Americans are making more purchases online and on their phones than ever before...
And many of those purchases are strictly digital—products like e-books, gift cards, and event tickets—with instant delivery to the consumer. For retailers, it’s becoming increasingly necessary to offer digital goods and online sales options in order to compete.
This new retail landscape, however, has also opened up new opportunities for fraud. Online and mobile purchases don’t require a physical credit card, so card-not-present (CNP) transactions are often more vulnerable to scams. Additionally, consumers expect to receive their digital purchases immediately, which leaves retailers with less time for identity and payment verification.
These factors and vulnerabilities have led to the creation of an entirely new category of fraud: Fast fraud. Fast fraud occurs when perpetrators take advantage of weaknesses in online and mobile commerce fraud prevention systems to steal digital goods, which can then be re-sold on the secondary market. Other fraudsters hack into retailers’ systems and swipe customer credit card information for use or sale on the secondary market.
As online and mobile commerce continue to grow, fast fraud is expected to become increasingly prevalent. Fortunately, there are steps retailers can take to better protect their business, their data, and their customers from fraudsters.
“To protect themselves from fast fraud, retailers need to find a solution that is specifically designed for the way consumers are shopping today and in the future. More specifically, retailers should look for a partner that will guarantee payments, meaning the vendor will assume risk for any approved transaction even if it turns out to be fraudulent—this means there’s extra incentive for them to get payments right every time. Retailers should also look for solutions that are effective at detecting fraud while also maintaining high payment acceptance rates and provide a fast, frictionless checkout that optimizes conversion and the customer experience.” - Vesta's Chief Payments Officer, Chris Uriarte told LTP.
The Rise of Fast Fraud
Fast fraud is the result of multiple converging trends. Today, more adults are shopping online and via mobile device, especially as smartphones and tablets become more prevalent. In 2013, 55 percent of U.S. adults owned a smartphone; by 2014, 75 percent owned one.
Retailers have noticed this trend and are working to encourage more mobile purchases. In 2014, 15 percent of all merchants offered mobile commerce options—double the percentage that offered them in 2013.
At the same time, digital goods have taken off. Products like e-readers and digital music services have made e-book and music downloads increasingly common. In 2014, consumers spent $5.7 billion on e books. That figure is expected to grow to $8.7 billion by 2018 (PWC). Similarly, music downloads and audio streaming services now account for 64 percent of the total market, with sales of digital music formats reaching $4.5 billion in 2014 (RIAA). Many consumers have also begun purchasing items like gift cards and event tickets online. In 2014, consumers spent $6 billion on digital gift cards alone, up from $5 billion in 2013.
These trends have escalated so quickly that many retailers’ fraud prevention systems have failed to keep up, and fraudsters have taken advantage of the opportunity. According to the Identity Theft Research Center, there were at least 783 tracked data breaches in the United States in 2014, a 27.5 percent increase over 2013 and an all-time record. Javelin Research and Strategy estimates CNP fraud was about $10 billion in 2014 and expects that number to climb to $18.4 billion by 2018.
Fast fraud will likely become more common in the coming months, as the United States transitions to EMV credit card security standards. These cards will make in-person credit card fraud more difficult, so it’s likely that fraudsters will switch their focus to the more vulnerable CNP transactions. In the United Kingdom, CNP fraud rose 79 percent in the first three years after EMV adoption.
The Consequences of Fast Fraud
Fraud has always had high financial costs for retailers and consumers, but fast fraud’s costs are often higher and go beyond the monetary. For example, fraud accounts for 15 to 20 cents of every $100 in revenue for in- person transactions. For mobile transactions, however, fraud accounts for 68 cents of every $100 in revenue, a 350 percent increase. Additionally, research has found that retailers pay $3.34 for every dollar lost to mobile fraud.
When fraud results in a full-blown data breach, the costs—both monetary and reputational—are even higher. In 2014, the average organization spent $1.6 million on post-breach response costs for legal, consulting, and victim identity protection services, according to a study by the Ponemon Institute. Making things worse, a highly publicized data breach often leads to reputational damage and lost business for retailers. According to the same study, the typical organization loses an additional $3.2 million worth of business following a breach due to abnormal customer turnover, reputational loss, diminished goodwill, and the increased customer acquisition activities that are often required.
Fast fraud costs consumers, too. To compensate for anticipated losses, some retailers are passing the costs of fraud onto their customers in the form of higher prices. Merchants have also begun adopting policies and technologies that slow down the transaction process, making purchases less convenient for shoppers.
Additionally, consumers run the risk of being scammed by fast fraud perpetrators on the secondary market. Fraudsters often unload stolen digital goods through legitimate websites that allow consumers to exchange unwanted gift cards or event tickets. If retailers are able to determine that the goods are stolen, the customer is left to deal with the consequences. Many times, this leaves retailers in a difficult position, as they must decide whether to honor a fraudulent gift card or ticket that’s been sold to a well-intentioned customer.
