Sift recently had the pleasure of leading three sessions and attending many more at the Merchant Risk Council (MRC) Spring 2021 Virtual Conference. Our Trust and Safety Architects, Jane Lee, Jeff Sakasegawa, and Kevin Lee, joined the lineup of esteemed speakers to provide expert insights on the inner workings of the dark web, the interconnected network of cybercriminals known as the Fraud Economy, and criteria for determining the optimal fraud prevention solutions for businesses’ needs. Here are a few of our Trust and Safety Experts’ top takeaways from the event.
Pandemic unpredictability leaves businesses vulnerable
The evolving state of the pandemic has forced businesses to adapt to the unpredictable. Many merchants were pushed to digitize on a rapidly accelerated timeline, having to deploy new capabilities like BOPIS, curbside pickup, and mobile apps without proper time to prepare. Dramatic fluctuations in the economy also meant that merchants had to balance unforeseen swings in supply and demand volumes.
While some established fraud teams were accustomed to dealing with the unpredictable nature of fraud attacks in the pre-pandemic era, the unprecedented disruption from COVID-19 left many businesses vulnerable and under-resourced. In fact, during the pandemic, 74% of merchants reported an increase in fraud attempts and 70% of merchants say they’ve experienced an increase in loss amounts, according to the 2021 MRC Global Fraud Survey.
Account takeovers are (still) on the rise
With more customers shopping online due to the pandemic, merchants have been introducing new or rebooted loyalty programs to entice shoppers. This is especially important to encourage consumers to continue shopping online as new omnichannel retailers strive to reach a much larger customer base. However, the increase in online traffic has also equated to an increase in fraudulent activity and account takeovers (ATO).
“Merchants should prepare for an increase in ATO escalations now—especially in verticals that are coming back post-Covid, e.g. travel—since consumers are going to start logging in again. Some customers’ travel loyalty accounts may have been breached and wiped out in 2020 but not realized by the account holder until well after the fact,” explained Kevin Lee.
Most businesses with an online presence have customer information for sale on the dark web, leaving both businesses and consumers susceptible to attack. This is largely contributed to by now-commonplace data breaches and the fact that 65% of online users reuse the same password for multiple (if not all) accounts.
“It’s not a matter of if, but when; compromised accounts that were bought or sold on the dark web will eventually show up at your doorstep, so it’s best to proactively prepare,” advised Jane Lee.
It’s safe for businesses to assume that their consumer information has been compromised, but it’s also important to not treat every customer as a culprit. Multi-factor authentication (MFA) and security notifications are prime tools for businesses to verify legitimate customers and weed out fraudsters. Having a robust ATO defense will not only deter cybercriminals but win the trust of VIP customers businesses can’t afford to lose.
Automation is key to staying ahead of fraud
A common struggle for fraud teams is the amount of time and resources spent on manually reviewing transactions for fraudulent behavior. The 2021 MRC Global Fraud Survey finds that 37% of a fraud team’s budget, excluding chargeback losses, is spent on manual review. This highlights an opportunity for businesses to turn to automation for help. Deploying machine learning technology capable of sifting through large volumes of data can help with identifying accounts that are funneled from dark web transactions. Leaning on machine learning can help take some of the burden off teams dealing with time-intensive manual review processes, allowing them to reallocate their time to other critical tasks.
Automation can provide an added layer of efficiency and assurance to overextended fraud teams in these unpredictable times. Utilizing machine learning is imperative for dealing with transaction volumes at scale—and particularly important for businesses juggling a new e-commerce structure without access to data that will help separate trusted from fraudulent customers.
The need for teamwork within the fraud prevention industry
There was a recurring sense of camaraderie and support felt among fraud prevention experts during the MRC Conference, similar to what’s been felt in the midst of this global pandemic—that in the face of adversity and unchartered territory, teamwork can be a guiding light.
In the fraud prevention industry, it’s understood that access to more data is crucial for improving machine learning capabilities that lead to more accurate, automated solutions. And the key to more data is opening up communication channels and fraud data between businesses.
As the world continues to evolve, communication is more important than ever. Businesses shouldn’t be keeping fraud trends and data siloed to their own teams and trying to “push through” when they’re overwhelmed—especially when there may be existing data available that could help. Businesses need to work together towards the shared goal of fighting fraud—because when it comes to trust and safety, it shouldn’t be about business vs. business, but businesses vs. fraudsters.
“One the best engineers I ever worked with said something to this effect: ‘I’m glad we got to work through hard fraud problems together. I’m also glad that those problems are over.’ While we are hopefully nearing the end of where we find ourselves, I have been inspired by hearing how merchants and solution providers alike have adapted to 2020 and 2021. We have pushed ourselves and learned more and grown in ways that I don’t think we would have in a normal business environment. Here’s hoping we all get a well-deserved break soon,” said Jeff Sakasegawa.
Curious how effective your fraud prevention strategy is? Take our Digital Trust & Safety Assessment to get custom recommendations from our Trust and Safety Experts.