ETA Expert Insights: The Rising Threat of Online Fraud: How Merchants Can Improve Security in a COVID-Impacted World
By Greg Leos, SVP, Corporate Enterprise Payments, Fiserv
Member of the ETA Risk, Fraud & Security Committee
Before the pandemic, the growth in online shopping had already been skyrocketing. But since the arrival of COVID-19, that trend has only accelerated further. According to the U.S. Department of Commerce, U.S. ecommerce sales grew more than 30 percent between the first and second quarter of 2020. CNBC reports that consumers spent $211.5 billion online during the second quarter. They further stated that ecommerce now accounts for a little over 16 percent of all U.S. sales, up from nearly 12 percent in the first quarter.
Of course, with this large surge in online shopping has come an equally large surge of online fraudsters looking to illicitly capture data for potentially criminal activities. These fraudsters are looking for vulnerabilities that will allow them to steal personally identifiable information (PII) from merchants about their customers. Payment information, home address, account name, email address, birthdate and passwords are just some of the PII that are highly sought after by criminals. Once armed with this information, fraudsters can repurpose it to impersonate a legitimate customer, create synthetic identities, or takeover accounts in order to open credit cards, apply for loans, or any number of other fraudulent activities.
Because of the massive scale of the info that they steal, the folks who obtain PII typically don’t turn around and use it. More often they sell it on the dark web, where 60% of the information for sale can damage a business. Those who buy PII turn the info into fake cards, bogus accounts, etc.
Recent research has found that losses related to identity theft and fraud have increased 15 percent, which ultimately results in higher costs for consumers and merchants. The same research firm revealed that as of a few years ago, as many as 1.5 million consumers have had their PII stolen and used to create fraudulent accounts. This problem is widespread and growing. Experian’s 2020 Global Identity and Fraud Report showed that 57 percent of businesses report higher fraud losses associated with account opening and account takeover.
All of this data highlights an obvious conclusion – merchants need to take steps to help protect themselves and their customers from the threat of online fraud.
Trust Is Key to Customer Retention
In addition to the potential monetary losses from data theft – which IBM estimates to be an average of $233 per breach – merchants also risk damage to business reputation and a loss of customer trust. Market data shows that 40 percent of consumers would not continue to do business with merchants who they felt were irresponsible with data collection and storage.
A merchant’s ability to protect PII data can be a key differentiator with consumers when it comes to deciding what businesses they trust for online purchases. This puts the onus on merchants to do everything possible to keep PII out of the hands of cybercriminals, while at the same time helping to prevent financial loss.
Basic Payment Fraud Mitigation Measures
Electronic payments in and of themselves are more secure than cash or checks by their very digital nature, but merchants can take additional steps to ensure the safety of payments and accompanying PII data. The Electronic Transaction Association (ETA), which provides its members with recommended tools to help mitigate merchant risk in the U.S. card acceptance ecosystem, offers the following suggestions for mitigating fraud risk.
Merchants should consider utilizing tokenization and encryption technologies, as well as ensure payment partners offer the latest authentication methods to protect consumer transaction data:
- Tokenization – By substituting card account numbers for a unique numerical sequence for merchant transactions and record storage, even if fraudsters are able to access sensitive data, it is essentially useless to them. Tokens are only valid for a specific transaction, dramatically improving the security of the transaction and accompanying data.
- End-to-End Encryption – Encryption technology that safeguards vital card data from the point-of-purchase, all the way through to authorization is key to reducing the risk of fraudsters gaining access to transaction data during the online purchase process. End-to-end encryption can close gaps in security to better protect PII and other sensitive information.
- Next-gen Authentication – While merchants themselves can’t directly offer consumers the latest authentication technology, payment partners can. Biometrics, such as face, fingerprint and voice matching technologies increasingly are being used to authenticate a customer’s identity prior to completion of a transaction. In addition to reducing the threat from fraud, these next-gen authentication techniques simplify mobile checkout and dramatically improve the customer experience. Merchants should consider the availability of these technologies when selecting a payment partner.
The Importance of a Multi-Layered Approach to Fraud Prevention
To protect transaction data, merchants would be well-served to take a multi-layered approach to fraud mitigation. Creating several barriers to entry is the only way to keep fraudsters away from sensitive customer data. Also, by putting the aforementioned basic measures in place to protect transactions and associated PII data, merchants will be able to comply with a complex set of government regulations that have been established to ensure the safety of credit and debit payments. Failure to comply can result in fines or even the loss of a merchant account with a payment processor. Merchants should work closely with merchant acquirer partners, agents and representatives for guidance on how to ensure compliance with payment industry standards, such as ETA guidelines.
Staving off the persistent threat of online fraud requires having financial technology partners that understand how emerging threats are developing and use the latest approaches to mitigate cyberattacks before they ever begin. Preventing fraud is critical for merchants, not only to avoid monetary loses, but also to protect hard earned business reputation and maintain consumer trust, which is vital for customer retention and the ability to attract new customers as well in today’s highly competitive online marketplace.
Learn more. A recent Fiserv webinar, New Age Fraud Mitigation in a Transformative Environment, highlights how you can stay informed on shifting fraud techniques.