Online payment fraud is expected to increase to more than $20 billion in 2021, according to a new report from Juniper Research. Fraud reached $17.5 billion in 2020.
The firm said e-commerce is making it easier for thieves to target consumers, especially as online sales grow at merchants that are unfamiliar, or lack the resources, to provide advanced security measures.
“From market data, it is clear that online payment is convenient and drives e-commerce. However, it has also created a playground for cybercriminals who are intent on circumventing the structures on which online payments rely. Trust, it seems, is breaking down,” a Juniper white paper, Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2021-2025, said.
Juniper said its research shows that digital wallet users will surpass 4.4. billion people globally by 2025. There are already 2.6 billion using digital wallets, it said.
“The threat landscape continues to evolve and test existing anti-fraud measures,” the white paper noted. “The omnichannel retail environment, fueled by changing customer expectations, restrictions during the pandemic, along with initiatives that are encouraging the open use of financial data, are creating a perfect storm for fraud. Fresh and upgraded challenges must be tackled in the world of online payments. New types of fraud such as ‘silent fraud’ and cybersecurity vulnerabilities are all contributing to a complex mix of attack vectors.”
A separate report from security solutions firm Sift said that omnichannel retailers saw a 50% spike in fraud across their digital networks in 2020 compared to 2019. Those same retailers saw the average value of fraudulent orders increase 9.09% year-over-year as the shift to online buying during the COVID-19 pandemic opened new doors for cybercriminals.
“The pandemic played an influential role in how payment fraud changed and scaled in 2020,” Sift noted. “Incidentally, the relentless disruption felt across e-commerce also exposed the depth of the fraud economy, and the danger it poses for businesses.”
Silent fraud is a growing approach for cybercriminals hoping to avoid detection. In this case, malware is used to access accounts but rather than stealing hundreds or thousands of dollars, the system pulls small amounts – perhaps pennies – from thousands of accounts, hoping to avoid detection.
Juniper said merchants need to step up their security games and should consider artificial intelligence-enabled biometrics.
“While the need for security is greater than ever, the competitive e-commerce environment means merchants will need to ensure that extra security checks are justified to the user, or they risk higher cart abandonment rates,” white paper co-author Susan Morrow explained.
There are many other types of fraud, including identity fraud, account takeovers and botnets. Merchants need to be on the lookout for additional fraud, including friendly fraud, in which a cardholder denies making the purchase or receiving the items, and chargeback fraud, in which a chargeback request is made even though the goods have been received. Botnet fraud, in which bots use stolen payment and identity information to make fraudulent transactions, also is a concern.
Most concerning for merchants, according to the research, is something called “clean fraud.” Nearly impossible to detect without requesting additional information from the consumer, clean fraud is a sophisticated approach for cyberthieves. In these cases, the order and all identifying information are legitimate, although stolen.
A 2020 study by Pymnts found the addition of a simple “buy” button greatly improved the customer e-commerce experience. According to the survey, 76% of merchants used buy buttons in 2020. Banks reported a 70% increase in digital accounts, an 80% increase in mobile pay applications and a 30% increase in contactless payment transactions.
“Consumers not using buy buttons had an average checkout time of two minutes and 56 seconds, yet shoppers using buy buttons spent only one minute and 39 seconds at checkout. An extra step of requiring a profile to use a buy button has decreased in popularity among retailers offering the buy button in 2020,” the Pymnts’ study said.
“Clean fraud is very difficult to combat because there are no anomalies to detect. The only option is to ask more questions, but this introduces friction to the buying process,” the Juniper white paper said.
Juniper advises merchants to remember the human in the fraud process.
“What cannot be forgotten is that even with the best structures in place, cybercriminals continue to test the waters by using a mix of social and technical to circumvent exceptional anti-fraud measures,” it said. “The human in the middle of the payment life cycle must always take center stage, and clever measures to ensure customers are not tricked should be part of a wider anti-fraud program.”
Merchants, Juniper said, should look at increasing their security methods while balancing the customer experience.
“While merchants will be keen to reduce fraud rates from their current levels, they will be hesitant to introduce extra friction into the checkout process,” it said. “Clear messaging around security checks and automated behavioral analytics leveraging AI are key capabilities in preserving the user experience.”