discounts and loyalty bonuses in a bid to build brand loyalty and encourage customers to shop more. This combination is more than enough to tempt typically legitimate customers to stretch their budgets further by bending rules and abusing policies. At the same time, retailers don’t want to alienate genuine customers by rigorously enforcing policies that may restrict interactions with their brand.
Tactics we expect to increase include customers opening multiple accounts to benefit from sign-up incentives, abusing discount coupons and loyalty points offers. As mentioned above, collection and delivery abuse is already showing an uptick and, as merchants relax and extend returns policies in the name of customer service, they are also opening up these channels to unfair exploitation.
Recommendation: Fine-tune fraud prevention models to account for changing circumstances and customer behaviour. This should be done in the context of global data that identifies trends in customer behaviour, expectations and emerging fraud types.
Striking the balance between fraud prevention and customer satisfaction
A wealth of potential new users and an extremely busy online holiday season present significant opportunities for many retailers who have had a tough year. However, it also increases the risk of fraud at a time when retailers can ill afford to turn away genuine customers or risk losing long-term revenue. To strike the right balance, retailers should:
- Ensure fraud decisions on each transaction are accurate, automated and in real-time so that customers aren’t inconvenienced or insulted by unnecessary security steps.
- Tap into larger merchant networks to gain insight into customer behaviour at all points on the consumer journey, not just when they make the purchase, to distinguish genuine customers from fraudsters and detect ATO activity.
- Leverage global merchant data to continuously adapt to new fraud tactics and identify what good customers look like.
- Fine-tune fraud prevention models regularly to account for changing customer behaviour and economic circumstances.
When retailers offer new customer channels, services, policies and promotions, they need to consider the fraud risk that is baked into them and have a clear plan in place that allows them to assess those risks as well as the potential rewards. Without it they won’t have the full picture around introducing new initiatives and short-term gain could turn into long-term strain and revenue erosion that extends well beyond the holiday season.
Written by Aaron Begner, GM EMEA, Forter