The post-holiday season is a busy time for consignment stores — making it a busy time for cybercriminals as well. And as new threats emerge, foiling fraud takes more than just spotting and flagging illegitimate transactions, says KP Brendel, director of marketplace operations at online thrift and consignment store Swap.com. In the Digital Fraud Tracker, Brendel explains how combining in-house analytics with insights gathered from third-party partnerships can help eTailers nip fraud in the bud.
The pandemic drastically altered consumers’ shopping habits and retailers’ strategies for getting customers the items they needed during the 2020 holiday season.
Experts predicted that online commerce over the holidays would increase 35 percent from the previous year, while brick-and-mortar retail sales were expected to decline by 4.7 percent — a large jump even considering the gradual, long-standing trend toward increased online commerce.
One unfortunate result of this shift has been an uptick in fraud, with bad actors taking advantage of digital channels to victimize customers and retailers more easily than they could during face-to-face interactions. Fraudsters are deploying strategies, such as credit card theft and false chargebacks, to capitalize on online marketplaces’ security vulnerabilities, and merchants are scrambling to anticipate and counter fraudsters’ emerging schemes.
“New threats are evolving all the time,” KP Brendel, director of marketplace operations at online thrift and consignment storefront Swap.com, said during an interview with PYMNTS. “What we always look for is … trends and patterns. If something happened once, no one usually has that on their radar. But as soon as something becomes a pattern, you need to start looking into things.”
Brendel detailed the typical fraud threats eCommerce merchants monitored this holiday season and explained how Swap.com deployed a combination of in-house and third-party expertise to protect its customers’ holiday shopping experiences.
How Fraudsters Targeted Holiday Shopping
Swap.com’s peak season typically arrives during the back-to-school period and just after the holidays, when customers tend to return unwanted merchandise. This gave the company insights into the types of fraud that occur during online shopping surges, which Brendel said have mostly mirrored those faced by retailers with physical storefronts.
“The most common type of fraud we actually see is just the same type of fraud that you find in a regular brick-and-mortar retail environment,” she explained. “It’s a lot of people [who] have gotten ahold of someone else’s credit card number and are placing orders with it.”
Brendel said fraud incidents also peak after data breaches occur, as vast troves of card numbers, passwords and PINs are leaked into cyberspace. Fraudsters obtain these details in bulk from dark web marketplaces and use them before legitimate customers realize they have been exposed, often by quickly making dozens of transactions.
“We had an issue last year where we basically had to flag the entire city of Miami because every other order placed from that city actually happened to be a fraudulent order,” Brendel said. “It turns out there was a big data breach. … New orders from Miami were all reviewed, but if [an order was placed by] a standing customer who we had seen before, then it went through no problem.”
Flagging potentially fraudulent orders forms the core of Swap.com’s fraud prevention system, which relies on both in-house innovations and third-party partnerships to identify and stop fraud.
How Swap.com Stomps Out Fraud
The secret sauce to preventing fraud year-round is diversification, Brendel said. Swap.com deploys both in-house and third-party security systems to identify and flag suspicious transactions, which are then reviewed by the company’s fraud analysis team.
“It’s a combination of a proprietary system that our [development] teams made, mixed in with some of the [third-party] systems that we already partner with,” she explained. “There have been some very high-profile data breaches in the past few years, but thankfully none of them have been on our end.”
Payments are handled entirely by a third party, Brendel added, for an additional layer of data security between Swap.com and potential fraudsters. A bad actor looking to harvest Swap.com’s customer data would first have to deal with payments processors’ security systems, which are naturally incentivized to keep customer data safe.
“All of our payments are also all handled by a third party, which keeps data a lot safer,” Brendel said. “People already trust these third parties because all of their data is already there, which also puts pressure on customers to keep their own private information secure.”
Data is ultimately only as secure as customers want it to be, but many are already aware of the risks posed by poor password hygiene and other lax security practices. Fraudsters will always be on the lookout for potential targets, especially during the holidays and other periods of increased retail activity. A combination of third-party payment security, in-house transaction analysis and customer fraud awareness could therefore be key to keeping them from successfully launching attacks.