Why Traditional Fraud Solutions Won’t Work Fast Fraud and The Need For Speed
The nature of digital product purchases with immediate delivery can make it very difficult to identify fast fraud when it’s happening and to track down its perpetrators after it has occurred. As a result, most traditional preventative solutions, which are geared toward preventing fraud when products are shipped to the customer, fall short.
Online and mobile shoppers expect instantaneous delivery of their digital goods, yet many traditional solutions are not adapted for instantaneous delivery. Existing systems often require time to accurately verify the cardholder’s identity and payment, which works well when consumers must wait a few days for their products to ship. When digital goods are involved, however, and immediate delivery is expected, most existing systems are unable to accurately verify payment details, due to the sheer speed of order fulfillment.
Additionally, digital delivery requires no physical address. Digital goods are usually delivered via email or mobile device, so shoppers’ locations are unknown. Systems that require consumers to enter a physical address when one isn’t needed can slow down the transaction process, eliminating the fast, frictionless checkout process that consumers prefer.
The secondary market further complicates matters. When fraudsters unload their goods on legitimate online exchange sites, honest consumers can wind up with the stolen products. This makes it extremely difficult to track down and punish the actual perpetrator.
Most existing fraud prevention solutions work because they’re able to verify the accuracy of payment information in the time span between purchase and delivery of goods. Existing systems can flag addresses associated with suspicious activity, and when possible, perpetrators can be tracked down at those addresses and the stolen goods recovered.
With fast fraud, however, these elements are absent, and fraudsters’ easy access to a legitimate secondary market means goods can be unloaded almost instantaneously. The combination of all these factors makes it nearly impossible for traditional fraud prevention measures to combat fast fraud.
How to Successfully Prevent Fast Fraud
As online and mobile shopping and digital goods continue to grow in popularity, fast fraud will become an even larger problem for retailers in the years to come, especially as the United States transitions to EMV.
Unfortunately, many retailers are learning about their fast fraud prevention gaps the hard way. Merchants who move into the digital products space are often overwhelmed with high loss rates and are forced to stop selling the products immediately. Retailers often look to their existing vendors for solutions, but these traditional providers often can’t provide the help required. For retailers in need of a solution that prevents fast fraud, the following tips can help:
- Don’t go it alone. For many retailers, it’s tempting to build an in-house fraud solution. Yet, most businesses, particularly small- to medium-sized organizations, would require significant staff additions and technology upgrades to establish a functional process. Additionally, outside vendors are monitoring fraud patterns across numerous clients, which allows them to learn about new theft techniques being employed and implement proactive security measures to stop them before they happen.
- Look for guaranteed payments. Only a handful of vendors offer a guaranteed payments solution, but it’s worth seeking out. This model places all of the risk on the vendor, not the retailer. If the vendor wrongly determines that a payment is safe and allows the purchase to proceed, the vendor then picks up the cost of any associated losses for the retailer.
- Watch for red flags. Many vendors overpromise their capabilities, and retailers are wise to be wary when choosing a partner. Common red flags include the promise of “instantaneous integration,” which is highly dependent on the size of the retailer and the type of payments system used. As such, retailers should investigate vendors as much as possible. Merchants can look at the vendor’s list of current clients to ensure the provider has experience working in the merchant’s particular industry and understands its unique needs and fraud profile. When possible, retailers should ask for referrals and interview some of the vendor’s past and present clients to evaluate whether needs are being met.
- Choose expertise over novelty. Fast fraud’s relative newness means many startups have jumped into the fraud prevention and payments processing field to try to solve the problem. However, the effectiveness of any fraud solution increases over time. Vendors that have been in the industry for a number of years have lengthy logs of experiential data, which can be used to spot fraud more quickly and identify holes that could be exploited. Experienced vendors are also able to harness the knowledge gained by working in different industry verticals to adapt solutions that meet the particular needs of each retailer. When searching for a provider, retailers should, at minimum, make sure the vendor has experience working with businesses of similar size and industry.
- Keep the customer experience in mind. Many solutions work simply by slowing down the transaction process or requiring the customer to complete additional and lengthy verification steps. For retailers, these systems often result in dissatisfied customers and abandoned purchases. When choosing a provider, retailers should ask questions about how the solution will impact the customer. The best solution will offer the highest conversion rate for approved sales and the lowest friction checkout process possible.
It’s important for retailers to find the right system for their unique needs and then monitor the solution’s performance over time. The best fast fraud solution will combine payment processing, fraud prevention and guaranteed payments, allowing retailers to sell digital goods to their customers without assuming unnecessary risk in the process.
About the Author - This article is based on a whitepaper submitted to Let's Talk Payments by Vesta Corporation.