Tips for adapting to COVID-related fraud trends

May 29, 2020
9 min
Mark Strachan
Mark Strachan
Cybersource | Managed Risk Principal

COVID-19 has created an ever-changing payments landscape that’s caused unique fraud trends to emerge. Our Managed Risk Analysts share the latest trends you should be aware of and break down how you can adapt your risk management strategy during these turbulent times.

Long-term implications of COVID-19 phishing scams

The increase in phishing related scams will have long-term implications on account takeover fraud and identity theft. For example, many emails and sites have popped up claiming to be from the World Health Organization or promising to help with timely topics like airlines refunds and early stimulus payments. The FBI have been closing hundreds of these phishing scams throughout the pandemic1. A large proportion of these sites contain malware or encourage the end user to download fake apps. Many fraudsters are on lockdown themselves and will wait until to utilize their newly stolen data. This could result in a sudden wave of account takeover fraud once the lockdowns are lifted later in the year.

Recommendation: Ensure that you have a fraud management strategy, not only for payments, but also for your customer accounts. This is where a tool like Cybersource’s Account Takeover Protection comes into play. With Account Takeover Protection, you can collect unique fraud information for registered accounts and integrate it into your fraud screening process. For example, you could use Account Takeover Protection in conjunction with internal data that tracks the number of days since the shipping address has changed.

Economic turmoil leads to more friendly fraud disputes 

Historical periods of economic turmoil have led to greater spikes in friendly fraud. So during this period, proactively and openly communicating refund time frames will be crucial in terms of reducing disputes. Wardrobing fraud is likely to increase as customers who traditionally performed in-store returns will now make returns through online channels.

Recommendation: Tools and services such as Verifi’s CDRN (Cardholder Dispute Resolution Network) could be a potential solution in this scenario. Verifi Dispute resolution will streamline the refund process for customers, allowing businesses to resolve these disputes before they are formally escalated. Merchants should ensure they provide clear time frames for when refunds will be reflected on the customer’s statement.

Sudden move to online purchases increases account origination fraud

We’ve seen a surge of new accounts opening at the same time. Most fraud rules will focus around newly created accounts. This has opened the door for account origination fraud. Fraudsters love to hide in plain sight. The influx in newly created accounts allows these orders to potentially go undetected.

Recommendation: Adding additional data resources, such as Emailage and Ekata data points, can help significantly decrease fraudulent transactions during this period. Consider being proactive about getting a secondary email or mobile phone number to help confirm your customers account creation. If possible, utilize a fraud provider who can perform positive behavior analysis across their global network of clients.

Trends specific to the shipping and delivery of goods

As more customers move online, the shipment of goods has become a target for fraudsters. Our Managed Risk Analysts share the latest trends you should be aware of and break down how you can adapt your risk management strategy during these turbulent times.

The unfortunate reality of contactless deliveries

Most delivery businesses now support contactless deliveries to protect both their couriers and their customers. Delivery companies will no longer request a signature for deliveries. This will most likely lead to an increase in ‘good not received' disputes.

Recommendation: Ask delivery couriers to take a photo as proof of delivery to help defend against ‘goods not received’ claims. In addition, Cybersource’s fraud management platform Decision Manager supports payer authentication which provides chargeback liability for authenticated orders and can be utilized during periods when proof of delivery cannot be obtained.

Fraudsters claiming to be in self-Isolation

Fraudsters have started to manipulate their shipping address on the checkout page to claim they are in self isolation. Couriers then place packages outside of the house without making contact. Some fraudsters have started shipping to unoccupied houses or new buildings, and then collecting the packages once they’ve been left outside.

Recommendation: Monitor generic messages included in shipping details and track them in Decision Manager. 

Shipping delays spark increase in fraud for digital commerce

Longer shipping windows provide companies with a better chance to intercept orders identified as fraudulent. As a result, fraudsters are turning to digital commerce, especially for downloadable content, e-gift cards and digital currencies.

Recommendation: Deploy device fingerprinting technology on the checkout page and ensure you have a bespoke fraud strategy for any digital products you sell on your website.

Trends unique to the retail and airline industries

In certain industries, genuine customers and resellers have begun deploying techniques typically reserved for fraudsters. Our Managed Risk Analysts share the latest trends you should be aware of and break down how you can effectively adapt your risk management strategy during these turbulent times.

Genuine customers embrace techniques reserved by fraudsters

COVID-19 has created a high-demand for pharmaceuticals, food deliveries and household cleaning products. As a result, many companies have created product restrictions limiting how much a single customer can buy. To avoid these restrictions, genuine customers have started registering multiple new accounts, masking their IP address and suppressing device fingerprints. Naturally, merchants are reluctant to block these customers.

Recommendation: Create a ‘grey list’ for customers engaging in this type of activity. These customers should not be blocked; however proactive messaging should be provided explaining that restrictions are in place to ensure at-risk customers can still have access to essential products during the pandemic.

Resellers start ‘panic buying’

In addition to genuine customers, resellers are also flooding online sites. Many resellers are betting on upcoming product restrictions or sites becoming temporarily closed. These orders will often utilize only a handful of freight forwarders within the region or country. This has caused excessive review rates for certain merchants, many of whom are currently short staffed and don’t have resources to review unnecessary orders.

Recommendation: Get creative and use Decision Manager rule settings to limit purchases for in-demand items, so you can manage your eCommerce inventories.

Skepticism around airline vouchers spikes rise in friendly fraud

Many airlines are issuing vouchers rather than directly refunding a customer’s credit card. However, customers are avoiding accepting vouchers because they fear certain airlines may become bankrupt, they have a reluctance to fly again or they may need the credit.

Recommendation: Vouchers will appeal to fraudsters, and we recommend that merchants collect additional information before they’re are issued.

Get started

To get started with Cybersource fraud and risk management tools, reach out to our sales team. If you’re already using our solutions, consider enlisting the help of our Managed Risk Analysts. Our global team of experts can help you design, implement and maintain a fraud management strategy for these unprecedented times.


1Yaron Steinbuch, “Coronavirus cyber-scams are being shut down by the hundreds,” New York Post, April 22, 2020,