Five Ecommerce and Fraud Trends to Expect in 2019
What does 2019 have in store for eCommerce and CNP fraud?
What does 2019 have in store for our industry? Here are five eCommerce and fraud trends that omnichannel retailers and online merchants should keep an eye on to protect their bottom line.
1. Emerging markets: The eCommerce battleground
This past summer, Walmart acquired a majority stake in Flipkart, an Indian eCommerce company. Experts anticipate that the Indian retail eCommerce market will more than double in volume by 2022, and this was a brilliant move by Walmart to capitalize on this activity. In fact, Amazon reportedly made Flipkart an almost identical offer. To build their own presence in the region from the ground up would take Walmart years, and with Alibaba and Amazon making their own plays, Walmart couldn’t afford to wait around.
It will be fascinating to see the steps these major eCommerce players take in 2019 to win greater market share in India and beyond. The massive payoff of being the first mover to get a foothold in an emerging economy means we’re likely to see companies making acquisitions in eCommerce markets like Indonesia, South Korea, Brazil, and Turkey.
2. More consumers will turn to alternative payment methods
Consumers are increasingly demanding fast, easy, and safe ways to shop and pay. Not coincidentally, this shift is happening as millennials surpass baby boomers in population size; according to a 2017 survey, US millennials are 41% more likely to shop via mobile apps than baby boomers, and they expect a seamless mCommerce experience.
Accepting payment from apps such as Venmo and Zelle is a good way to capture more market share and drive loyalty among younger shoppers. P2P payment methods growth is driven by mobile-first consumers (an estimated 40.4% of smartphones in the US will have a P2P app installed in 2019). Forward-thinking retailers who cater to millennials – such as Lululemon, Footlocker, and Forever21 – are already giving shoppers the ability to complete their purchases using mobile payment apps.
Offering new payment options requires merchants to update their fraud review practices – fraudsters often test newly launched payment and shopping flows in the hopes of uncovering vulnerabilities and loopholes. By analyzing mobile-specific data, and taking into account shopping preferences and fraud patterns unique to mCommerce, retailers can ensure good customers enjoy a streamlined shopping experience while bad actors are blocked.
3. More automation for a better omnichannel shopping experience
Both eCommerce retailers and their customers stand to benefit from the increased use of automation to boost omnichannel success. Many merchants today are setting up flows to automatically delist products that are out of stock (and alert marketing to stop promoting these products on social media). We’re also not far from an age where fully automated fulfillment and shipping centers will be the norm for online retailers. Merchants will benefit from drastically reduced operational costs, while consumers will get faster delivery, and no ‘item not in stock’ messages.
The downside is that automated flows when done wrong, can impede the customer experience and expose merchants to new fraud threats. For example, automating the BOPIS (buy online / pickup in-store) process often means shoppers need only a digital token or code to collect their goods. Requiring an ID when consumers pick up their goods could lead to long queues and can sour the shopping experience.
So, merchants need to be especially careful when reviewing these orders for fraud – otherwise, it’s just too easy for fraudsters to use stolen cards for click-and-collect purchases. They should be treated like orders for digital goods such as gift cards – specifically, with an emphasis on data points like IP addresses and device fingerprints while ignoring the shipping address.
4. Merchants will get better acquainted with referral abuse
Taking advantage of promos is not a new concept. Even back when merchants were offering coupons in newspapers, people were forging them, or going dumpster diving for extra copies. But while eCommerce promotions can be a valuable tool for online merchants, they are particularly vulnerable to all sorts of abuse.
One of the most common methods is promo abuse fraud. As the name suggests, these scams target promotions that reward customers for referring their friends. One MO is to create fake shopper accounts and refer these nonexistent people, in exchange for store credit. And if the terms and conditions require the referred customer to purchase something, these phony accounts can place orders, and then cancel or return them.
Why do we expect to see more such attacks in 2019? Well, coupons aren’t going anywhere (and merchants certainly shouldn’t stop offering them), but techniques for abusing them are getting more sophisticated. For example, some coupon codes can be hacked by using bots – an operation quite similar to the credential stuffing mentioned below.
5. More ATO attacks. A lot more.
From 2015 to 2016, losses from ATO attacks rose 61%. In 2017 they shot up another 122%. Riskified’s analysis has shown that 2018 saw a comparable increase in ATO losses to the year prior.
But when we predict that 2019 will see ATO attacks become even more widespread, it’s more than simple extrapolation. To explain why, here’s a quick refresher of how ATO attacks happen:
- Bad actors steal legitimate users’ login credentials, usually either through a data breach, or phishing attack.
- The data thief uses a bot to verify the credentials and check which eCommerce stores they work for. This is called credential stuffing.
- The thief either sells the credentials to a second fraudster on the dark web or uses them themselves to commit an ATO.
In 2018, we saw plenty of high-profile cybersecurity breaches, including data from Facebook and Uber accounts. There won’t be a shortage of compromised credentials for fraudsters to use in 2019. And then there are the disturbing trends in bot use. The rate of automated credential stuffing is rising on a monthly basis, and these attacks are also becoming harder to detect, as fraudsters embrace ‘Low & Slow’ stuffing methods.
As opposed to brute force attacks, which simply try to test as many credentials as quickly as possible, Low & Slow sacrifices speed to make these attempts appear more human-like and harder to detect. In 2019, merchants will have their work cut out for them protecting customer accounts. Learn more in our guide on the true cost of account takeovers.