When COVID-19 stay-at-home orders and social distancing measures came into effect, increased numbers of consumers quickly moved to online shopping and payments services. As a result, transaction-level e-commerce fraud also increased along with the millions of global vendors/merchants scrambling to take their businesses online. Onboarding merchants became a huge task for acquirers and payment processors, not just because of the volume of onboarding but also because of the need to ensure merchants were valid and not fraudsters looking to score. Payments fraud prevention took on new urgency around the globe.

The pandemic caused a digital shift, increasing payments fraud

The dramatic shift in online payments for small- and medium-sized enterprises (SMEs) extended beyond fashion, household products and grocery purchases. Healthcare, professional services and education moved to digital/online payments, according to The 2020 McKinsey Global Payments Report.

“Just as importantly, merchants also face higher decline and fraud rates on digital transactions, with ramifications for customer experience,” the report says, increasing merchants’ risks of losing legitimate sales.

Some SMEs turned to merchant sites like Etsy, Amazon, Shopify and eBay, which saw increased signups of 70 to 150 percent in 2020, according to McKinsey. This transition drove up the costs of the items being sold, as merchants who had previously sold directly to their customers, whether in person or online, had to increase their prices to cover the costs of using large seller sites.

Of the $6.9 billion in online sales in 2019, 38 percent were via merchant sites, while 62 percent were via the sellers’ own proprietary sites. With the dramatic shift since COVID, McKinsey forecasts online sales to be $15.3 billion by 2023, split 60/40 percent in favor of merchant sites.

Regardless of the platform used, acquirers and merchants were suddenly inundated with huge transaction volumes, making it more difficult to detect payments fraud.

E-commerce spending trends during the pandemic

$52B of incremental spending on e-commerce channels in US during April/May 2020

E-commerce comprised approximately 11 percent of U.S. retail sales in 2019. By the spring of 2020, online retail had increased $53 billion, or 22 percent, totalling $93 billion, according to Mastercard SpendingPulse™. In the U.K., online sales reached 33 percent of total retail for the same period.

So what were housebound people buying? The greatest growth was in groceries, but interior furnishings and home renovations reflected how people were living and working during the pandemic. Home improvement product sales increased (149 percent YoY), footwear (64 percent), apparel (41 percent) and auto parts (27 percent). Interestingly, jewelry sales were down 33 percent.

Mastercard® noted that as shortages occurred, consumers opted to stock up on items like paper goods by ordering in bulk from online discount stores.

SpendingPulse also reported that consumers are developing expectations of omni-channel shopping experiences and predicts the demand will remain for the foreseeable future.

According to NuData, e-commerce purchases continue to grow in 2021, up 51 percent for the first half of 2021 compared to the same period in 2020. NuData also reports in its H1 2021: Fraud Risk at a Glance that the use of money transfers also increased 16 percent, indicating that consumers wish to keep the convenience of online banking.

NuData, a Mastercard company, draws its research from the 100 million accounts it protects monthly and over 650 billion data points processed annually. NuData’s analysis of e-commerce fraud spans an entire global payment network.

How the digital shift increased transaction-level, e-commerce and CNP fraud

Annual fraud losses to e-commerce are estimated to be in the tens of millions of U.S. dollars for acquirers. Juniper Research estimates that global e-commerce fraud will rise in 2021, from $17.5 billion in 2020 to over $21 billion this year, an increase of 18 percent. Juniper analysts report that fraudsters are targeting e-commerce users, exposing merchants who are new to the online ecosystem and unprepared for transaction-level fraud. In North America alone, that comes to approximately $9 billion.

NuData’s research reveals the world has evolved into a hybrid of online and in-person experiences. And as commerce evolves, so does fraud.

With more legitimate online activity, fraudsters doubled their efforts to obtain users’ personal information. NuData reports a 54 percent increase in card cycling – a method for testing stolen payment credentials – which shows scammers are succeeding.

Card-not-present (CNP) fraud rates have risen 44 percent since 2019 and are expected to exceed $8 billion by 2022. The data shows that valid credentials used in cyber attacks increased to 10 percent in the first half of 2021 compared to 2 percent in 2020. This high level of success for CNP fraud poses a threat to merchants and acquirers alike.

From transactional fraud to chargebacks

With COVID-19 fueling more credit card use, transaction-level fraud will continue to grow, say analysts.

“What happens in every economic downturn is that the attacks start to become more successful,” warned Julie Fergerson, CEO of Merchant Risk Council. “So over the next two to three years, I fully expect credit card fraud numbers to increase in a pretty meaningful way.”

