As coronavirus advances payment options, fraudsters see dollar signs
The coronavirus e-commerce push is likely to be permanent as consumers get used to digital payments, but that also gives rise to new fraud threats.
The rapid change in consumer and merchant behavior as stores go online to stay open gives fraudsters new openings to steal payments credentials and hack into networks.
“Merchants are scrambling to cut costs, reduce the impact of fraud, scale efficiently, and deliver a consistent customer experience to meet rising consumer online buying behavior,” said Michael Reitblat, CEO and co-founder of Forter, a New York-based digital security firm that has tracked payment crime related to the virus landscape over the past month in the U.S. and Europe. “The aftermath of the pandemic will accelerate digital transformation among merchants as consumer shopping habits adapt.”Fraudsters are abusing work-from-home policies, since personnel are less aware of how remote access lends to fraud vulnerabilities.
Much of the social engineering fraud in this area comes in the form of fake human resources or corporate email and addresses requesting employees to click on a tab for more information — thus, sending victims to malicious sites.
Because all individuals are more available and expect to be contacted by customer support or service teams through electronic communications, fraudsters are taking advantage by issuing bogus warnings about the virus spread and seeking more information from consumers. Fraudster tools include creating fake or similar websites to those of government officials or embassies, or delivering official looking email.
The virus has created a good excuse for fraudsters to leverage data that may not match the expected data for an order when dealing with the delivery of products to a consumer, Forter reports. Fraudsters will create excuses for not being at a specified shipping address and asking for the goods to be delivered elsewhere, or requesting items to "please be left outside" to eventually be stolen.
“With more consumers experiencing buying online, we expect merchants who hadn’t considered e-commerce as a viable platform to now try it,” Reitblat said. “Merchants that had already adopted e-commerce struggle to meet this increase in demand. Working collaboratively from home and hiring to meet the volume creates obstacles for those who manually review transactions for fraud.”
Even though travel has decreased significantly during the coronavirus pandemic, fraudsters are in a "buy" mode. It has put security vendors and the airlines on high alert for loyalty program fraud. Because there are fewer flights to exploit, fulfillment of stolen miles and points might be delayed and it is likely that there will be a longer time between account takeover and fulfillment attempts in general.
Fraudsters are aware of the payments technology trends, especially since more consumers have had to turn to mobile payment options during stay-at-home edicts.
At some point, consumers will be back at physical store locations, including small businesses that became aware of new payment technology during the pandemic.
In research conducted with small businesses in January, just before coronavirus exploded in the U.S., Lehi, Utah-based Weave revealed consumers are increasingly interested in different payment methods and businesses that accept more options are likely to fare better in the future.
The virus "absolutely has an effect on the need to consider accepting more payment methods," said Jeff Lyman, chief product officer at Weave, which helps small businesses set up payments and communication channels with customers.
Thirty-five percent of customers are interested in paying with a text from their phone, but only 4% of businesses offer this payment option, according to the study of 380 small-business customers and 350 small-business owners commissioned through Trendcandy.
"One of the really surprising findings of the study is the large proportion of both older and younger customers who are interested in paying via text messaging," Lyman added. "It shows there’s a clear interest and need in faster, more convenient payment solutions that are enabled by modern technology. But industry norms have not caught up to that yet."
Only 16% of small businesses offer more than three forms of payment options, even though 43% of customers say they carry less cash today than they did a year ago.
However, 40% of small businesses accepting more payment types believe it will help them win over young consumers, the report noted. Still, a troubling 38% of small-business customers said they were unable to make a purchase at a physical store because their form of payment wasn't accepted.
In Forter's annual fraud attack index, which it released the same time as its special coronavirus report, attacks overall increased 19% when comparing the second half of fiscal 2018 with that of 2019. The dollar amount in fraud attacks increased by nearly three times the rate of volume increase in that time frame.
Of the various merchant or services verticals, hotels suffered the biggest increase in fraud attacks at 109%, with money services right behind at 90%, land travel at 86% and air travel at 72%.
"As commerce evolves, so too do fraudsters' methods of attack and exploitation," the report noted. "A rising level of sophistication in attacks, fraud and abuse methods comes at a time when user experience is key to overall business success."