Consumers view fraud as part and parcel of the ecommerce experience, leading to security concerns in the payment industry while simultaneously pressing home the huge opportunity of anti-fraud solutions.
According to the research conducted by Paysafe, 65% of consumers believe payment fraud is inevitable when it comes to ecommerce, up from 52% last year.
Worryingly, 33% of UK shoppers have experienced payment fraud in the last year, up from 6% in 2017.
According to the 2018 Global Payments Insight Survey: Merchants, 58% of merchants indicated that lost sales (basket abandonment) was of more concern than fraud. Almost half (48%) said they were willing to face an increased risk of fraud if it means more sales. But this attitude is not only that of the merchants.
“UK consumers’ attitudes towards fraud in payments are largely defined by the medium of the transaction," said Oscar Nieboer, chief marketing officer at Paysafe Group, "In the UK, we have now reached a level of maturity in online retail - most websites are optimised, the checkout process is increasingly simple and delivery is getting quicker. In turn, more consumers are telling us they are accepting a level of fraud for this convenience.”
That's demonstrable by the fact that 79% of shoppers prefer to use a website that already has their payment details stored. That convenience doesn’t necessarily translate to frictionless, behind-the-scenes transactions with 52% citing fraud as the main barrier to their use followed by 48% as misuse of data.
And they would be right to be worried according to the latest research from RSA’s Fraud and Risk Intelligence (FRI) Unit.
The report found that in Q2 2018, phishing was the most common form of attack at 41%, with Canada, the US and the Netherlands the most targeted countries. The second most common attack came from rogue applications, representing 28% of total fraud attacks recorded. Rogue applications are defined as mobile and desktop apps that are downloaded, permissioned by the victim before wiping their personal information, including payment details. Trojan horses (16%) and brand abuse (15%) made up the remainder.
When combined with these methods, fraud perpetrated on mobile devices accounted for 71% of total fraud attacks, up from 65% in the previous quarter.
Dark fraud matters
The report also highlighted that the RSA had recovered nearly 5.1m unique compromised cards acquired by the firm’s undercover dark web agents, representing a 60% increase from the previous quarter. It suggests that the anti-fraud battle could be moving from reactive towards proactive.
“The dark web (as well as IRC, social media platforms and other criminal communication channels) provide incredible insight into attack patterns and methods, that delivers valuable insight which would otherwise not be visible through the more conventional methods—largely point solutions aimed at protecting specific channels,” says Daniel Cohen, director of RSA FRI unit.
A credit card 'store' screenshotted by an RSA agent
“It’s important to mention that today’s 'dark web' is no longer in the dark and takes place in the open, leveraging social media as a global communication platform where bad guys engage each other, buying and selling goods and services.
“Considering these developments, our operation builds on a layered approach that takes into account dark web, and open-source, intelligence, login and transaction monitoring (leveraging machine learning and analytics) and omni-channel visibility to effectively beat fraud,” says Cohen.
A use case for bitcoin?
While the anti-fraud agencies take the fight to the fraudsters, Cohen also believes consumers should do more to protect themselves online. “There are a number of steps that can be taken. Firstly, get into good habits; avoid clicking on links in text messages or emails from unfamiliar senders will significantly lower the chances of having bank details stolen, or malware being installed on devices. Free initiatives such as ActionFraud offer a number of helpful tools to get started and keep your financial data safe.
“It's also important to keep track of your bank accounts regularly, smaller purchases will often be made first to test the waters, so monitoring bank accounts for suspicious purchasing activity is vital to catch fraudsters early in the act.
“Finally, as we’ve seen a rise in the number of rogue mobile apps, people must practice caution when downloading new applications, making sure to verify the publisher and pay close attention to what permissions each app requests - for example, a calculator app shouldn’t need access to your contacts, camera or microphone.”
But for Paysafe's Nieboer, the responsibility ultimately lies with the merchants to protect consumers first and foremost. “What the diversity of payment types in other regions shows is we shouldn’t simply accept fraud," he says. "We shouldn’t have to choose between risk and convenience, and in a time of hyper-awareness around data security and privacy, merchants must place a premium on securing customers’ data now more than ever.”