The Changing Face of Fraud:

Accertify’s Annual Merchant Survey Results 2021

Merchants Must Consider Their Options And Make Investments As They Battle Evolving Fraud Threats

The Changing Face Of Fraud: Accertify’s Annual Merchant Survey Results

While fraud has been a threat for merchants long before the arrival of COVID-19, the rate of fraudulent activity has increased dramatically since the onset of the pandemic. According to Norton, a record-breaking collection of more than 1.4 billion stolen records has been discovered on the dark web last year alone1. In the past two years, fraud has cost businesses roughly $42 billion worldwide2. These increases have come about despite the attention and resources merchants have focused on processes and technologies designed to detect and deter cybercriminal behavior.

According to a survey commissioned by Accertify and conducted by Arizent Research/PaymentsSource, more than 8 in 10 merchants (84%)* have experienced an increase in fraud over the past year. As organizations have continued to implement defenses, criminals have become more sophisticated, causing organizations to become increasingly concerned about a broader array of fraud types. Finding and implementing the best technologies and processes to deal with these evolving threats will be a critical task for merchants in the coming months and years.

*Source: Arizent Research/PaymentsSource, December 2020/January 2021

Figure 1: Fraud Types Concerned About/
Increased The Most

Cybercriminals Expand Their Reach

For many companies, payment fraud has been an ongoing concern for some time. As organizations have worked to address and manage this type of fraud, however, criminals have continued to delve deeper into other areas of fraud (see Figure 1).* For example, refund fraud has become more prevalent in recent years, as have fraudulent activities related to customer impersonation, such as identity theft, account takeover and new account fraud. In the case of companies with less than $1B versus $1B+ in revenue, one significant difference emerges* – larger companies are significantly more likely than smaller companies to report an increase in refund fraud/orders not received fraud.

Merchants may also be facing different kinds of attacks based on the industry in which they operate. Companies with loyalty programs, for example, have been particularly vulnerable to identity theft and account takeover attacks, as criminals have generally found these accounts less well-protected. And while loyalty accounts may not contain actual funds, bad actors have found a way to turn the assets they contain, such as points, miles or hotel stays, into ready sources of cash. As one respondent from a hospitality company ($1B+ revenue) notes, “Identity theft and gift card fraud have been rising throughout the COVID-19 pandemic for us. We are taking steps, but it is increasingly difficult with more employees working from home.” Another (retailer with $1B+ revenue) shares, “We are mostly concerned with identity theft. That really seems to be the biggest hole.*”

Finding Effective Tools to Fight Evolving Threats

As merchants have turned their attention toward attacks that rely on taking over customer accounts, they have increased their monitoring of customer interactions. Password changes, updates to personal details and logins represent the most scrutinized areas among all companies (see Figure 2).* Larger merchants with more than $1B in revenues are also significantly more likely to monitor attempts to access an account from a new device than merchants with less than $1B in revenues.*

Merchants generally agree that the tools they use the most, 2FA/MFA (2-factor/multi-factor authentication), are among the most effective at detecting and preventing fraud, but these methods can introduce friction to the user experience, reducing sales conversion rates. Furthermore, fraudsters have been finding ways around these tools either by circumventing them or using alternative attack methods. As companies gain experience with other technologies, the most effective technologies (or combinations of technologies) for dealing with these new types of fraud will likely become clearer. For example, 66%* of respondents with experience implementing user behavior analytics now find it an effective method for preventing fraud. “User behavior analytics is a key method of measuring the trustworthiness of a user. Each person interacts with their keyboard and mouse differently which is why this data is very difficult to spoof,” says Andy Mortland, Vice President of Product at Accertify, Inc.

*Source: Arizent Research/PaymentsSource, December 2020/January 2021

Figure 2: Customer Interactions Most
Monitores by Merchants

Merchants generally agree that
2-factor/multi-factor authentication is among the most effective tools at preventing fraud, but it can introduce friction to the user experience, reducing sales conversion rates.

Figure 3: Customer Interactions Most
Monitored by Merchants

Areas such as refunding and returns fraud have long been a challenge for merchants, but solutions purpose-built to target these areas have only recently become available.

Andy Mortland
Vice President of Product
Accertify

Investing For The Future

As merchants look ahead this year in their fraud prevention journey, they are planning investments in a number of tools/resources (see Figure 3).* Some of these intentions reflect the next logical steps for addressing account takeover attacks and promotional abuse, such as hiring more people/fraud analysts and implementing advanced device intelligence solutions. Larger companies, which tend to have deeper pockets and more robust existing fraud detection and deterrence systems in place, are more likely than their smaller peers to bring in new people.*

As companies look to address more elaborate forms of attacks, the next logical step may not immediately be apparent. “Areas such as refunding and returns fraud have long been a challenge for merchants, but solutions purpose-built to target these areas have only recently become available,” says Mortland.

And as criminals adapt, resource-constrained companies may find it advantageous to partner with technology vendors to help them address evolving threats. Some evidence of this trend exists currently, as small to mid-sized companies (less than $5B in revenues) are 44%* more likely to partner with a third-party vendor to deal with mounting chargeback volumes than larger enterprises (21% for companies with more than $5B in revenues).* Whatever their plan, these companies understand that as fraudsters continue to evolve, so must they, seeking out the most effective and flexible methods. Monitoring account activity to prevent account takeover attacks without disrupting the customer experience will be critical for success. Ultimately, being able to skillfully adapt to deal with new and emerging threats can help protect a merchant’s reputation and bottom line. Staying a step ahead of the criminals will continue to be a huge priority moving forward, shares a retailer with $1B+ in revenues.

1https://uk.norton.com/internetsecurity-emerging-threats-over-1-billion-stolen-records-found-in-dark-web-discovery.html

2https://www.pwc.com/gx/en/forensics/gecs-2020/pdf/global-economic-crime-and-fraud-survey-2020.pdf

*Source: Arizent Research/PaymentsSource, December 2020/January 2021

Methodology

An online survey was conducted by Arizent Research/PaymentsSource in December 2020/January 2021 among 105 merchant respondents that offer products/services through e-commerce/online channels. Respondents had to be knowledgeable about payments fraud technology.

About Arizent Research

Arizent delivers actionable insights through full-service research solutions that tap into their first-party data, industry SMEs, and highly engaged communities across banking, payments, mortgage, insurance, municipal finance, accounting, HR/employee benefits and wealth management. They have leading brands in financial services including American Banker, The Bond Buyer, PaymentsSource, Financial Planning, National Mortgage News, and in professional services, such as Accounting Today, Employee Benefits News, and Digital Insurance. For more information, please visit arizent.com

About Accertify

Accertify, Inc., a wholly owned subsidiary of American Express, is a leading provider of fraud prevention, digital identity, device intelligence, chargeback management, and payment gateway solutions to customers spanning diverse industries worldwide. Accertify’s suite of products and services help companies grow their business by driving down the total cost of fraud, simplifying business processes, and ultimately increasing revenue. For more information, please visit www.accertify.com

Learn how we can help you provide a positive transaction experience for trusted customers while identifying and eliminating potential fraud threats.