Ecommerce fraud to merchants could exceed $48bn globally in 2023, from just over $41bn in 2022, accelerated by the increasing use of alternative payment methods, such as digital wallets and BNPL, which are creating new fraud risks.
According to data from Juniper Research, online payment fraud includes losses across the sales of digital goods, physical goods, money transfer transactions and banking, as well as purchases like airline ticketing. Fraudster attacks can include phishing, business email compromises and socially engineered fraud.
Of particular concern is BNPL. Given the delayed nature of BNPL payments, fraudsters can make several illegitimate payments using stolen card details before the fraudulent activity is identified, creating significant risk. In turn, the research recommended that BNPL vendors conduct robust identity verification at the point of onboarding to mitigate these risks.
Geographicall, the research identifies North America as having the largest fraudulent transaction value of any regional market, accounting for more than 42% of global fraud by value in 2023, despite representing less than 7% of banked individuals globally.
The research cited the vast volume of data breaches and the broad availability of stolen credit card information as the key risk factors in this market.
The research recommended that fraud prevention vendors focus on building platforms providing AI-powered risk-based scoring, which can be payment method agnostic, to best suit changing market conditions.
Research author Nick Maynard explained: “To combat this fraud, eCommerce merchants must implement simple steps such as address verification, combined with risk-based scoring on transactions, which will allow merchants to best mitigate the massive fraud threats present.”
Returns fraud as a service grows
While retailers are tackling payment fraud for online and BNPL orders, hackers are already turning their attention elsewhere: to returns.
Cybercrime’s continued shift to a service-driven economy has enabled several new professionalised hacking services with Refund Fraud-as-a-Service being one of the latest to rise in popularity over the last few years.
This is according to Netacea’s latest threat report which researched rising trends across a multitude of hacking forums.
Refund fraud is the abuse of refund policies for financial gain and costs e-commerce businesses more than $25 billion every year. Those interested in committing refund fraud can outsource the process to professional social engineers offering Refund-as-a-Service.
This poses a significant challenge to retailers, as previously legitimate customers can enlist highly experienced fraudsters to perpetrate this fraud on their behalf, making it difficult to identify fraudulent activity. As online shopping continues its upward trend, professional fraudsters will look to cash in on the opportunity.
Netacea’s research also found that more than 540 new refund fraud service adverts were identified in the first three quarters of 2022 and that refund fraud services increased by almost 150% from 2019 – 2021.
“As shown in the rise of ransomware-as-a-service attacks, cybercriminals have shifted to a service-based economy — and refund fraud is no exception” explains Cyril Noel-Tagoe, Principal Security Researcher, Netacea. “As we approach Black Friday and the holiday season, e-commerce stores should take the necessary steps to reduce their risk of refund fraud including educating employees on the methods and tactics fraudsters take.”
According to Noel-Tagoe, there are steps that can be taken to combat this. He says that ecommerce stores and delivery carriers should work together to look for patterns in their data sets that may indicate fraudulent activity. In the instance that an e-commerce store identifies the claim to be fraudulent after a refund payment has been made, the store should rebill the customer’s account. An influx of rebill complaints from customers may cause the refund fraud service to drop the retailer from their store list, to avoid negative reviews.
Delivery carriers should replace or complement signatures with one-time passwords to prevent refund fraudsters from claiming that packages did not arrive.