by Jeff Wixted, VP of Client Solutions and Marketing at Accertify
As the world is adjusting to the COVID-19 pandemic, many businesses are working to shift strategies and adapt to their customers’ changing needs.
Since Accertify’s inception in 2008, we have witnessed how cybercriminals can exploit major health outbreaks and natural disasters to prey on distracted or unsuspecting victims. So, while businesses are diligently working to protect the health and safety of their employees and customers from COVID-19, criminals are looking for ways to profit.
As a result, businesses need to remain vigilant to the ways the COVID-19 outbreak can impact their brand reputation and trust with customers, and equally protect against financial losses.
We’ve observed three fraud trends that are on the rise. Here are some recommendations for how businesses can proactively manage these risks.
Fraud targeted at mobile order and buy online, pick-up in store (BOPIS): Many cities across the globe now have regulations in place requiring certain businesses to only offer in-store pickup, curbside pickup, or delivery of their goods. In fact, a survey of 1,000 U.S. consumers by American Express in early April showed that consumers are significantly more likely (+16%) to purchase online or by app for curb-side pickup, vs. before the Covid-19 outbreak. Since curbside and in-store pickup are new to many businesses, fraudsters are looking to take advantage of the lack of training and awareness. A risk is that fraudsters pretending to be legitimate customers could steal orders. Normal signs of a fraudulent customer may be more common in this environment, such as unusually irritated customers, those demanding the products even if the order has not yet been fully processed in the system, or shoppers wanting to minimize contact with the store workers.
Advice for businesses: It’s imperative to set controls around how long a customer has from the time of placing the order to the time of picking up the order. This timeframe will be different by industry and business, but it’s an important balance to allow for fulfillment of the order and let legitimate customers to quickly get the items they need, while also allowing for transactions to filter through the company’s fraud tools. It’s also important that staff be trained on how to accurately check for the identity of a customer. Many businesses are also adding new forms of protection. For example, for orders placed in advance through an app, some companies are providing a way for customers to verify their identity through their in-app account when they are on site at the store. Other companies are adding a verification field for the type of car or license plate that will be picking up an order, which can particularly help with curbside pickup. Businesses need to set up their BPOIS strategy accordingly, so they do not turn away good customers but also don’t open themselves to additional fraud risk during this time when every sale counts.
Bulk Purchasing with the Intent to Re-Sell. As people are self-quarantined and many stores are closed, there has been a significant increase in bulk purchasing online. Many of these bulk purchases are legitimate for large families or facilities that are looking for a new way to purchase supplies, while others may be malicious, with the intent to re-sell bulk goods at a profit. Compounding the issue is that many companies have their fraud investigation teams working from home with possibly limited capabilities, making it even more challenging to recognize which customers are legitimate vs. fraudsters. For example, normal behaviors for valid customers may shift at this time. Valid customers may transact at hours atypical for them, they may use different devices than normal, and they may make larger transactions.
Advice for businesses: Make sure you can effectively identify fraudsters who are using online channels to hoard purchase and re-sell goods in bulk. We’ve all seen the impact of sales on items like toilet paper. Companies should be considering how to put appropriate limits on the quantity of each item that can be purchased, and continually adjust the strategy based on new fraud patterns. For example, fraud monitoring can identify which items are at a tipping point for the next phase of demand – perhaps hair dye or meat – and help businesses determine the right way to manage purchase limits on these items. Fraud programs should also be able to recognize customers making multiple purchasing attempts and help verify legitimate customers, even when they are buying larger-than-usual quantities of essential items.
Phishing Attacks. In our experience, whenever there is a tragedy or major event impacting the world, an increase in phishing attempts follows – and COVID-19 has been no exception. These attempts can range from enticing consumers to click on a link that installs malware/ransomware, to getting consumers to donate to what looks like a charity but is instead a fake site set up to obtain their payment details. Fraudsters use malware to capture data, such as username and passwords, from a variety of merchant sites. From there, this data is then sold on the dark web, and fraudsters may use the information to take over consumer accounts.
Advice for businesses: Ensure you have a fraud program in place that verifies who your consumers are, and that they are using their own accounts. Fraud programs should verify that basic data, such as where the purchase is being made, the language settings, and time zone, are all accurate to the customer’s account. And, in this day and age, a more robust program may also be necessary to ensure that your customers’ store and loyalty accounts are not compromised.
Because fraudsters look to exploit vulnerable situations, it is important for businesses to be aware and understand potential risks. Don’t let the chaos of this unprecedented crisis take away from serving and protecting your customers.
About the author:
Jeff Wixted is the Vice President of Client Solutions and Marketing at Accertify, an American Express company focused on fraud prevention, detection and management. Jeff is a subject matter expert on card-not-present fraud and has spoken at industry forums and conferences around the world.