Top five fraud management learnings from 2020 peak season

February 01, 2021
3 minute read
Mark Strachan
Mark Strachan
Cybersource | Managed Risk Principal

Recent experience teaches us that fraud strategies must be agile enough to help a business react quickly to new challenges and opportunities. Learn about five key fraud management business takeaways from peak holiday shopping season 2020, and uncover three priorities for the year ahead.

Top five fraud management learnings from the 2020 holiday season

Last year's peak season capped an extraordinary year during which businesses had to adapt their fraud management strategies as the pandemic drove changes in customer and fraudster behavior. Here are five key learnings from the 2020 peak holiday shopping season:

1. Creating a frictionless customer experience

Businesses made huge efforts to remove friction from the customer experience. Features like mobile point of sale (POS), contactless delivery and pickup, and voice-based purchasing make shopping seamless for customers, but removing traditional barriers can also help fraudsters slip through the net. To keep shopping channels open and protect genuine customers, merchants need to understand the potential risks of low-friction experiences, and adjust their fraud strategies accordingly.

2. Regulating consumer data privacy

Regulations assure consumer data privacy, but people who want more control themselves adopted tokenized email addresses, virtual cards, and numberless credit cards. All can pose challenges for fraud screening by limiting the usefulness of some verification techniques—so fraudsters use them, too. Ideally, merchants should set fraud screening rules to send these transactions for manual review.

3. Growth of hacking and data breaches

We saw growth in news articles related to ransomware attacks, which takes eCommerce channels offline and puts businesses in a catch-22 situation—pay the fraudster to get the data back, or pay the fine for the data breach? To ensure sensitive payment data isn't vulnerable in the event of attacks and breaches, businesses should consider removing it from their networks using a tokenization service.

4. Evolving fraud technologies

To circumvent eCommerce website controls, fraudsters came up with new tools and techniques, like automated AI-driven bots that can bypass Captcha (form technology that verifies a user is human) and mimic human activity on checkout pages. Fraudsters also developed new tech for scamming consumers, such as fake chatbots that harvest personal and card data, and rogue mobile apps loaded with malware that compromise devices.

5. Changing consumer mentality

Last year saw more friendly fraud—for reasons ranging from buyer's remorse to slow refunds—leading to an increase in chargebacks. There was also a spike in promo code abuse, as consumers created multiple accounts on an eCommerce website to get discounts reserved for new customers.

To avoid blocking too many otherwise genuine customers, businesses should rethink their approach to negative lists. Having access to more data—from reason codes to behavioral analytics—can help here.

Three things on the radar for 2021

PSD2 SCA-related fraud

As SCA (Secure Customer Authentication) comes into force, we expect a rise in SIM cards (Subscriber Identity Module used in mobile phones) swaps for fraudulent access to one-time passwords. Fraud may even migrate to the MOTO (mail order/telephone order) channel to avoid two-factor authentication. And because one-leg-out (OLO) transactions are also out of scope for SCA, we could see more fraudulent use of non-EEA cards. Businessess should adapt their tools and resources to enable close monitoring of MOTO and OLO transactions.

The impact of Brexit 

The potential for shipping delays may see businesses experience more friendly fraud. Cross-border fraud may drop, while domestic fraud may rise, so merchants should keep an eye on ratios and adjust resourcing accordingly. And as with any new situation, fraudsters will look to exploit it, which could mean a surge in Brexit-themed phishing attacks.

COVID-19 fraud management

Fraudsters will doubtless refine last year's pandemic-related fraud playbooks, tools and techniques, requiring businesses to keep pace by adapting their fraud management approaches. Recent experience teaches us that fraud strategies must be agile enough to help a business react quickly to new challenges and opportunities. To learn more, download our guide to building more flexible fraud strategies