White Paper

Understanding the modern retail fraud landscape

Fraud costs retailers more than 7.5 percent of their annual revenue, according to a 2016 report authored by research consulting firm Javelin Strategy & Research.1 While card fraud and chargeback management, or the processing of disputed credit card transactions, consume 14 to 23 percent of operating budget, false positives account for another 2.8 percent of lost revenues. Additionally, Card Not Present (CNP) fraud, where scammers use online payment channels to bypass face-to-face verification at the point-of-sale, will cost the global retail industry $71 billion over the next five years. In a new Juniper Research white paper, experts identified a confluence of factors, including the shift to EMV chip cards, delays in payment security upgrades and an uptick in click-and-collect (C&C) fraud, where customers purchase goods online but pick them up in-store, as primary drivers of this fraud pandemic.2

By 2021, Juniper also projects the U.S. and Asia will account for 80 percent of CNP fraud. In the U.S., financial research firm Aite Group predicts that EMV adoption will spark an online fraud spree similar to the 79-percent spike the UK experienced in its first three years of chip-card deployment nearly a decade ago.3 The retail industry’s apathy towards upgrading end-of-life, payment security infrastructure further compounds the problem. Specifically, many retailers have for years delayed the adoption of 3-D Secure 2.0 antifraud technology. According to Visa, 3-D Secure 2.0 applications create an “authentication data connection between digital merchants, payment networks and financial institutions to be able to analyze and share more intelligence about transactions.”4 Additionally, this Visa infographic says that the next iteration of 3-D Secure payment architecture factors 10 times more contextual data – like device signature, biometric indicators and payment history – to quantify fraud risk with enhanced accuracy.

Merchants should also look to supplement 3-D Secure 2.0 architecture with a front-end regulatory technology (regtech) solution that can filter cleaner and more curated customer data points into issuer-facing authentication systems. With better know-your-customer (KYC) identification processes, merchants will also be able to proactively identify risk to help mitigate chargeback and C&C fraud events. C&C fraud has become increasingly popular with so-called omnichannel scammers, or those who use both physical and digital channels to defraud, because merchants do not require customers to input their residential delivery address. Thus, omnichannel thieves exploit gaps in data collection to victimize honest merchants. In a retail market where 36 percent of U.S. online shoppers have a preference for ship-to-store transactions, according to the United Parcel Service,5 the normalcy of this purchasing behavior makes it easy for scammers to blend in with the crowd. But simple processes like driver’s license verification at the point of collection (POC) can ultimately improve loss-prevention for retailers.

But just like financial institutions fine-tuning their money laundering rules, broad industry trends alone cannot guide merchant fraud prevention. Before deploying a fraud counterstrategy, retailers must conduct thorough proprietary risk audits to determine their unique threat exposures. For example, a merchant that doesn’t allow in-store pickup of goods will have zero exposure to C&C risk. Alternately, an e-commerce merchant that hosts high volumes of airline payment transactions will likely have more exposure to chargeback fraud.6 Thus, retailers need to review their proprietary fraud reports to understand the typologies, geographies, email addresses, physical addresses and other contextual data points that collectively reveal their vulnerabilities.

In a flourishing retail-cyberfraud market, merchants stand to lose billions if they continue to neglect security. To mitigate retail exposure to online fraud, the ecosystem should explore the following best practices:

  • Upgrade payment security technology
  • Reevaluate ship-to-store verification practices
  • Improve chargeback management

While these recommendations are not a guaranteed solution to eradicate fraud, they offer a proven path to mitigating risk and improving revenue performance.

Invest in 3D 2.0 Secure and Regtech

Javelin’s 2017 report found a 40 percent increase in CNP fraud last year.5 This surge is the by-product of scammers trying to extract every last drop of value from non-EMV-chip-secured cards before consumer markets achieve mass adoption. Further, with chargeback rates rising at a rate of 20 percent per year and friendly fraud – where consumers mistakenly (or deliberately) dispute transactions while keeping the sold items – increasing at a clip of 41 percent, according to anti-fraud vendor Chargebacks911,7 merchant revenues are under siege. In this risk environment, retailers need to develop better methods for authenticating their online shoppers, in addition to those who apply for merchant credit cards in-store. The latter risk consideration speaks to a 20 percent spike in New Account Fraud (NAF), where scammers open credit accounts using stolen or synthetic identities.

