Fraudsters have been making their lists and checking them twice, and it’s not going to make for a very happy holiday for retailers.
Fraud is on the rise, especially account takeover fraud, and the growing sophistication of fraudsters – paired with the massive quantities of credit card and personal information now available on the dark web – could create a perfect storm for cybercriminals around the world this holiday season.
In fact, Signifyd director of merchant advocacy, Sourabh Kothari, is counting on it. “We are expecting an all-out assault this holiday season,” Kothari told Karen Webster in a recent episode of the Global Fraud Index podcast series – and the assault is going to hit in some unexpected places.
Kothari said that the well-known and luxury brands people expect fraudsters to target will continue to see fraudulent activity, as they always have. While it’s not good news, neither is it unexpected.
What he finds alarming is the spike in eCommerce fraud among apparel retailers, where account takeover fraud is growing rapidly at the same time as stolen financials fraud. Kothari said that retailers are experiencing greater fraud losses this year than last year, and that will only be highlighted during the holiday season.
In the past, Kothari said, fraud was always concentrated in higher-value markets, because those products could be sold for the most immediate cash. However, in Q1 and Q2 of this year, fraud declined in that higher-value window, while ballooning in lower-ticket categories.
During a typical holiday season, Webster noted, fraud numbers climb, but legitimate transaction numbers climb faster – so, the percentage of transactions that are fraudulent actually declines. But that’s not what retailers saw this time last year. Unfortunately, Kothari thinks this year will be even worse.
It’s easier than ever for criminals to emulate legitimate customers with all the information available to them from data breaches, such as the one at Equifax, and evolving tools are allowing international criminals to route transactions through domestic IP addresses, making it even harder to pinpoint them.
Kothari and Webster discussed the reasons behind the fraud spike, who it’s going to hurt most and what merchants can do about it.
Historically, consumer electronics were seen as the perfect target for cyberfraud, but Kothari said that is changing for one major reason: the global economy. Are the fraudsters now channeling their inner haute couture?
More like tapping into the inner haute couture of the buyers.
There is a lot of demand worldwide for shoes, accessories and fast-growing brands – both established ones and new players. Kothari noted that a whole new wave of brands is gaining popularity globally, driving growth in the industry – and that’s a good thing, he said, but it also invites more fraud.
Athleisure is a particularly vulnerable category, Kothari said, because it is in such high demand that supply can’t keep up. This affordable luxury category is all about athletic-style clothing and accessories that are worn for non-athletic purposes – for example, the Kanye West Yeezy sneakers by Adidas.
These limited-release sneakers initially sold for $200 to $300, said Kothari, but because the supply was so small, resellers have been able to list them for as much as $1,500. And since fraudsters don’t pay for the product to begin with, they’re scoring $1,500 on a single small investment (whatever they paid to acquire the stolen financials or identifying information used to take over the account).
The Downside of Global
When retailers see patterns of fraud coming from a certain country, they become more cautious about selling to that country, but Kothari said this strategy is no longer serving them as well as it once did.
It has always meant turning down transactions from legitimate customers, a sacrifice some were willing to make – but now, fraudsters are routing purchases through local IP addresses, so cutting off business to entire countries will pose little threat to the smartest cybercriminals.
Kothari gave the example of Tuckernuck, a New England-based apparel retailer that works with Signifyd. Tuckernuck was seeing high volumes of fraud from certain regions so consistently that it nearly stopped selling to those regions.
But once Signifyd helped the merchant stop the fraud, it became clear that all that activity was coming from overseas and simply being routed through those regions. That meant that Tuckernuck could continue doing business with real customers everywhere, enabling sales while also reducing fraud.
Another brand working with Signifyd is Paul Evans, a New York-based crafter of high-quality, handmade Italian leather shoes that retail for a much lower price than similar products, since Paul Evans sells directly to the consumer. The shoes are popular with customers in Europe, Australia and other global settings, as well as in the U.S.
However, two of the brand’s key retail practices were inviting fraud. First, it offers free international shipping. And second, it has a 365-day guarantee, the goal of which is to encourage people to try a new brand, with the assurance that the product can be returned if they don’t like it.
Without the ability to conduct global sales, and without these practices that the merchant considered to be key parts of its strategy, Kothari said the business’ growth would have been severely stunted.
That’s why Kothari said a defensive strategy isn’t enough. Simply refusing to do business with regions where fraud originates cuts into legitimate business. Today, said Kothari, fraud defense must be about revenue enablement, so that merchants can accept orders from real customers around the world and grow their eCommerce business on a global scale.
With a potential fraud assault ahead this holiday season, what are merchants to do? Kothari urges them to take a new approach. Simply upping the ante on the strategies they already use every day – bringing in more people to process orders, increasing software use – isn’t going to help.
Instead, said Kothari, they’ll want to look at a solution like Signifyd’s, which enables revenue at a critical time of year while also absorbing fraud losses.
To put it in holiday terms: Don’t just stop up the chimney to keep the Grinch out. Make sure there’s a way for Santa to get in, too.