SPF 100: Stop Payment Fraud this Summer so You Don’t Get Burned
By Kathryn Schneider /
22 Jun 2021
The summer of 2021 has much of the world abuzz with the hope of returning to “pre-pandemic normal” as restrictions lift and the economy braces to bounce back. But the projected increase in summer spending also opens up opportunities for fraudsters to take advantage of the re-emerging economy.
During a recent webinar, Brittany Allen, Trust and Safety Architect at Sift, and Mélisande Maul of The Paypers, took a deep dive into the world of payment fraud ahead of what is bound to be a record summer of abuse. Allen revealed why fraud rates skyrocket during the summer months, the unfolding impact of lockdown emergence and reopening, and practical tips you can use to avoid getting burned by fraudsters.
Summer fraud trends
It’s widely known that cybercriminals are prepared to exploit predictable changes in order volume and values that take place year-round. But there’s a misconception that fraud rates—the ratio of attempted or successful fraud orders against legitimate orders—spike during the holiday season. In fact, year after year, Sift has found that the day with the highest attempted fraud rate actually occurs during the summer—June 26th in 2020 and August 11th in 2019.
There are many causes for this summer fraud spike. Allen finds that many fraudsters have more time off from their day jobs to focus on their side fraud gig, taking advantage of summer vacations, holidays, and paid time off (PTO). Many fraudsters see this time as an opportunity to earn “summer flex money” to pay for their own vacations. There are also more occasions to exploit during the summer months, such as special events and travel. Lifted COVID restrictions also mean an increase in travel volume for fraudsters to tap into and hide behind.
The pandemic lockdown gave cybercriminals ample free time to enhance their fraud tactics. To show just how advanced some of this technology can be, Allen provides an example of a fraudster’s software program that creates a 3-D model of a face to pass selfie security checks, which is then sold as a tool to other fraudsters.
Reopening after lockdown
After being cooped up at home for over a year, many consumers are ready to get back to their social lives with extra cash to spend, eager to make the most of their newfound freedom. Fear of missing out (FOMO) is bound to be rampant among those intending to make up for lost time, sparking a rapid increase in spending on dining out, shopping, travel, and live entertainment.
With the return of travel and events this summer, more consumers will drop their guard and be on the hunt for cheap tickets and deals, making it a prime time for fraudsters to swoop in with scams. Many will be going back to in-person work and engaging in more social functions, which means the need for a new sweatpant-free wardrobe. This increase in spending provides fraudsters with more chances to launch attacks and disguise their motives with upticked web traffic. And as more consumers begin using loyalty points and gift cards again, merchants should be on the lookout for fraudsters trying to drain these accounts and cards.
Chargeback fraud can also be a significant burden on business—refund fraudsters know exactly how to manipulate merchant policies, especially those that don’t question refunds under a particular dollar amount. This puts merchants in a tough spot—balancing the desire to build customer loyalty through a generous refund policy, with the need to implement stricter rules that deter fraudsters.
Another key trend to be mindful of is the increase in fraudulent transactions made on mobile devices. For fraudsters, mobile phones are often their device of choice due to their ease of use and ability to wipe clean and reset without hassle. Their cheaper price point to desktop devices also makes it easier for fraudsters to operate a warehouse of devices—often used to produce fake clicks and views on fraudulent listings to create the illusion of a legitimate reputation.
“The more people do with a mobile device, the more options it gives to fraudsters for what they can do to commit fraud online. And so I think this is extremely important, and merchants need to be educated and aware of where that activity or traffic is coming from,” explains Allen.
Scaling fraud operations
With these trends and projections in mind, Allen provides a holistic solution for monitoring and fighting fraud, starting from the ground up.
High-volume digestible data ingestion
It’s first crucial to take a close look at all of the user data you have on hand and determine what you can leverage to your advantage. Depending on how much data your site collects from users, you could have a whole wealth of information, including but not limited to:
- Phone number
- Email address
- Date of birth
- Identification information
- Personal preferences
- Payment card information
- Device information
- Purchasing and ordering
- Demographic information
- Navigational information
- Transactional information
- Audio and video information
- Web beacons
It’s important to monitor any kind of aberrations in user behavior, like if all of a sudden they’re logging in with a different method, which could mean their account has been taken over. One merchant has even been able to weed out fraudsters by detecting which devices have alarms set up, knowing that the vast majority of legitimate users utilize their phone alarms, whereas a cybercriminal with multiple devices may not.
Manual review can be time consuming, a drain on resources, and prone to error. Especially when working with such massive volumes of data, machine learning technology can be a great advantage for fraud detection. By employing a machine-learning model, you can more accurately and efficiently monitor users’ identity, behavior, transactions, and patterns of similarity. Allen reveals that her team at a prior role was able to distinguish fraudsters from trusted customers by looking at how users input signup information. Users who type in their information at signup—versus those who would copy and paste their information—were determined to be legitimate since real users would rarely need to copy and paste their own name.
Workflows and rules automation
Merchants should also be ready to write new rules and be prepared to respond quickly to any kind of attack that looks suspicious. But it’s not all a matter of squashing the bad actors—successful merchants know that they must also invest in improving the user experience for their true users in order to build loyalty and trust.
Analyst tools and feedback
Allen outlines a few tools that can be useful in sifting through data to make decisions. One is the user story or session history—ask yourself what your trusted users look like and whether any new activity makes sense or raises questions. Utilizing a single, organized dashboard can be vital, allowing agents to access everything they need without jumping from tab to tab. It’s also important to not only surveil binary positive or negative signals, but neutral signals and patterns that may be a little more subtle. Having a network view can be useful to see what variables are shared between accounts, such as IP addresses or geolocations. And lastly, the ability to take action at various points in the transaction lifecycle—even if it’s just preventing future and subsequent purchases from the same suspicious user.
Fraud teams can also benefit greatly from an organized and easily accessible reporting system. This may include chargeback rates, refund rates, ATO rates, promo abuse rates, customer insults, manual review, and block rates. By visualizing this information all in one place, you can more easily identify patterns that can inform your fraud-fighting approach.
To get more insights on summer scams and merchant fraud-detecting stories, check out the webinar.
Kathryn Schneider is Sift’s Content Marketing Manager, specializing in digital content that sparks lasting impact. She’s an avid hiker, art enthusiast, and dedicated nonprofit volunteer.