The world of online retail has seen incredible changes over the years and has demonstrated a resilience in adopting and adapting new practices, channels, platforms, and technologies to enable customer convenience.
As online retailers seek to recover from the COVID-19 restrictions that saw many brands close their doors, they must also grapple with a new fraud landscape where fraudsters constantly use new and sophisticated ways to commit fraud.
Unlike hacking into a network for illegal financial gain, online retail fraud is often about opportunity. A fraudster will take advantage of any situation they can to commit fraud, where there is loose security protocol. Sometimes fraud is the work of an individual or by organised criminal gangs intent on making a quick profit.
The online retail industry suffers high levels of fraud because of the number of touchpoints in the customer journey. A fraudster can attack anywhere in the journey including registration, login, checkout and even at the post-purchase stage with customers raising chargebacks.
More recently, the Asia Pacific region has seen a surge in friendly fraud (or “first-party fraud”) where a customer makes a purchase and then contacts their bank to later dispute the legitimate charge.
Friendly fraud is said to cost the industry USD 50 billion in 2020, according to a report by the Mercator Advisory Group. Friendly fraud is not committed by the conventional criminal; it’s the consumers who are to blame for committing fraud knowingly. It’s a fraud vector that’s been on the rise during the pandemic – sometimes because of consumers experiencing financial hardship.
Reducing Friendly Fraud One Step At A Time
Unfortunately, there isn’t a silver bullet to reduce friendly fraud all in one go. Knowing and verifying your customer is an important step in reducing fraud. However, outdated technologies, practices and processes with vulnerabilities leave fraudsters able to run amok exploiting weaknesses.
Technology and payment protocols have always played a role in fraud prevention, with retailers using various methods to verify the identity of the cardholder. 3D Secure provides an additional layer of cardholder authentication. However, 3D Secure from an issuer, merchant and an acquirer perspective has had varying degrees of adoption in the Asia Pacific region. Even with the additional layer of cardholder authentication that 3D Secure provides, it’s almost impossible to detect friendly fraud.
More recently, retailers have embraced new technology using machine learning and other artificial intelligence (AI) techniques to detect fraudulent activity.
What Will Tomorrow Bring?
According to a survey by Ethoca, 96 percent of the consumers who responded wanted more detailed transaction information available including the date and location of delivery for online purchases, a list of what was purchased, and a link to refund and return details. This will reduce customer confusion, disputes and chargebacks especially when the latter is expected to cost U.S. issuers more than USD 1 billion by 2023.
Visa’s Compelling Evidence 3.0 Goes Further
Visa is taking a different approach and one that will impact merchants. New dispute resolution rules will see more responsibility placed on merchants and will come into force in April 2023.
Although retailers have always been asked to provide evidence, these new rules go further than ever and places even more responsibility on the merchant to prove the cardholder is at fault and avoid the liability of a chargeback.
In most chargeback cases, banks take the side of the consumer rather than merchant, which puts the onus on merchants to prove there is friendly fraud, or fraud at play. It has been difficult to prove beyond doubt that a claim is or isn’t true, but what Visa’s compelling evidence does is provide strong evidence creating reasonable doubt for the banks where a chargeback is concerned, therefore, helping merchants in the fight against friendly fraud.
Compelling evidence 3.0 requires the merchants to provide cardholder information that appears in previously undisputed transactions. This includes account information, delivery address, device ID and IP address. The merchants needs to show evidence that the cardholder has not made a chargeback over 120 days of the claim being made. In other words provide an “historical footprint” of undisputed transactions.
Device intelligence (including a device fingerprint and an IP address), form a crucial part of the compelling evidence puzzle. For example, merchants need to provide the same device fingerprint hash from at least two undisputed transactions over 120 days from when the disputed transaction took place.
In order to provide this information, merchants need to consider device intelligence technology that’s not cookie-based because cookie data can easily be cleared by the consumer over time. Technology that can create a persistent browser-agnostic device fingerprint is key.
Other technology is available to retailers in countering fraud and that’s using behavioral biometrics incorporating artificial intelligence, machine learning, and other advanced technologies. Behavioral biometrics are the way a user types, the pressure they use on the keys, the swipe movement on a phone and even they way they use a mouse.
Behavioral biometrics are unique to the user, like muscle memory and is less intrusive than facial recognition which requires the cardholder to actively authenticate themselves by using their device. Because a person’s behavioral biometrics are unique traits, fraudsters are less able to steal, hack, or buy the information online.
For too long, the online retail sector has suffered from fraud on an industrial scale and more recently, friendly fraud has seen growth because of the pandemic.
In this new era of commerce, fraudsters have adapted to the changing retail dynamic by adopting new ways to commit fraud. Only by the introduction of modern technologies, practices and processes, can fraud be chipped away, reduced and eradicated.
While Visa’s Compelling Evidence 3.0 may come across as heavy handed, something must be done to significantly reduce friendly fraud. By requiring more evidence from merchants, the hope is consumers change their behaviour and fraudsters will see their path blocked again.
Rather than a single approach to curb fraud, there is a necessity for card issuers, retailers, acquirers and card schemes to take a collaborative approach to tackle fraud vulnerabilities. This requires the dispensing of outdated technologies and processes and the introduction and prevalence of future-proofed technologies and practices.
Author: Namrata Jolly, General Manager for Asia Pacific, Callsign