The Evolution of Payments Fraud

Fraudsters are taking advantage of the increased number of transactions taking place online in today’s pandemic environment. Thanks to this shift, along with other recent payment trends like BNPL, the digital payments environment looks a lot different than it did just a year ago.

To get a better idea of the specific changes that have taken place, as well as those that have yet to come, we spoke with Vesta CIO Tan Truong. In our conversation, Truong offers his insight on recent payment industry trends, provides advice for merchants, and offers tips on how banks can help their small business clients fight payments fraud.

What recent changes have you seen in the payments space, and what changes do you foresee in the sector next year?

Tan Truong: The pandemic has really supercharged the acceleration of e-commerce growth – by some analyst accounts, the industry has jumped about five years ahead of its already steep growth trajectory. Total online spending in May, at the height of the pandemic, was up 77% year-over-year. But even many brick-and-mortar sales are no longer traditional in-store purchases, thanks to the rising popularity of curbside pickup options that allow consumers to make a purchase online and have merchandise dropped right into their car by a sales associate within minutes.

Unsurprisingly, fraud has also skyrocketed as consumers and retailers both look to prioritize health and safety by embracing contactless transactions. Some researchers are projecting that retailers will lose about $130 billion in revenue due to CNP fraud between now and 2023.

Buy Now Pay Later (BNPL) is the newest trend in payments. What type of risk management is required in this new frontier?

Truong: Buy Now Pay Later has seen incredible traction in markets like Australia and Latin America, but it has only recently started to take off here in the U.S., particularly among Gen Z shoppers.

One big area of risk here is around disreputable or fraudulent vendors taking advantage of the companies that offer BNPL services. If they haven’t properly identified whether it’s a legitimate or illegitimate merchant, they could easily fall victim to a scheme where a fake merchant submits falsified orders using stolen consumer PII, then collects payments for products it allegedly sold but did not ship. Since BNPL vendors assume the risk on these transactions, they would be left holding the bag.

In terms of risk for merchants, regardless of the payment method it is crucial that merchants follow established best practices to remain one step ahead of bad actors. There are several key areas they should be focused on to eliminate fraud and increase approvals:

  • Prioritize Anomaly Detection: Look for obvious irregularities in ordering habits which may suggest that a buyer is exploitative. These may include orders placed late at night during hours when customers are unlikely to be active, and orders for a high quantity of a specific product or at the upper end of the price scale.
  • Conduct a Digital Footprint Assessment: The four pillars of the digital footprint – device, IP, phone, and email – can provide crucial signals to understand the origins of a payment. For example, the lack of geolocation information or a mismatch between distances from the billing address to the IP geolocation can be a key indicator of fraud. Likewise, email addresses which are either linked to no-name providers or uncommon email hosting firms can be a bad sign, as can those that do not actually feature the name of the buyer. Email addresses that are just a string of letters and numbers are often a sign of randomization, a tactic often used by fraudsters to make identity detection difficult. Also keep a close eye on a customer’s phone number, since having multiple numbers associated with a single device can be a red flag.
  • Implement Data-Driven Machine Learning Strategies: Use fraud prevention tools that can build upon features and profiles targeting a range of factors – like user behaviors, session information, order history, and key attributes like products purchased, order amounts, times those orders were placed and shipping address. This is a much stronger approach than employing a rules-driven reactive strategy.

What are some things most merchants don’t think about when it comes to payments fraud?

Truong: Too many merchants are so hyper-focused on the idea of preventing fraud altogether that they hurt themselves in the long run. Nearly every merchant knows what their fraud rate is, but relatively few know their approval rate or understand the relationship between the two. A very low fraud rate isn’t necessarily a good thing. Depending on how the merchant got there, it may indicate that they are rejecting a large number of transactions. Most merchants don’t know how much revenue they are turning away through their fear of fraud. A shift in perspective is needed.

Fraud is a serious problem, and merchants really have no control over its growth; they can only control their reaction to it. If they are preventing fraud by rejecting any transaction where they’re not 100% certain of its legitimacy, there’s a very high chance they are suppressing revenue and turning away many genuine customers. False declines are a lot more damaging than many merchants realize. According to a recent report from Sapio Research, 33% of U.S. consumers said they would never again shop with a particular merchant if that merchant had falsely declined their payment.

Throttling questionable transactions is short-term thinking: it puts undue pressure on profit margins, reduces sales revenues and the number of good transactions accepted, and negatively affects customer loyalty and brand reputation.

How can banks help their small business clients in fighting payments fraud?

Truong: E- and m-commerce were supposed to be the great equalizer for small and midsized merchants, but they have been hardest hit by fraud as they are unable to match the spending power of larger companies who spend about $4 fighting fraud for every $1 of fraud committed. As a result, many smaller merchants combat fraud primarily by not approving any questionable transactions – an approach that inevitably has them leaving revenue on the table.

Banks can help their small business clients by incentivizing them to find and implement anti-fraud technologies that will go beyond limiting their fraud risk and help them prioritize maximizing revenues.

Vesta recently teamed up with data network provider Plaid. Tell us how this partnership can reduce nonsufficient funds.

Truong: Plaid provides a secure connection between consumers’ banks and the fintech apps they want to use, so the integration was a really important step for us. It allowed us to launch a Guaranteed ACH product that enables automated clearing house payments while reducing fraud and fees incurred from non-sufficient funds. Since Plaid is connected to more than 11,000 banks in the U.S., Canada, and Europe, the real-time visibility they provide allows us to get an accurate sense of a customer’s account status, minimizing a merchant’s risk around fraud or just bad budgeting on the behalf of a consumer.

Merchants have been very reluctant to accept ACH payments due to the time it takes to settle charges and increased risk of fraud involved. At the same time, ACH payments cost significantly less to facilitate than credit or debit card purchases – a gap that is especially eye-opening for large purchases. For example, a $5,000 transaction could cost the originator anywhere from $0.25 to $5 when made with ACH, or $90 if made with a credit card.

So the partnership with Plaid enabled our Guaranteed ACH offering, which in turn addresses two of the major barriers to broad adoption of ACH payments – speed and trust. It also opens up opportunities for millions of Americans with bank accounts but no payment cards to be able to shop online.

Photo by Azamat E on Unsplash