Into the Unknown: Sift’s Trust and Safety Architects on Fighting Fraud in the Face of Global Disruption
By Arwen Heredia /
25 Mar 2020
Every corner of the world is reeling from the unexpected upheaval caused by COVID-19. For merchants everywhere, it hasn’t been a shift; it’s been an outright shock to all segments of business. Concerns about scattering customers and virtual workforces make each day different from the last, leaving leaders and teams with operational blueprints that no longer seem to apply—and customers with demands that are no longer being met.
While companies scramble to figure out what business looks like in the face of a global pandemic, fraudsters are discovering more opportunities than ever to hide behind unexpected customer behavior and exploit community unrest. Widespread coupon scams, fake charities, vicious malware, credential testing, and snake oil vaccines are only a handful of the digital schemes piggybacking on this public health crisis.
To help businesses understand what to expect in the coming weeks and keep consumers safe from fraud as the situation evolves, Sift’s Trust and Safety Architects (TASAs)—Kevin Lee, Jeff Sakasegawa, and Brittany Allen—came together to discuss how this pandemic is directly driving fraud, what Trust and Safety teams can do to adapt quickly, and why leaders should continue looking towards the future.
Fine today, fraud tomorrow
Trust and Safety teams depend heavily on patterns. Regardless of the individual strategies in place, it’s fraud’s predictability—and the common behaviors of trusted consumers—that makes large-scale prevention and mitigation possible. Some teams might be using a fraud solution that requires manual rules to keep a cap on order volumes and values; others might be taking a more sophisticated approach with real-time machine learning and vast data networks. But when an event with global impact disrupts that steadfast predictability, says Sift TASA Kevin Lee, fraud prevention teams need to shift focus away from normal expectations and consider the events at hand.
A key example comes with how fraud analysts look at purchasing signals to determine the legitimacy of transactions. Users that are typically trustworthy, faced with the prospect of scarcity, may now behave unexpectedly, making higher-volume purchases or running cards repeatedly even after they’ve been declined.
Teams using rules-based solutions might see normal thresholds for order volumes, values, or duplicate items being breached as customers stock up on things like hand sanitizer and toilet paper. Even with the superior adaptability that machine learning provides, models may take additional time to account for erratic consumer behavior. So, it’s important that Trust and Safety teams consider how rapid changes in consumer behavior might throw off expectations about what is and isn’t fraud.
Lee suggests that analysts keep context top of mind. The environment around us is, in some ways, evolving every few hours. Merchant fraud teams may find that they need to send more transactions to manual review, or lean more heavily on senior team members to make decisions when presented with situations they’ve never seen before.
To maintain as much efficacy as possible, it could fall to business leaders outside of the fraud team to provide relevant, top-down policies for analysts to follow in the immediate future—e.g., directives on how to process disputes, existing guidelines to set aside, and how to handle changing demands. Trust and Safety leaders might also consider creating temporary directives around things like order volume; it may make sense to allow larger-than-usual orders of things like hand soap, but you’ll still want to continue requiring additional verification for purchases of, say, multiple mattresses.
By presenting a united front and approaching fraud prevention as a business, analysts will feel more confident in their decisioning (and contingency plans) during times of disruption.
Emerging risks: Big spenders, bogus BOPIS, and rising friendly fraud
So much of business-as-usual is suddenly up in the air, but it’s still possible to make educated assumptions about fraud patterns. Based on historical economic data, our own new research, and what we know about typical fraudulent behavior, here’s what Sift’s TASA team suggests businesses do.
Watch out for increased order volumes and use of alternative payment methods.
According to our recently-released Digital Trust & Safety Index, fraudulent purchases are about three times greater in value than a typical legitimate order. And while it’s true that the pandemic has resulted in some abnormal behaviors by average shoppers, companies can still count on fraudsters to push their luck—perhaps even more in the coming weeks, now that shelter-in-place directives have inspired widespread stockpiling.
When it comes to alternative payment methods, our report found that fraudsters continue to take advantage of digital wallets and gift cards, both of which are more likely to be used fraudulently than regular credit card payments. As consumers turn to online shopping experiences during mandatory quarantines, expect these payment methods to become increasingly compromised.
Beware of BOPIS vulnerabilities.