But 3D 2.0 Secure payment protocols that scan nontraditional, contextual data, combined with a front-end KYC solution that feeds highly curated data into this 3D stream, can save merchants millions in fraud losses. According to Juniper Research’s technical experts, 3D 2.0 Secure authentication is “performed by the Access Control Server (ACS) in the issuer domain.” But merchants can further bolster their fraud defenses by layering a front-end, KYC regtech application over new 3D Secure architectures.

A best-in-class public records solution will offer merchants a wide universe of traditional and alternative data identifiers in real time from trusted record sources. Retailers should qualify vendors based on the volume of their data samples, the depth of their algorithmic analyses, the speed at which they update records and the quality/accuracy of their data providers. The combination of 3D 2.0 security and a front-end, KYC authentication tool will reduce fraud, mitigate false positive rates, and provide a smoother and more seamless experience for both online and in-store consumers.

Get smart about C&C scams

In the rush to please customers and deliver a frictionless customer experience, many retailers have deserted sound risk management practices. Seeing as over a third of the online shopping market likes to buy digitally but collect purchased items in-person, retailers have blindly moved to accommodate consumer demand. Recognizing emerging threats, some retailers, like Tesco in the UK, have responded by pricing in a risk premium into C&C transactions, resulting in an additional £2-charge much to consumers’ chagrin.8 This is the cost of fraud: scammers pilfer revenues, forcing merchants to pass their losses onto end-customers.

But merchants don’t have to raise prices and risk alienating their customer base. According to Riskified, retailers can still keep customers happy and achieve growth targets by collecting and analyzing alternative data like device signature, “the device location, and the customer’s activity on the retailer’s website or mobile app.” Additionally, the article recommends a modern machine learning solution that is able to process all of these data points, and cautions against resource-intensive manual reviews unless the merchant’s service level agreement (SLA) is compromised. Relying too much on manual review can delay transactions and jeopardize customer experience.

Get tougher on chargebacks

U.S. banks will process $5.6 billion worth of credit card chargebacks this year.9 In fact, according to Bloomberg, “It’s Easier than Ever to Dispute a Credit Card Charge.” While card issuers and banks traditionally suffered the brunt of chargeback liability, things changed in 2015 when EMV chip card adoption caused a payment network policy shift that reassessed chargeback liability onto merchants, particularly those that have not implemented chip-reading technology. The upshot: a significant portion of the $5+ billion in credit card refunds this year will adversely affect retail revenues.

In the chargeback landscape, friendly fraud is of particular concern. Studies have shown that “50 percent of the cardholders who file a friendly fraud chargeback and get away with it, will do it again within 90 days.”7 Additionally, statistics indicate that women comprise 80 percent of all chargebacks. The most exposed retailers are those that conduct business through online storefronts or mobile apps, and those who sell primarily to women. Further, according to PaymentsSource.com, the highest chargeback risk subcategories include: airline (49 percent), money transfer (17 percent), electronics (14 percent), general retail (10 percent), and clothing (5 percent).6

In the age of disgruntled Yelp reviewers, it is understandable that retailers want to keep their customers happy and their reputations intact. But this prevailing attitude of consumer entitlement presents major operational problems for merchants. To mitigate the threat of illegitimate chargebacks, retailers should cross-reference disputed charges with the following transaction data: invoice copy, transaction receipt, AVS/CVV match, delivery confirmation (tangible products), proof of product usage (digital goods), and IP Address (matching location of billing address).6 By leveraging alternative data and enforcing a higher standard for verifying the authenticity of refund requests, merchants can improve loss prevention and provide a better experience to legitimate customers.

Take a risk-based approach

Depending on what they sell, the channels where they transact and the customer lines they service, each merchant’s fraud exposure is different. This white paper has outlined broad industry trends and advised readers on the perils of CNP, C&C and friendly fraud risks. The key is for retailers to educate themselves about the broad threat environment and see how their unique fraud exposures fit within the broader macrocosm of risk. Once they have run the numbers, ideally using an AI-enabled or sophisticated risk analytics tool, the data should reveal business intelligence that can better guide and inform the allocation of antifraud resources and budget.

After a risk framework has been established, retailers need to invest in leading-edge 3D 2.0 Secure payment architecture and augment issuer-side authentication protocols with a front-end, buyer-verification tool. The migration to next-generation payment security technology may seem like an onerous operating expense, but Juniper and other experts agree that investment in fraud detection and prevention will generate more value for merchants in the long run.