Transaction-level fraud can be loosely grouped into three categories:

  • Unauthorized/stolen credentials: Fraudsters use stolen payment credentials to purchase goods, which may be delivered to an offsite address allowing fraudsters to sell them for cash.
  • Friendly fraud: Customers accidentally make online purchases for products or services with their credit card, then contact their credit card issuer to dispute the charge. An example of friendly fraud is a parent’s card being saved on file on a child’s gaming system.
  • Chargebacks: Chargeback fraud occurs when consumers intentionally dispute legitimate purchases in order to retain both the goods or services purchased and the transaction amount. In 2020, acquirers paid an estimated $6.4 billion to protect their U.S. merchants.

The need to mitigate merchant risk during onboarding and for merchant fraud

As acquirers needed to quickly onboard thousands of new merchants while ensuring they were dealing with legitimate businesses, they became open to greater risk.

Acquirers mitigate merchant risk by ensuring viability during onboarding. The process provides insights to help identify the merchant’s credit risk and to develop decline management strategies. These insights also create a baseline for future behavioral changes that may indicate fraud or collusion.

Acquirers can’t ignore proper onboarding protocols. During rapid growth, the Aite-Novarica Group says, merchant onboarding best practices are even more relevant. Pre-screening, identify validation, a history check and review of the business model, analysis of the merchant’s web presence, confirming compliance with card network security and a credit risk assessment should all be completed before granting payment accounts. These thorough steps reduce the chances of risky or fraudulent merchant behavior, such as:

  • Transaction batch and credit abuse: The merchant submits all transactions at once to bury a fraudulent transaction.
  • Bust out fraud: A merchant applies for a merchant account without any intention of operating a legitimate business. These accounts are used to process transactions with stolen credit cards, set up online stores but never fulfill paid orders, or run up debt with banks that will never be repaid.
  • Identity swap fraud: Individuals on the anti-money laundering/anti-terrorist funding (AML/ATF) watch list cannot open merchant accounts, so they use fake or stolen identities to set up online retail sites to bypass AML laws.
  • Transaction laundering (factoring or collusion): The merchant processes unapproved or illegal transactions, potentially for a third party for a fee.

The problem is that current technology isn’t providing enough insight or have the prediction capabilities to predict potentially risky behavioral changes.

Payments fraud prevention solutions are not all alike

Many acquirers and payment processors have invested in payments fraud prevention solutions yet are still experiencing growing fraud rates. What gives? It may be that their solution can’t track evolving behavior change and increased demand for scalability.

In the acquiring world, fraud detection is still often done by rules-based solutions that are built following manual analysis of fraud patterns, reports Aite-Novarica. The challenge is that rules can’t keep up with evolving behavior changes and only have the ability to react to fraud. This results in a high false-positive rate and a solution that is easily circumvented by fraudsters.

Artificial intelligence (AI) excels in CNP fraud prevention and e-commerce fraud prevention solutions. Advanced AI uses both supervised and unsupervised machine learning tools to develop scores based on observed behavior patterns. AI can create assumptions and warn acquirers of fraud before it happens, reducing false positives for legitimate sales.

This flexibility applies to e-commerce sales, payment services and other types of transactional fraud as well as merchant fraud. The source of fraud takes a backseat to the presented data that shows anomalous behaviors and buying patterns. In other words, the machine learning model scores the data based on whether or not the transaction is likely fraudulent.

How Brighterion’s AI prevents payments fraud across Mastercard’s ecosystem

AI keeps Mastercard servers running and transaction routing optimized. With a response time under 10 milliseconds and networks operating 99.9999% of the time, this extraordinary scalability enables Mastercard to process over 100 billion transactions a year.

This capability is achieved through a technology stack using a distributed file system. This architecture means there is no single point of failure – preventing expensive downtime – and boundless scalability. Brighterion’s customers report 10 to 20 times fewer false positives and increased detection rates of two to four times.

The world’s largest payment processing firm, Worldpay, is one of thousands of organizations using Brighterion AI around the globe.

According to Ian Belsham, Worldpay’s Global Head of Transaction Monitoring, when they started using Brighterion’s AI, Worldpay achieved “astronomical” results and changed the way they do business. Both scalable and accurate, the solution enables 30 percent more transactions, 20 times fewer false positives, 25 times fewer daily alerts, and three times greater fraud detection.

E-commerce is here to stay

The statistics show that increased online transactions and payments are here to stay. While this global shift was spurred by the COVID-19 pandemic, consumers seem to appreciate the convenience these services offer.

Of course, that opens new opportunities for payments fraud and merchant fraud, crimes that have always been on the radar for merchant acquirers and payment processors. Using advanced AI with real-time scoring and high degrees of accuracy enables organizations to process transactions with increased confidence.

Learn more about how AI and ML can benefit the acquiring industry by downloading Aite-Novarica’s white paper Leveraging AI to mitigate fraud in the acquiring ecosystem.