Under the umbrella of social distancing, customers will turn to shopping options that involve less human contact, e.g., “buy online, pickup in store” (BOPIS). In the short-term, this does open the door to fraudsters who will no longer face friction points like providing identification or signatures—security measures that organizations like FedEx are temporarily suspending to comply with social distancing requirements. Additionally, there could be a surge in account takeover (ATO) as credentials and credit cards are hijacked to place orders for in-store pickup, with fraudsters adding their own email addresses or names to account information to bolster the appearance of legitimacy.
The silver lining? Businesses, small and medium-sized businesses in particular, can look at this growing demand for BOPIS as an opportunity, says Sift TASA Jeff Sakasegawa. Consider what it might look like to scale supply chain, purchasing, and delivery operations to serve a broader audience when brick-and-mortar costs have changed—perhaps you’ve reduced store hours and staffing needs, or adjusted inventory to meet new demands. How can you improve the mobile buying experience? What processes could you put in place to drive efficiency from warehouse to pickup, or reduce friction for customers shopping online?
Prepare for more chargebacks, fluctuating users, and false positives.
An unfortunate byproduct of the current crisis is, and will be, an increase in chargebacks and false positives. Compounding this is the fact that some industries—particularly vendors selling food and household products—will see more new customers and greater diversity in buyers than ever before, as consumers who previously shopped in-store switch to online storefronts. False positives are likely to go up, too, without historical data to inform whether or not transactions are legitimate.
Sift TASA Brittany Allen warns that even merchants with more flexible refund policies will likely see an uptick in chargebacks, as consumers and businesses alike face sudden, unexpected financial restrictions. While many of these incidents might qualify as friendly fraud (i.e., when someone uses their own credit card to buy something, receives the item, and requests a refund anyway), it’s important to understand that some will happen as a means of survival. Users and businesses that would ordinarily never commit fraud may deem it necessary to do so in order to free up lines of credit or supplement a dwindling income.
When in doubt, Allen advises businesses to look at previous seasonality and YoY patterns for clues and cues, but bear in mind that they’re going to be disrupted for the duration of the pandemic—and long after things have settled down, too.
Trust and Safety first: Advice for merchants and consumers
The best laid plans of companies and customers often go awry—something that’s true even on the most typical of days. As we adapt to new normals over the coming weeks, merchants and consumers will be presented with some unsettling truths about fraud. How can we cope while staying secure?
Merchants: Empathize, engage, and expand your FAQs.
Merchants already know that misinformation and fraud rise in tandem with public unrest. Show that your business is aware of customer challenges by demonstrating empathy, proactively engaging customers with educational information, and always communicating with transparency. Here’s what businesses can do in the immediate future:
- Make it simple for shoppers to locate information on discounts, product availability, and how to report spam and scams. If your customer service forms and contact information are buried in the footer of your website, move them to a more prominent location. Encourage people to submit requests when they can’t get through on the phone, and always be patient (particularly when asking for patience). Send out communications to your email base and social media followers on where to go to contact your business, and reiterate where customers can find up-to-date offers.
- Remind customers and employees about cybersecurity hygiene. A simple warning about the possibility of phishing emails and your company’s stance on fraud could be the difference between protecting your users and inviting rampant ATO. Consider sending an email or posting a blog affirming that your business is taking steps to ensure customer security, and detailing further precautions that consumers can take to stay safe online.
- Add and advertise FAQs. Whether detailing refined cleaning procedures or explaining shipping delays and limited inventory, additional information is always better than no information at all. Keep consumers aware of what you’re doing and what they can expect, so that they know your company has a vested interest in continuing to serve them as best as possible—while keeping them healthy and protecting their personal information.
Dear consumers: Don’t rush in.
The Sift TASAs offer one final tip for consumers specifically: don’t panic. It’s easier said than done when you’re sitting in your own echo chamber of uncertainty, and every store within ten miles of your home is out of bread and tissues. But, as much as possible, try to remember how you might react to certain situations as though the world was not experiencing a public health crisis.
In other words, take a moment to step back from what’s being presented to you. If you wouldn’t ordinarily transfer all of your money to a stranger promising a vaccine, or believe that a store was offering $200 of free groceries, there’s no reason to do it now. Information overload is very real, and unfortunately, community unrest is an ideal breeding ground for fraud and misinformation. Consumers can avoid a lot of it by allowing themselves time to be as thoughtful as they would normally be, and resisting the urge to simply react.
To hear more from Sift’s Trust and Safety team, watch our Strength in Numbers virtual event session, 2020 Fraud Trends and What to Expect.