In the post-EMV world, there’s a dark side of payments that’s driving headlines, but one that doesn’t always drive how merchants tailor their business decisions.
That dark side, of course, are the fraudsters, who at this very moment are likely building up their armies in order to wreak havoc on the payments and commerce ecosystem. As Forter CEO Michael Reitblat told MPD CEO Karen Webster, fraud isn’t slowing – in fact, it’s increasing. There are simply more rookie fraudsters entering the systems who are less sophisticated today, but skilled enough to wreak havoc.
But what happens when this new wave of cybercriminals takes off their training wheels?
That, Reitblat says, is when the real storm will hit.
“[The rookie cybercriminals] are testing the waters. They are not very good at it and they are trying to understand how it works,” Reitblat explained. “They are not having a lot of success, they are just creating a lot of noise from the retail perspective. There are more fraudulent attempts, but they are not as good.”
But just because those attempts aren’t as good now, doesn’t mean they won’t be in the future. Interestingly enough, Reitblat compared fraudsters’ current behaviors to that of pirates in the 16th century. There are the captains who understand the treacherous waters, and then the grunts who take orders from them who aspire to be captains one day.
To take that analogy further, the real threat to today’s payments and retail fraud isn’t the rookie fraudsters today, rather it’s what happens when those fraudsters-in-training become the payments retail scourges of tomorrow. Like the pirates, Reitblat suggested that the industry will see the “same patterns and cooperations in terms of their internal market.”
When Webster asked if fraud was going to increase — not just the volume of fraud — because, as we know, the activity is ramping up online, but the rate of fraud, Reitblat responded with a confident “yes.”
“Without a doubt,” he iterated. “We’re already seeing increased rates on almost all the merchants we’re working with. Most of that increase is in unsophisticated fraud. I think two things will happen — one will be the newbie fraudsters will get better. It will take them a while, but some of them will become really good at their craft. Second … retailers might start letting their guard down because they will think fraud is becoming less sophisticated or they’re becoming better at catching it.”
It’s that second prediction, that Reitblat says that is the one that concerns Reitblat the most. The trend that he’s noticed is that fraudsters see the curve to becoming successful is steep. And that’s why they are shying away from the traditional hidden underbelly of the black market — and instead hiding in plain sight by setting up their own eCommerce sites.
“They are stealing accounts from commerce platforms, they are stealing accounts from SEO companies, Facebook apps and so on,” Reitblat said. “They are starting to act more and more like regular merchants, but just with extremely high margins because they didn’t pay for the goods.”
Reitblat notes that cybercriminals are also getting chatty on online forums, which gives good insight into their next moves. This year, in particular, one trend has been conversations about how to ship goods cross-border. And how to sell stolen goods for more, along with how to create eCommerce websites fast.
The double-edged sword with the fraudster eCommerce sites is that once they secure customers, they also become privy to their payment credentials. Talk about getting the most bang for their buck.
“All the new payment-enabling technologies are actually helping fraudsters as well,” Reitblat said.
Double-edged sword, indeed. And that’s where the discussions about EMV come back into the mix.
“With EMV, what we are starting to see [with fraud mitigating online] is that it’s a wave that will hit us in about a year in full force, and not exactly now. We’ll see different waves. There are several factors that will make the fraud spike higher next year,” Reitblat said.
And then there’s the elephant in the room that the payment community has been starting to talk about more and more post-EMV shift.
“EMV, in my mind, will create a lot of damage toward the end of next year,” Reitblat said. “My only caution … from retailers’ perspective, retailers might think fraudsters are becoming less sophisticated, when in reality they are becoming more sophisticated. There are just a new influx of unsophisticated fraudsters that are still learning.”
What’s happening in the retail space is that retailers are often seeing more attempts, but if they believe they are catching most of them, they are confident in their hit rate.
“As a percentage of attempts, [they] think that you are getting better. But in reality it’s not. We do see that an increase in unsophisticated fraud attempts is causing retailers to hire more and more manual review people. Because they think the return on them is better. … In reality it doesn’t scale that way. My concern is that retailers will double down on manual review,” Reitblat said.
Instead, what he recommends for retailers is automating solutions, ignoring hit rates and focusing on how much product is going through fraudsters. As the fraudulent attempts jump, without having an automated process in place, it will end up costing more money in the long run if relying on manual review, Reitblat said. Training people to review fraud attempts won’t work anymore and the loss rates will then go up, he noted.
But the real trick?
“Never letting your guard down,” Reitblat said.
Because if retailers do, they have a greater chance of turning off customers as a result of potential fraud attacks.
“Retailers will have to do an even better job of not turning down good buyers. That’s their way of increasing revenues in a down market. In the down market when the buyer is becoming more and more king,” he said. “Fraud will go up and consumers will be tighter and less forgiving toward retailers.”
As for what’s next in the fraud market? Well, it’s going to be a lot of what’s already happening — but at an accelerated pace, specifically as the mobile commerce market takes off. And as cross-border commerce continues, that space will also open itself up to fraud vulnerabilities.
“As mobile becomes more important for retail, it’s also becoming more prone for fraud. As international markets are becoming more appealing to retailers, then more and more of them are starting to open up to accepting international credit cards that makes it easier to fraudsters,” Reitblat said. “But these are kind of the acceleration of all the trends. There is nothing new here. It’s just one on top of the other. You’ll just get a bigger wave.”