We sat down with Jane Lee, Trust and Safety Architect at Sift, to discuss the results and key takeaways from their recent Q1 2023 Digital Trust & Safety Index report.
1. What is the reason for such a high percentage of consumers (62%) experiencing payment fraud multiple times?
There are two primary reasons why many consumers become victims of payment fraud multiple times – the increasing sophistication of fraudsters and a lack of preparedness from consumers and businesses.
In the Fraud Economy – the self-supported ecosystem that paves the way for repeated fraud – cybercriminals take optimal advantage of victims by utilizing the same stolen payment information multiple times across an array of sites and apps. The use of easily accessible platforms like Telegram also means it is easier than ever for fraudsters to co-mingle with everyday people looking to score a deal or buy payment card information.
For consumers, the daily onslaught of data breaches and targeted phishing continue to make them easy targets, especially as fraudsters gain access to incremental PII to make up full consumer profiles. Meanwhile, many businesses are hamstrung by legacy fraud prevention solutions and/or under-resourced fraud teams.
2. Why are B2C merchants experiencing such a huge uptick in payment abuse. Is this because of a new tactic, or something they are missing? How can they plug this leak?
B2C merchants experienced a 64% uptick in payment fraud this past year because they are the face of consumer-directed scams. Additionally, their digital goods and services are desirable in the not-so-underground Fraud Economy.
Using a fraud-as-a-service approach, cybercriminals can buy and sell stolen payment data on the Deep and Dark Web and commit fraud on behalf of their paying customers. Those who purchase stolen payment data are often other fraudsters, but also fraud-curious consumers who can freely join the fraud forum and are looking to take advantage of lucrative deals on products and services they want.
Marketplaces are especially vulnerable to fraud because they are, by nature, multi-sided. We often encounter “collusion” tactics, where a fraudster sets up fake profiles for both sellers and buyers and builds up their reputation on the site with fake orders to lure legitimate buyers. We also see this type of collusion used for card testing purposes.
To better protect against these and other fraud attacks, marketplaces in particular should ensure they properly address both buyer and seller side fraud. Machine learning is a critical components of fighting any kind of fraud at scale, but with collusion, ML can specifically connect the dots between phony buyers and sellers by looking at the connections between the two personas like IP addresses, velocity, text similarities in listings, and reviews, and thousands of other signals. When ML is paired with relevant datasets, and insights are surfaced for fraud teams, businesses can mitigate this type of fraud and minimize friction for the 99% of their customers who use their platforms for legitimate reasons.
For merchants to better protect themselves from increasingly advanced and widespread fraud attacks, having the right technology and strategy is key. Organizations should leverage a fraud prevention platform that leverages real-time machine learning to not only reduce manual efforts and automate processes but to also quickly identify and respond to emerging threats. Implementing this type of technology alongside a Digital Trust & Safety strategy will enable merchants to stop payment fraud while growing the bottom line.
3. What impact is the increase in BNPL fraud having on merchants? Are we seeing them make adjustments, and if so, how?
The 211% increase in buy-now-pay-later (BNPL) attacks year over year is alarming. To an extent, this is to be expected since fraud attack rates are typically high for emerging payment methods, as fraudsters excel in finding security weaknesses in fast-growing, but less mature payment options.
Earlier this year, Sift discovered scammers employing fraud-as-a-service schemes specifically targeting the BNPL market. In Telegram fraud forums, scammers advertise their access to stolen payment information for a fee, positioning them as deals. Other people in the forums will contact a scammer and share what they would like to purchase. The scammer then makes a BNPL purchase with no intention of paying for the transaction, using stolen BNPL accounts or credit card information to buy items. In the end, this fraud forces either the real account owner or the BNPL provider to foot the bill while the scammers walk away with no consequences.
4. Why do you think the friendly fraud rate (16%) is so high?
While Sift has discovered an uptick in consumer-driven payment fraud, it is important to distinguish this spike as different from friendly fraud, which is related to consumers filing fraudulent chargebacks or disputes.
The fact that 16% of consumers admit to committing or knowing someone who has committed payment abuse is a tell-tale sign of what we call “the democratization of fraud.” Similar to how software providers work to make their platforms more accessible to a wider range of fraudsters have productized their attack methods for anyone to find and use. In doing so, this has opened up new revenue streams for cybercriminals that go beyond pointed attacks.
In recent years, government agencies have cracked down on certain parts of the Dark Web, causing cybercriminals to migrate toward the Deep Web – a part of the internet not indexed by search engines – and use encrypted platforms to commit illegal activity. Coupled with an increase in deep web “recruiting” hitting consumers on platforms like Telegram and TikTok, fraudsters can now scale their own networks and activities while profiting from the expansion, in addition to reaping the rewards of successful breaches.
5. What do you think is the main takeaway from the report?
I think one of the most compelling parts of the report is the way it outlines how fraud is being democratized. The fact that 17% of consumers have encountered online offers to commit payment fraud demonstrates how easy and accessible fraud has become among everyday internet users, whether they choose to participate or not. This poses an expanding risk for all businesses, especially merchants, who remain a top target for payment attacks. We’re almost certainly going to see expanded use of these platforms to lure consumers into becoming cogs in the Fraud Economy, especially as inflation and unease in the legitimate economy persist. Merchants should keep a close eye on these trends and work with their fraud prevention solution providers to make sure they’re able to properly adjust their risk thresholds and monitor for emerging fraud patterns.