As merchants gear up to maximise ecommerce sales in 2023, the never-ending fight against fraud means there’s no room for complacency. Valiant efforts to detect fraud will come to nothing if merchants don’t have the right tools to fight it.
The speed with which fraud is mutating to evade detection is frightening. Even with innovations such as Strong Customer Authentication (SCA), 3D Secure, and behavioural analytics fending off attacks with greater efficiency, ecommerce fraud continues to climb
higher. Data from Juniper Research shows that the total cost of ecommerce fraud for merchants will surpass $48 billion globally in 2023, up $2 billion from 2022. Of this figure, North America is cited as comprising 42% of fraud by value, followed by Europe
Merchants across Germany, France, and the UK (the largest ecommerce markets in Europe) are the most popular targets for ecommerce fraud, given the popularity of online shopping in these countries. In Germany, two out of every three of ecommerce companies identified
a noticeable rise in fraudulent activities, while over 85% of online retailers in Switzerland reported having been victims of fraud in 2022.
According to data from global analytics firm FICO, fraud basis points is a standard measure of card fraud severity, and can show how a bank or a country compares to others. 1 basis point is equivalent to 1 cent per €100. When looking at the scale of the fraud
threat by basis points across Europe, the fraud threat level (the ratio of fraud losses to card sales) doubled in 2021, with the UK and France having the highest fraud basis points levels in 2021. Although overall fraud performance trends for Europe may be
flat, this is testament to the fraud management efforts of the financial institutions across the region, rather than an indication that fraud threat is remaining steady or slowly going away.
Undoubtedly, the introduction of SCA has helped to tackle fraud in the online space. According to Visa data, use of EMV 3D Secure has tripled since the start of 2021, coinciding with a reduction in card-not-present fraud by 28%. While SCA can prevent some fraud
attacks, not all online transactions go through this method of verification. SCA exemptions include transactions where payer and payee are outside the EU, recurring fixed amount subscriptions, merchant-initiated transactions, and low value transactions less
than €30. Ecommerce merchants outside the EU, and those with significant flows from these transactions are expected to see greater levels of fraud attempts as a result over 2023.
Similarly, the increase in Account Takeover (ATO) fraud is being driven by the surge in data available on the black market, driven by malware and bots being used to harvest data from a growing number of sources and channels. ATO fraud attacks increased by 131%
in the second half of 2022 compared to H1 2021, showing that as fraud is dampened in one area by initiatives like SCA, it simply moves to another.
While fraud growth rates are not as steep as they have been in previous years, a perfect storm of economic turbulence, changing consumer behaviour and inefficient merchant systems makes protection of transactions even more necessary during 2023. This is not
just to protect merchant revenues, but also to reassure customers about the safety of their data, and deepen trust. Customer trust is priceless – once damaged, it’s extremely difficult to get back. Considering that 43% of businesses say they are concerned
about how ecommerce fraud impacts their brand reputation, up from 26% in 2020, this shows the importance of preventing fraud as soon as possible.
Emerging threats need a new approach
As we saw during the upheaval caused by the pandemic, fraudsters use any sudden disruptions in B2B and B2C payment flows to launch new attacks. Existing methods like phishing and bots are being used to greater degrees to exploit consumer fears over the rising
cost of living to collect sensitive personal data, while counterfeit websites that mimic bank or merchant websites are being used to capture payment or account information.
More recently, the advent of ChatGPT and other AI tools is causing concern about their potential to create even more fraud opportunities. For instance, fraudsters could use AI to come up with genuine-sounding phishing messages, or mimic chatbots to be placed
on fake websites to capture even more data.
While we’re still in the early stages of seeing what these AI innovations can do, it’s nevertheless a wake-up call for merchants everywhere to closely examine and overhaul their fraud protection strategies to create tighter multilayers of defence.
In the meantime, ecommerce is empowering small merchants to go global, which is why they need platforms that can enable acceptance for alternative payment methods used in different parts of the world. At the same time, merchants must ensure that these platforms
can guard against fraud attempts from new sources, markets or channels. This presents merchants with a dilemma. Merchants want to remove all friction from transactions to get higher checkout conversion rates, but the necessity for authentication means some
element of friction will always be present to protect consumers’ data. It’s a tricky balance to get right. False declines, failed log-ins, using expired card data and manual checks are just some of the frictions that could be avoided if merchants undertook
a sweeping review of how they deploy anti-fraud measures.
It's not enough to simply detect fraud – without the intelligence, agile tools that can anticipate it and prevent it, merchants leave themselves exposed to further attacks. But thanks to the new breed of integrated payment platforms that can map data from a
growing number of sources, it’s easier than ever these days to pre-empt attacks and stop them at the source, with real-time account monitoring capabilities that can help merchants identify fraud patterns and enact blocks instantly. Tools like these can help
merchants identify genuine customers much faster and pinpoint fraud attempts with much greater accuracy.
Alongside deploying comprehensive know-your-business (KYB) and know-your-customer (KYC) checks to safely onboard sub-merchants and new customers, merchants should look for payment service providers that are fully PCI-DSS Level 1-certified, as this is the strongest
level of payment data encryption and a trustmark that merchants can use to reassure consumers that their transactions are secure.
With integrated platforms that offer enhanced fraud protection and wide alternative payment method acceptance, from trusted providers who are experts in securing online transaction flows, merchants can be relieved of the pressures of trying to investigate,
monitor and fight fraud by themselves.