As ecommerce continues to grow, so do the opportunities for fraudsters to take advantage of both merchants and consumers. There are various perspectives regarding fraud migration to online transactions, including differing tactics to combat it. I reviewed the Merchant Risk Council's 2023 Global Ecommerce Payments and Fraud Report, which surveys the practices of more than 1,000 ecommerce merchants around the world.
Global ecommerce merchants saw average spending on fraud management tick up a point to 11 percent of annual ecommerce revenue. Small and medium-sized businesses doubled their spending on fraud management over the past year from 6 percent to 12 percent of ecommerce revenue.
Top four fraud attacks as reported by ecommerce merchants worldwide
- Phishing/pharming/whaling (43 percent): Phishing typically includes convincing a user to click on a malicious link. Pharming is executed via malware or as an interception when a user click is redirected to a malicious site. Whaling is a type of phishing that uses the identity of higher ranked officials to incite action.
- First-party misuse (34 percent), also known as friendly fraud or chargeback fraud: The consumer files a dispute, resulting in chargebacks or refunds to the consumer, who often keeps the goods.
- Card testing (33 percent): Criminals typically charge small amounts to test stolen card details on merchant sites. Once details are confirmed, they return with larger transactions.
- Identity theft (33 percent): Personal or financial information is stolen to conduct unauthorized transactions.
Fraud management costs are already a sizable portion of revenue. When a fraud attack happens, there may be additional costs incurred for dispute resolutions, loss of inventory, and gathering of evidence to name a few.
Merchants prepare for battle against friendly fraud
Merchants reported a 62 percent increase in first-party disputes since 2021. First-party misuse can have many drivers, including an attempt to obtain free goods or a refund. The estimated cost to manage first-party misuse is $35 per $100 in disputes, in addition to the cost for a service used or an item lost.
Due to the significant cost and rise of disputes, merchants are adopting some approaches:
- Revoking access to services or purchases
- Clarifying and posting return policies
- Requiring card verification value codes to process card payments
- Monitoring transaction data for anomalies
- Checking customer purchase histories
- Filing formal disputes on fraudulent chargebacks with financial partners
The card networks have the compelling evidence (CE) rules to help merchants fight illegitimate chargebacks. The rules may differ by network and merchant type. Visa has estimated that up to 75 percent of all chargebacks are friendly fraud. According to the Merchant Risk Council report, 9 in 10 merchants currently participate in the CE process and expect the latest rule updates to help them.
Merchants will need to continue to deploy a variety of tools to reduce their fraud rates and costs. Let's hope they succeed so they don't have to pass the costs back to us.